The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation


Essential Windows Services: Microsoft Defender Antivirus Service / WinDefend

Microsoft Defender Antivirus Service

What is the Microsoft Defender Antivirus (WinDefend) Windows Service?

The WinDefend service is part of Microsoft Defender Antivirus — a real-time, anti-malware solution distributed with the Windows operating system.

On computers where Microsoft Defender is the primary antivirus deployed, the WinDefend service is set to start automatically at boot. Furthermore, Windows sets permissions to make it nearly impossible for anyone to stop the service:

WinDefend starts automatically at boot

However, on systems where another antivirus package is in charge, the Microsoft Defender Antivirus service takes a back seat. Instead of starting automatically, the service will start manually — only on demand:

WinDefend will start on demand

And as you can see in the screenshot above, the service isn’t “locked down” either. An administrator can easily start, stop or restart it.


What happens if I stop WinDefend?

It depends on how your system’s configured.

If you have another antivirus package installed…

First, if you’ve installed another antivirus package, stopping the WinDefend service won’t cause any problems. In fact, it’s probably better not to run the service, to avoid conflict with your main virus protection software.

For example, we rely on Avira Security to protect our PC. And things work beautifully when the Defender Antivirus Windows Service is stopped:

The WinDefend service is stopped when Avira Security is installed

If Defender is the primary/only antivirus package installed…

On the other hand, if Microsoft Defender is the primary antivirus package protecting your computer, it will be difficult to stop the WinDefend service. That’s by design; Microsoft wants to ensure that your computer is always protected from attack. As such, you’ll notice that the service is “unstoppable” from the Services application:

The Microsoft Defender Antivirus service is unstoppable

And any attempts to stop WinDefend with the NET or SC commands will fail with “access is denied” errors:

Access denied when stopping WinDefend

But if you’re the persistent type and you do manage to stop the WinDefend service — perhaps by following this helpful video — the effect will be straightforward. Your computer won’t be protected from malicious actors. Please be careful, especially if you’re connected to the Internet!


Is it OK to disable the Defender service?

Again, it depends on your situation and what you’re willing to accept.

You can easily disable the Defender service if you have a third-party antivirus package installed. That’s completely fine.

But if Defender is your only line of defense, disabling WinDefend will leave your computer vulnerable to attack. Is that acceptable in your situation? Only you can say.


Questions? Problems?

If you would like to know more about the Microsoft Defender Antivirus service, or you have a specific problem, please feel free to get in touch. We’ll do our best to help you!

Posted in Windows Services | Tagged , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *