Complicated Situation (about syspreping and removing after that)

Discussion in 'Windows 10' started by LiuBang, Jun 28, 2022.

  1. LiuBang

    LiuBang MDL Member

    Oct 19, 2020
    149
    55
    10
    #1 LiuBang, Jun 28, 2022
    Last edited: Jun 28, 2022
    this is a complicated situation so if you don't see a solution that's normal
    so i removed some stuff from windows 10 LTSC 2019
    but didn't remove Action center,windows defender or smartscreen
    now i installed the image in VM
    installed 1 program whatever it's doesn't matter
    then i sysprepped with Generalize
    then i captured the image
    now i removed windows defender and security center and smartscreen from the captured image using NTLite
    then i installed the image to test if they are removed totally or not
    now here is the problem
    they are removed with their services
    but i'm getting this notification
    Screenshot ٠٦-٢٨-٢٠٢٢ ٢٠.٢٨.٠٣.png
    it keeps popping up
    i managed to disable the notification from security and maintenance
    but i want to get to the source that is causing this to pop up
    something got deployed in the first installation
    and i don't know where it is (registry,windows file, service,task schedular)

    if you know any solution that could help me to reach it's source wherever it's and i will manage to modify it
    i would be thankful

    PS: Don't suggest removing them from the beginning as i can't do that for some reasons
     
  2. xinso

    xinso MDL Guru

    Mar 5, 2009
    12,622
    13,631
    340
    #2 xinso, Jun 29, 2022
    Last edited: Jun 29, 2022
    1. Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.17763.1
    2. C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
    3. Privacy --> Background Apps --> Close Windows Security
    4. Windows-Defender.reg
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
    "DisableBehaviorMonitoring"=dword:00000001
    "DisableOnAccessProtection"=dword:00000001
    "DisableScanOnRealtimeEnable"=dword:00000001
    "DisableRealtimeMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
    "ForceUpdateFromMU"=dword:00000000
    "UpdateOnStartUp"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Systray]
    "HideSystray"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments]
    "ScanWithAntiVirus"=dword:00000003
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
    "DontOfferThroughWUAU"=dword:00000001
    "DontReportInfectionInformation"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SecurityHealth"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "SettingsPageVisibility"="Showonly:display;notifications;powersleep;storagesense;tabletmode;multitasking;crossdevice;about;bluetooth;printers;mousetouchpad;usb;network-status;network-ethernet;network-dialup;network-vpn;datausage;network-proxy;personalization-background;colors;lockscreen;themes;personalization-start;taskbar;appsfeatures;defaultapps;maps;appsforwebsites;yourinfo;signinoptions;otherusers;sync;dateandtime;regionlanguage;speech;easeofaccess-narrator;easeofaccess-magnifier;easeofaccess-highcontrast;easeofaccess-closedcaptioning;easeofaccess-keyboard;easeofaccess-mouse;easeofaccess-otheroptions;privacy-webcam;privacy-microphone;privacy-notifications;privacy-accountinfo;privacy-contacts;privacy-calendar;privacy-callhistory;privacy-email;privacy-tasks;privacy-messaging;privacy-radios;privacy-customdevices;privacy-backgroundapps;privacy-appdiagnostics;windowsupdate;activation;backup;recovery;developers;"
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityHealthService]
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\WinDefend]
    
     
  3. LiuBang

    LiuBang MDL Member

    Oct 19, 2020
    149
    55
    10
    special thanks for your effort
    but unfortunately it didn't work
    it works if the windows hasn't been deployed
    something got installed in the first installation
    it should be related to security center as it's checking about security center
    tbh i'm starting to lose hope and i think i will stick to turning off the notification
    even though i don't like having process doing something useless in the background and wasting resources

    anyway if anyone got any suggestion i'm all ears
     
  4. LiuBang

    LiuBang MDL Member

    Oct 19, 2020
    149
    55
    10
    special thanks to everyone who tried to help and who thought of a solution

    i solved it by wiping the piece of s**t out of existence from system32

    tbh i didn't think that was possible but it's what it's
     
  5. freddie-o

    freddie-o MDL Expert

    Jul 29, 2009
    1,375
    2,277
    60
    Try
    Code:
    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    
     
  6. LiuBang

    LiuBang MDL Member

    Oct 19, 2020
    149
    55
    10
    i know this and it works but it removes the notification but doesn't remove the process from it's source
    the solution is to eliminate the last files from system32 of the security center
     
  7. haris_mdlf69

    haris_mdlf69 MDL Senior Member

    Oct 23, 2018
    422
    660
    10
    Hey!

    I know it's been a while since anyone posted here, but I came across this thread while researching disabling windows defender service. The following notification appears only when 'wscsvc' service is disabled.
    I hope this information can be helpful, even though this thread is a bit older.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...