If for some reason, you ever wanted to use your Windows computer without any antivirus software (which is highly not recommended for the majority of people), there’s a new tool for that. A researcher known as es3n1n has created Defendnot, a tool that tricks Microsoft Defender into believing another antivirus product has been installed, so that it no longer runs.
How it works
Right now, Windows Defender is set up to run automatically if no other antivirus program is installed on a Windows machine. Even if you turn it off, it will turn on the next time you restart your computer. The only way to disable Windows Defender is if another antivirus program is installed. In that case, Windows Defender is automatically disabled to avoid any conflicts.
Defendnot tricks Windows into believing another antivirus program is registered by using an undocumented Windows Security Center (WSC) API, bypassing all validation checks. It does this by injecting its DLL into Taskmgr.exe, a system process signed and trusted by Microsoft. Then it registers the fake antivirus along with a display name.
The predecessor to Defendnot is a project called no-defender, which used code from another antivirus product to trick Windows. The antivirus vendors filed a DMCA takedown, and the tool was eventually pulled from GitHub. Es3n1n explained their reasoning:
“Then, after a few weeks after the release, the project blew up quite a bit and gained ~1.5k stars, after that the developers of the antivirus I was using filed a DMCA takedown request and I didn’t really want to do anything with that so just erased everything and called it a day,” the developer explains in a blog post.
What now
While it may seem like a baffling undertaking for those of us who like our computers to be continually protected, this research could help develop future security tools, since the project demonstrates how one can bypass security features of trusted systems.
Meanwhile, Windows Defender has already begun to be aware of the tool and has started flagging downloads of the Defendnot tool, quarantining it as a Trojan.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.