Native Win32 · ~300 KB · Zero dependencies

Toggle Windows Defender
in one click

A native Windows tool that turns Defender off and back on from a single button, writing a registry backup and a restore point first so every change can be undone

Download for Windows View source

Defender Control running in Simplified Chinese

Rust · MSVCWin32 + GDIDWM borderlessTrustedInstaller4 languages

Features

Everything in one window

The whole tool is a single owner-drawn Win32 window that opens instantly and behaves the same on every machine

One-click toggle

One button switches real-time protection, antivirus, tamper protection, services, and drivers together, and its label follows the current state.

Backup & restore

The tool exports your Defender registry before disabling and restores it on enable. If no backup is found, it applies known-good defaults.

TrustedInstaller-level

It runs under a TrustedInstaller token to write the protected keys and PPL services that ordinary administrator rights cannot modify.

Watch mode

An optional logon task re-applies the changes the moment Windows tries to revert them. It waits on a registry event, so idle CPU stays near zero.

Live status

A status dot shows the overall state, with separate indicators for real-time, antivirus, and tamper protection, plus a per-service detail panel.

Native & tiny

Written in Rust against Win32 with hand-drawn GDI. The release binary is around 300 KB and ships with no WebView and no runtime dependencies.

How it works

Recorded on the way down, replayed on the way back

Disabling runs under a TrustedInstaller token and is captured in full, so enabling restores the previous state exactly

01 · Back up

Snapshot & restore point

Before any change, the tool creates a System Restore point and exports the Defender registry keys it is about to modify.

02 · Suppress

Apply under TI token

Policy keys, service Start types, WdFilter altitude, PPL flags, Set-MpPreference, and an IFEO block on mpcmdrun.exe.

03 · Watch

Hold & reverse

Watch mode waits on the key with RegNotifyChangeKeyValue. Enabling imports the backup and restores every default.

Languages

Four languages, detected automatically

简体中文, English, 日本語, and 한국어, detected from your system language and remembered when you switch

Under the hood

Built close to the metal

There is no framework in between, so the binary calls Win32 directly

~300KB Stripped release binary

0 Runtime dependencies

~0% Idle CPU in watch mode

suppression-surface

policy     Defender policy registry keys
services   driver & service Start types
altitude   remove WdFilter altitude value
ppl        strip service PPL flags
mp         Set-MpPreference (PowerShell)
ifeo       block mpcmdrun.exe
token      impersonate TrustedInstaller

Take control of Defender

Download the latest release, or build from source with cargo build --release

Download for Windows View on GitHub

Use at your own risk

Disabling Defender reduces your system's security. Use it only on machines you own. The tool creates a restore point and a registry backup, but you remain responsible for how you use it.

Toggle Windows Defenderin one click