Allow antimalware service to remain running always This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled. If you enable this setting, the antimalware service will always remain running even if both antivirus and antispyware definitions are disabled. If you disable or do not configure this setting, the antimalware service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled, the service will remain running. If both are disabled, the service will be stopped.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Defender!Allow antimalware service to remain running always (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindows Defender!ServiceKeepAlive