Atari800XL Posted Sunday at 09:27 AM Share Posted Sunday at 09:27 AM (edited) I am happy to say I got it to work finally!!!! I had to throw in some more settings that somebody sent me from a NTLite forum link, so I'm not sure which one of the settings below finally did the trick, but I thought I'd throw them in here in case somebody might need to use them some day. Once again: This is just for my own scripts and experiments, WinNTSetup itself was doing it correctly already (for which I'm giving HUUUGE thanks to JFX!!!) So here are the things I added: (All are EXTRA things on top of the stuff in JFX's code example) Software hive: ============== [HKEY_LOCAL_MACHINE\temp\Microsoft\Windows Defender\Real-Time Protection] "DisableBehaviorMonitoring"=dword:00000001 "DisableOnAccessProtection"=dword:00000001 "DisableScanOnRealtimeEnable"=dword:00000001 [HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender] "DisableRealtimeMonitoring"=dword:00000001 "DisableRoutinelyTakingAction"=dword:00000001 "DisableSpecialRunningModes"=dword:00000001 "ServiceKeepAlive"=dword:00000001 [HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender\Signature Updates] "ForceUpdateFromMU"=dword:00000001 [HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000001 "ConfigureAppInstallControl"=dword:00000001 [HKEY_LOCAL_MACHINE\temp\Policies\Microsoft\Windows Defender\Spynet] "DisableBlockAtFirstSeen"=dword:00000001 System hive: ============ [HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WdFilter] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WdNisDrv] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WdNisSvc] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\temp\ControlSet001\Services\WinDefend] "Start"=dword:00000004 Edited Sunday at 09:29 AM by Atari800XL 1 Link to comment Share on other sites More sharing options...
JFX Posted Sunday at 05:06 PM Author Share Posted Sunday at 05:06 PM Glad, you got it work. 2 Link to comment Share on other sites More sharing options...
Nikolay Posted 18 hours ago Share Posted 18 hours ago (edited) Hi JFX, could you share with the batnik to disable Windows Defender. Edited 18 hours ago by Nikolay Link to comment Share on other sites More sharing options...
dimo70 Posted 15 hours ago Share Posted 15 hours ago Yes, this will be very usefull Link to comment Share on other sites More sharing options...
JFX Posted 11 hours ago Author Share Posted 11 hours ago No sure if you still can disable defender online. This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights. Defender.cmd reg load HKLM\SOFT C:\Windows\System32\config\software reg load HKLM\SYS C:\Windows\System32\config\system reg import Defender.reg reg unload HKLM\SOFT reg unload HKLM\SYS Defender.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=- [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer] "SmartScreenEnabled"="Off" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableAntiSpywareRealtimeProtection"=dword:00000001 "DpaDisabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System] "EnableSmartScreen"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000001 "ConfigureAppInstallControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy] "VerifiedAndReputablePolicyState"=dword:00000000 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService] "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend] "Start"=dword:00000004 P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo. 2 Link to comment Share on other sites More sharing options...
Nikolay Posted 9 hours ago Share Posted 9 hours ago JFX, Thank you very much!!! Link to comment Share on other sites More sharing options...
dimo70 Posted 5 hours ago Share Posted 5 hours ago (edited) Just now, JFX said: No sure if you still can disable defender online. This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights. Defender.cmd reg load HKLM\SOFT C:\Windows\System32\config\software reg load HKLM\SYS C:\Windows\System32\config\system reg import Defender.reg reg unload HKLM\SOFT reg unload HKLM\SYS Defender.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=- [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer] "SmartScreenEnabled"="Off" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableAntiSpywareRealtimeProtection"=dword:00000001 "DpaDisabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe] "Debugger"="NUL" [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System] "EnableSmartScreen"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen] "ConfigureAppInstallControlEnabled"=dword:00000001 "ConfigureAppInstallControl"=dword:00000001 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy] "VerifiedAndReputablePolicyState"=dword:00000000 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService] "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend] "Start"=dword:00000004 P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo. JFX, ill make an repack exe from your codes using advancedrun.exe, and try to stop windows defender in win11 latest version. After starting it and restarting the PC, only upper option of defender was started, and all 3 other options of defender was stopped sucsessfully. May be we needs something little more to stop it completely. Edited 5 hours ago by dimo70 Link to comment Share on other sites More sharing options...
Antonino Posted 5 hours ago Share Posted 5 hours ago (edited) excuse me, everybody, if I might appear to be like a stick in the mud, but would anyone explain to me what is wrong with having only the following list of registry occurrences of defend (which means windefend, windows defender, windowsdefender, etc.) and no file or folder occurrence on disk? below is a text file listing all I have found in my registry concerning windows defender. no coming back, no rebutting in in normal everyday operations. never have I had to disable anything, never mind control it, at least this is what I see. am I missing anything? Advanced Registry Search.txt Edited 4 hours ago by Antonino Link to comment Share on other sites More sharing options...
JFX Posted 3 hours ago Author Share Posted 3 hours ago @dimo70 You can't disable defender while the system is still running, it does protect it self. 2 Link to comment Share on other sites More sharing options...
Antonino Posted 3 hours ago Share Posted 3 hours ago that is why one has to have done it beforehand. Link to comment Share on other sites More sharing options...
dimo70 Posted 2 hours ago Share Posted 2 hours ago (edited) Just now, JFX said: @dimo70 You can't disable defender while the system is still running, it does protect it self. I see. There is another way to remove windows defender for sure in running systems - DefenderKiller. Works perfect. JFX, I tested Windows 10 and Windows 11 original with checking defender disable tweak - works perfect. Edited 2 hours ago by dimo70 Link to comment Share on other sites More sharing options...
Antonino Posted 1 hour ago Share Posted 1 hour ago unfortunately, there is no english translation, so I cannot test it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now