Jump to content

WinNTSetup v5.3.5.2


JFX

Recommended Posts


No sure if you still can disable defender online.
This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights.

Defender.cmd

reg load HKLM\SOFT C:\Windows\System32\config\software
reg load HKLM\SYS C:\Windows\System32\config\system
reg import Defender.reg
reg unload HKLM\SOFT
reg unload HKLM\SYS

Defender.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=-

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Off"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiSpywareRealtimeProtection"=dword:00000001
"DpaDisabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"=dword:00000001


[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy]
"VerifiedAndReputablePolicyState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend]
"Start"=dword:00000004

P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo.

Link to comment
Share on other sites

Posted (edited)
Just now, JFX said:

No sure if you still can disable defender online.
This should work from WinPE/WinRE. Another Windows would need to run it with TrustedInstaller rights.

Defender.cmd

reg load HKLM\SOFT C:\Windows\System32\config\software
reg load HKLM\SYS C:\Windows\System32\config\system
reg import Defender.reg
reg unload HKLM\SOFT
reg unload HKLM\SYS

Defender.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=-

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Off"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiSpywareRealtimeProtection"=dword:00000001
"DpaDisabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe]
"Debugger"="NUL"

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableAntiVirus"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFT\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"=dword:00000001


[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Control\CI\Policy]
"VerifiedAndReputablePolicyState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\SecurityHealthService]
"Start"=dword:00000000

[HKEY_LOCAL_MACHINE\SYS\ControlSet001\Services\WinDefend]
"Start"=dword:00000004

P.S: Not sure why I set SecurityHealthService to autostart, either there was a problem with disabling or it's a typo.

JFX, ill make an repack exe from your codes using advancedrun.exe, and try to stop windows defender in win11 latest version. After starting it and restarting the PC, only upper option of defender was started, and all 3 other options of defender was stopped sucsessfully.

May be we needs something little more to stop it completely.

Edited by dimo70
Link to comment
Share on other sites

Posted (edited)

excuse me, everybody, if I might appear to be like a stick in the mud, but would anyone explain to me what is wrong with having only the following list of registry occurrences of defend (which means windefend, windows defender, windowsdefender, etc.) and no file or folder occurrence on disk? below is a text file listing all I have found in my registry concerning windows defender. no coming back, no rebutting in in normal everyday operations. never have I had to disable anything, never mind control it, at least this is what I see. am I missing anything?

Advanced Registry Search.txt

Edited by Antonino
Link to comment
Share on other sites

@dimo70 You can't disable defender while the system is still running, it does protect it self.

Link to comment
Share on other sites

Posted (edited)
Just now, JFX said:

@dimo70 You can't disable defender while the system is still running, it does protect it self.

I see. There is another way to remove windows defender for sure in running systems - DefenderKiller. Works perfect.

JFX, I tested Windows 10 and Windows 11 original with checking defender disable tweak - works perfect. :worship:

Edited by dimo70
Link to comment
Share on other sites

Posted (edited)

well, I have now come across the bat version from github and I launched it, some russian wording came up a dos window and I can't make out what it means.  but it did launch and execute. I just hope it has done the job if it was needed.

Edited by Antonino
Link to comment
Share on other sites

Posted (edited)

Antonino, I use it nearly 10 times per day on Win10 & 11 and everything works fine. There is no viruses inside.

Yes, I used many russion tools, and some of them are super. I have many russion friends and some of them are genius just as respectable JFX.

And one more update - NTHelper

Edited by dimo70
Link to comment
Share on other sites

Posted (edited)

no doubt about that, I only did not know what to do on the first version, which left me with a dos-box-like scenario of alternatives for me to choose from among, and I did not know which would do what. on my second instance, it was a bat which I executed, but did not know what it did or did not in terms of stopping windows defender, which I claim I already have done by my brute force deletion philosophy, i.e. by deleting all occurrences of windows defender both on the disk and in the registry. I even posted a txt listing the only entries left in the registry for u all to check. in spite of my incompetence, I am still talking of windows defender, not of racism whatsoever, which I do not even consider in the least. I am a tech fan, not a politics fan. all that to simply mean my english is infinitely better than my russian, so I was afraid of making the wrong choice out of misunderstanding the options.

Edited by Antonino
Link to comment
Share on other sites

Antonino, clicking on 1. it uninstalls / removes all defender services and files. There will be then two option- makes a backup of defender or not.

If selfdefence is on, it opens defender settings tab and automatically set all boxes to off. Then start removal process. After restarting there will be no defender at all.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...