12-05-2025
Warning — Microsoft Windows Defender Can Be Disabled By Hackers
Defendnot tool disables Windows Defender.
There have been some concerning news headlines for Microsoft users over the last few weeks. From the confirmation of a 10/10 cloud security vulnerability, to Windows denial of service attack methods that have yet to be fixed, and the inevitable password-stealing warnings impacting Windows users. Today, however, might be the most alarming news of all: hackers can now disable Windows Defender using a newly released security tool. Here's everything you need to know about Defendnot.
There are a number of antivirus, anti-malware, and internet security solutions available in today's crowded marketplace. Most will charge you a hefty annual subscription fee, but some of the best ones are free. One of the latter, and widely regarded as one of the best, is Windows Defender, which comes as a default offering with the Windows operating system. Whereas Windows Defender used to be seen as 'better than nothing at all' in the eyes of those who test such solutions, it has quickly risen in the ranks to become a security bulwark that competes with the best of them in protecting users from threats. That assessment might need to change following the release of a new tool that can directly disable Windows Defender and its associated protections on Windows.
While not the first method to successfully bypass Windows Defender, Defendnot is undoubtedly the most straightforward: it works by getting Windows Defender to disable itself.
A security researcher and reverse engineer known as 'es3n1n' has confirmed that Defendnot, an update to an earlier project called No-Defender, could disable Windows Defender by convincing the operating system that an alternative antivirus solution was already installed. Defendnot came about when some friends asked if it was possible to create a No-Defender tool that used a clean implementation without relying on any antivirus software at all. Or, rather, no third-party antivirus code to insert itself in the process.
'The part of the system that manages all this mess is called Windows Security Center - WSC for short,' es3n1n said. By using undocumented application programming interfaces that are only shared with certified antivirus vendors, and under a strict non-disclosure agreement, es3n1n has managed to convince Windows Defender that such an alternative solution is already installed without any third-party AV code being required.
Defendnot has now been published, which means it could soon be in the hacker armory of anyone who looks for it. I have reached out to Microsoft for a statement about this concerning Windows Defender bypass development.
