How to disable a service when "access is denied"?

I used autoruns.exe from sysinternals (microsoft)

Went to 'Services' tab and un-ticked MsMpSvc. Rebooted.

I could enabled it again using the same steps.


Simple answer: You cannot.

The reason is that the "Access is denied" behaviour is enforced by a device driver that is most probably a file system driver that checks for specific actions on specific files and denies those operations.

The only way you can do so is:

  1. disable the access protection behaviour through the AVs UI.

  2. Boot into safe mode (Most of the times not useful because today almost all antiviruses add themselves to the minimal boot drivers list used by safe mode)

  3. Use a Windows Minimal Environment like BartPE to boot up and modify the registry to not start the service / load the driver at boot.