← Back to Blog
📅 May 26, 2026 How-To 3 min read

How to Exclude KMSPico from Windows Defender

This is a necessary step before extracting KMSPico. Once you add the exclusion, Defender will leave the folder alone and you can run the activator without interruption.

Verified Download — KMSPico Official
KMSPico_Official_v10.2.0.rar
Archive password: 123456  ·  8.3 MB  ·  v10.2.0
Download KMSPico
Extract with WinRAR using the password above, then run as administrator. Works on Windows 10, 11, Server & Office.

Method 1: Folder Exclusion via Windows Security (Recommended)

This is the cleanest method — it excludes a specific folder rather than disabling Defender entirely.

  1. Press Win + S, search for Windows Security, and open it.
  2. Click Virus & threat protection.
  3. Scroll down to Virus & threat protection settings and click Manage settings.
  4. Scroll to Exclusions and click Add or remove exclusions.
  5. Click Add an exclusion → Folder.
  6. Navigate to and select the folder where you plan to extract KMSPico (e.g. C:\KMSPico).
  7. Click Select Folder. The exclusion is now active.

You can now extract the RAR archive into that folder and run the activator without Defender interference. You can remove the exclusion after activation if preferred.

Method 2: PowerShell (Fastest)

Open PowerShell as Administrator and run:

> Add-MpPreference -ExclusionPath "C:\KMSPico"

Replace C:\KMSPico with your actual extraction path. This takes effect immediately.

Method 3: Temporary Disable (Quick but Less Precise)

If you prefer to disable real-time protection temporarily:

  1. Open Windows Security → Virus & threat protection → Manage settings.
  2. Toggle Real-time protection to Off.
  3. Extract and run KMSPico.
  4. Re-enable real-time protection after activation completes.

Note: Windows will automatically re-enable real-time protection after a short period even if you turn it off manually. The folder exclusion method (Method 1) is preferred because it is permanent for that folder without weakening overall protection.

Why Defender Flags KMSPico in the First Place

Windows Defender uses behavioral rules that flag any software modifying the Windows Software Protection Platform (SPP). Since KMSPico directly interacts with SPP to install the GVLK key and activate Windows, it triggers the HackTool:Win32/AutoKMS heuristic. This is a policy classification — not evidence of malicious code. The same heuristic would flag a clean, custom-written volume licensing script.

Defender's PUA protection, in particular, is designed for aggressive enterprise environments and will quarantine tools that are perfectly legitimate for personal use. An exclusion is the correct technical response.

Related Guides

What is KMS? → Is It Safe? → Activation Methods → Troubleshooting →

Frequently Asked Questions

Defender classifies KMSPico as HackTool:Win32/AutoKMS because it modifies Windows licensing services. This is a false positive — the tool contains no harmful code.
Open Windows Security → Virus & threat protection → Manage settings → Exclusions → Add an exclusion → Folder. Select the folder where you extracted KMSPico.
Yes, temporarily disabling real-time protection to extract and run KMSPico is safe, provided you re-enable it immediately after. The folder exclusion method is preferred as it is more targeted.
The password is 123456. Use WinRAR to extract the archive and enter this password when prompted.

Download KMSPico Official

Get the latest verified release and start activating Windows or Office in seconds — free and fully permanent.

Archive password: 123456

Download KMSPico RAR