Windows PCs at risk as new tool disarms built-in security

Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running.

The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation.

The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in.

Defendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer took the project down and walked away from it.

With Defendnot, the creator rebuilt the core features using original code. This version avoids copyright issues and uses a new method to achieve the same effect. It does not rely on another antivirus or third-party binaries. It was written from scratch to demonstrate how simple it is to manipulate Windows security from inside the system.

Microsoft Defender currently flags the tool as a threat. It detects and quarantines it under the name Win32/Sabsik.FL.!ml. However, the fact that it works at all points to a weakness in how Windows handles antivirus registration and trust.

While Defendnot is a research project, there's a chance that similar tools are already out there and could be used to compromise your PC. Here are a few tips to help you stay safe:

2. Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled).

3. Avoid running unexpected commands: Never paste or run commands (like PowerShell scripts) you don't understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.

6. Invest in personal data removal services: Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites. These services collect and publish details like your name, address and phone number, making you an easier target for identity theft or phishing. Automated data removal services track down these sites and submit removal requests on your behalf, helping to reduce your digital footprint and increase your online anonymity. While they can't erase every trace of your information, they make it significantly harder for attackers to find and exploit your personal data, which saves you time and reduces unwanted spam in the process.

Defendnot points to a bigger issue with how Windows handles security. It takes a feature meant to prevent software conflicts and turns it into a way to completely disable protection. The system assumes any registered antivirus is legitimate, so if attackers can fake that, they get in without much resistance.

We often think of security as blocking the bad and trusting the good. But this case shows what happens when that trust is misplaced. Defendnot doesn't sneak past Windows defenses. It walks right in using valid credentials. The solution isn't just more patches or stronger malware signatures. What we need is a smarter way for systems to tell what is actually safe.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.