Unfortunately, by granting that ability, it gave well-designed malware strains the ability to do the same.
That is now changing.
As the company explains in a recent blog post:
“DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program.
This setting is not intended for consumer devices, and we’ve decided to remove this registry key. This change is included with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher KB 4052623. Enterprise E3 and E5 editions will be released at a future date.
Note that this setting is protected by tamper protection. Tamper protection is available in all Home and Pro editions of Windows 10 version 1903 and higher and is enabled by default.
The impact of the DisableAntiSpyware removal is limited to Windows 10 versions prior to 1903 using Microsoft Defender Antivirus. This change does not impact third party antivirus connections to the Windows Security app. Those will still work as expected.”
In response to a number of inquiries arising from the change, Microsoft went on to explain that if a user opts to run some other antivirus program, but for some reason, their chosen AV program is disabled, Microsoft Defender will automatically turn itself back on in order to ensure that there is no gap in protection for that user.
Given the number of malware strains that now have the capability to disable Microsoft Defender in this manner, the change is probably overdue. Kudos to Microsoft for taking decisive action here.