Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Floppy

(Error)Add Exclusions for Windows Defender in Windows 10 with reg add.

Recommended Posts

Hi

Iam making an unattended istall for windows 10. (Autounattend.xml) And I need to exclude some files. With Win 7 could do it with  reg add  pointing to the key.

With Win 10 I get error "Not alowed to alter Key"

Using this;

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /V "C:\Program Files\Rig\AutoPass.exe" /t REG_DWORD /d 0 /f

 

Is it possible to do this earlier during the install before Defender grab "hold" on the registry?

 

Share this post


Link to post
Share on other sites

It appears as if you need to take ownership, and change permissions.

Share this post


Link to post
Share on other sites

Thanks for respons !

It appears as if you need to take ownership, and change permissions.

Well I have tried that. No go.

I have seen this:

"Windows Defender has a kernel-mode driver (wdfilter.sys) that registers a Registry callback filter which protects Defender’s registry keys.".

 

That's why I ask; "Is it possible to do this earlier during the install before Defender grab "hold" on the registry?"

Share this post


Link to post
Share on other sites

Possible, using unattend answer file
RunSynchronousCommand in specialize pass runs under system account and have full access to registry

    <settings pass="specialize">        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <RunSynchronous>                <RunSynchronousCommand wcm:action="add">                    <Path>REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /V "C:\Program Files\Rig\AutoPass.exe" /t REG_DWORD /d 0 /f</Path>                    <Order>1</Order>                    <Description>Registry</Description>                </RunSynchronousCommand>            </RunSynchronous>        </component>    </settings>

Share this post


Link to post
Share on other sites

Thank's for answering abbodi1406 !

 

Can I do it like this:

<?xml version="1.0" encoding="utf-8"?>

 

<unattend xmlns="urn:schemas-microsoft-com:unattend">

 

    <settings pass="windowsPE">

 

        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <SystemLocale>nb-NO</SystemLocale>

 

            <UserLocale>nb-NO</UserLocale>

 

            <UILanguage>nb-NO</UILanguage>

 

            <UILanguageFallback>nb-NO</UILanguageFallback>

 

            <InputLocale>0409:00000409</InputLocale>

 

        </component>

 

        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <UserData>

 

                <ProductKey>

 

                    <Key>xxxxxxxxxxxx</Key>

 

                    <WillShowUI>OnError</WillShowUI>

 

                </ProductKey>

 

                <Organization>Hjemme</Organization>

 

                <FullName>Kunde</FullName>

 

                <AcceptEula>true</AcceptEula>

 

            </UserData>

 

            <ImageInstall>

 

                <OSImage>

 

                    <InstallFrom>

 

                        <MetaData wcm:action="add">

 

                            <Key>/IMAGE/NAME</Key>

 

                            <Value>Windows 10 Pro</Value>

 

                        </MetaData>

 

                    </InstallFrom>

 

                </OSImage>

 

            </ImageInstall>

 

        </component>

 

    </settings>

 

    <settings pass="oobeSystem">

 

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <UserAccounts>

 

                <LocalAccounts>

 

                    <LocalAccount wcm:action="add">

 

                        <Name>Kunde</Name>

 

                        <Group>Administrators</Group>

 

                        <Password>

 

                            <PlainText>true</PlainText>

 

                            <Value></Value>

 

                        </Password>

 

                    </LocalAccount>

 

                </LocalAccounts>

 

            </UserAccounts>

 

            <OOBE>

 

                <HideEULAPage>true</HideEULAPage>

 

                <NetworkLocation>Home</NetworkLocation>

 

                <ProtectYourPC>1</ProtectYourPC>

 

                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>

 

            </OOBE>

 

        </component>

 

        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <UILanguage>nb-NO</UILanguage>

 

            <UserLocale>nn-NO</UserLocale>

 

            <InputLocale>0414:00000414</InputLocale>

 

        </component>

 

    </settings>

 

    <settings pass="specialize">

 

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <AutoLogon>

 

                <Enabled>true</Enabled>

 

                <Username>Kunde</Username>

 

                <Password>

 

                    <Value />

 

                    <PlainText>true</PlainText>

 

                </Password>

 

                <LogonCount>9999999</LogonCount>

 

            </AutoLogon>

 

<RunSynchronous>

 

                <RunSynchronousCommand wcm:action="add">

 

                    <Path>REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /V "C:\Program Files\Rig\AutoPass.exe" /t REG_DWORD /d 0 /f</Path>

 

                    <Order>1</Order>

 

                    <Description>Registry</Description>

 

                </RunSynchronousCommand>

 

            </RunSynchronous>

 

        </component>

 

 

            <TimeZone>W. Europe Standard Time</TimeZone>

 

            <ComputerName>Kundexx</ComputerName>

 

        </component>

 

        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <SearchScopes>

 

                <Scope wcm:action="add">

 

                    <ScopeDefault>true</ScopeDefault>

 

                    <ScopeDisplayName>Google</ScopeDisplayName>

 

                    <ScopeUrl>http://www.google.com/search?q={searchTerms}</ScopeUrl>

 

                    <ScopeKey>Google</ScopeKey>

 

                </Scope>

 

            </SearchScopes>

 

        </component>

 

        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <SearchScopes>

 

                <Scope wcm:action="add">

 

                    <ScopeDisplayName>Google</ScopeDisplayName>

 

                    <ScopeKey>Google</ScopeKey>

 

                    <ScopeUrl>http://www.google.com/search?q={searchTerms}</ScopeUrl>

 

                    <ScopeDefault>true</ScopeDefault>

 

                </Scope>

 

            </SearchScopes>

 

        </component>

 

    </settings>

 

    <cpi:offlineImage cpi:source="wim:g:/win_10/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />

 

</unattend>

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...