https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/ > A new tool called 'Defendnot' can disable Microsoft Defender on Windows devices by registering a fake antivirus product, even when no real AV is installed. > The trick utilizes an undocumented Windows Security Center (WSC) API that antivirus software uses to tell Windows it is installed and is now managing the real-time protection for the device.