Malware can no longer disable Microsoft Defender via the Registry

This is a good news story tempered by the feeling that I’m sure malware authors will have or develop other ways to turn off AV programs…:

[…] In an update to the DisableAntiSpyware documentation, Microsoft states that the DisableAntiSpyware value will now be ignored and no longer used to disable antivirus software.

“DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we’ve decided to remove this registry key. This change is included with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher KB 4052623. Enterprise E3 and E5 editions will be released at a future date. Note that this setting is protected by tamper protection. Tamper protection is available in all Home and Pro editions of Windows 10 version 1903 and higher and is enabled by default. The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected.”

Microsoft also stated that if a user removes their installed antivirus solution, Windows Defender will automatically turn back on to protect them.

“Consumers may choose to run another AV solution, but if for any reason that solution is turned off, Microsoft Defender AV will turn itself back on to ensure there is no gap in protection for the user. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected,” Microsoft told BleepingComputer.

[…]

Original article here