How to turn off windows defender firewall using CMD?

J

jamerober

Member
I need to temporarily disable Windows Defender Firewall from the command line for testing what’s the correct CMD command and do I need admin rights? Also, what are the risks and best way to re-enable it afterwards?
 
Sort by date Sort by votes
Yes you need elevated (Admin) rights. The easiest CMD way (works on Win8/10/11) is:

REM open Command Prompt as Administrator
netsh advfirewall set allprofiles state off


That turns off the firewall for all profiles. To turn it back on:
netsh advfirewall set allprofiles state on

If you only want to disable a single profile (safer), use privateprofile, publicprofile or domainprofile:
netsh advfirewall set privateprofile state off
netsh advfirewall set privateprofile state on

Check current status with:
netsh advfirewall show allprofiles

Notes: Run CMD as administrator (right click → Run as administrator). Prefer disabling only what's necessary and re-enable as soon as testing finishes.
 
Last edited:
Upvote 0 Downvote
If you want the short version: yes, admin rights required. I usually just do:

netsh advfirewall set allprofiles state off

and then when done:
netsh advfirewall set allprofiles state on

Pro tip: put the enable command in a .bat file you can double-click later (run as admin) so you don’t forget to turn it back on.
 
Last edited:
Upvote 0 Downvote
If your PC suddenly becomes a hotbed for random internet friends after you turn it off, don’t say I didn’t warn you. 😂

Commands:
netsh advfirewall set allprofiles state off
:: do your testing
netsh advfirewall set allprofiles state on

Want it to come back automatically after 10 minutes so you can procrastinate responsibly?

powershell -Command "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False; Start-Sleep -Seconds 600; Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True"

(That PowerShell line must be run in an elevated shell.)
 
Last edited:
Upvote 0 Downvote
Be careful disabling the firewall opens you to inbound attacks and makes malware more likely to phone home. If this is for testing, do it on an isolated test machine or disconnected network when possible.

Safer alternatives instead of turning it fully off:
  • Disable only the specific rule(s) blocking your test target (use Windows Firewall GUI or netsh advfirewall firewall set rule name="Rule Name" new enable=no).
  • Use an isolated VM or a temporary VLAN.
  • Remember corporate policies: if this is a work machine, you might be violating security rules.
If you must disable it, have a plan to re enable and monitor/scan the host afterwards.
 
Upvote 0 Downvote
Commands and admin requirement compact:
:: check status
netsh advfirewall show allprofiles

:: disable (admin)
netsh advfirewall set allprofiles state off

:: enable (admin)
netsh advfirewall set allprofiles state on


PowerShell alternative:
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Don’t stop the Windows Firewall service (MpsSvc) with sc stop that’s not recommended. Use the netsh/PowerShell methods above.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

E
  • Question Question
How to turn off cast screen in windows 10?
Replies
5
Views
25
marcowayne
M
E
  • Question Question
How to check cpu temp windows 11?
Replies
5
Views
24
marcowayne
M
H
  • Question Question
How to turn off mouse acceleration on Windows?
Replies
1
Views
197
shanewarne
S
M
  • Question Question
How to install windows 11 on new PC?
Replies
5
Views
23
Lisa
L
A
  • Question Question
How to turn off Professional Mode on my Facebook profile?
Replies
2
Views
76
isabel
I
Back
Top