To disable real-time scanning on Microsoft Defender Antivirus (part of Microsoft Defender for Endpoint) using PowerShell on a Windows 11 PC, use the following command:
Set-MpPreference -DisableRealtimeMonitoring $true
Notes: #
- This command must be run as Administrator.
- Disabling real-time protection is temporary. Microsoft Defender will usually re-enable it after a reboot or a certain period, especially on managed (e.g., Intune or GPO-controlled) devices.
- If tamper protection is enabled, this setting may be blocked or reverted.
- On endpoints managed by Microsoft Defender for Endpoint (MDE) or Intune, real-time protection settings may be controlled by policy and cannot be changed locally.
To re-enable real-time protection: #
Set-MpPreference -DisableRealtimeMonitoring $false