Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Microsoft Defender
Environment: Windows
Summary: Resetting Microsoft Defender to default settings
If you need to remove Huntress Managed Microsoft Defender or reset Microsoft Defender to its default state, choose the method that matches your OS:
1 Windows 10/11 workstations: Reset using the GUI
2 Windows 10/11 workstations: Reset using PowerShell
3 Windows Server: Full reset using PowerShell
4 Reset configuration only (no uninstall)
Note: On Windows Server, use the PowerShell method. The Windows Security app reset is workstation-focused and may not fully apply on server OS.
Windows 10/11 workstations: Reset using the GUI
On Windows 10 and Windows 11 workstations, Microsoft Defender is primarily managed through the Windows Security app. Resetting Defender via the Windows Security interface can help clear local configuration issues.
- Press the Start button and type in "Windows Security"
-
Select "App settings"
-
Scroll down to the bottom and click on the "Reset" button.
-
Confirm the reset by clicking on the second "Reset" button. You'll need to reboot the machine after this.

Windows 10/11 workstations: Reset using PowerShell
A reset using the built in ResetPlatform tool which will remove all Defender updates, rolling Defender back to the version that shipped with the OS. You'll need to replace $version with the highest version number in that folder, and reboot the machine after running this command:
& "c:\programdata\Microsoft\Windows Defender\Platform\$version\MpCmdRun.exe" -ResetPlatformWindows Server: Full reset using PowerShell
On Windows Server, Microsoft Defender is treated as a managed service rather than a user-facing security app. For that reason, resetting Defender on servers should be done using PowerShell rather than through the Windows Security app.
Similar to above, this method fully removes Defender and then re-installs it. The reboots are required as many of the Defender files will be locked as they are in-use, the reboot clears those file locks.
Uninstall-WindowsFeature -Name Windows-Defender
#reboot after uninstall
Install-WindowsFeature -Name Windows-Defender
#reboot after installReset Defender AV configuration only
Resetting only the Defender policies that Huntress uses to the Huntress recommended defaults. Despite being fairly lengthy of a script this one is a lighter touch than the other options above. This is the preferred script to use when testing for a competing Defender AV management platform, GPO's, or Intune configuration that could be interfering with Huntress' management of Defender AV.
Download this script to the desired machine, change your PowerShell working directory to the directory you downloaded the script to, and run it like this:
powershell -executionpolicy bypass -f ./Huntress.reset.Defender.ps1