A small program is being running by the Clop actors before encryption that will attempt to disable a variety of security software, including Windows Defender. This is done to prevent behavioral algorithms from detecting the file encryption and block the ransomware. In addition to Windows Defender, Clop is also targeting older computers by uninstalling Microsoft Security Essentials and Malwarebytes’ standalone Anti-Ransomware programs. As CryptoMix is run with administrator privileges by the attackers, this command will remove the software without a problem.
Source: https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/