You have merely removed Windows Security GUI, pretty pointless since it has nothing to do with Defender, just MS loves to splat Defender name on everything, like Defender Firewall, though it is a standalone app.
If I am 'merely ' removing this WS/Defender, then do you have any suggested way to remove the WS/Defender completely, so that there'll be absolutely no 'Update for Microsoft Defender Antivirus antimalware platform - KB5007651' to block/hide?
I don't understand, can you explain & elaborate a bit? I am actually looking to remove WD/WS from the WIM (ISO) level completely so that I don't even receive that 'Update for Microsoft Defender Antivirus antimalware platform - KB5007651' via Windows Update. Although I am aware of various WD/WS removal scripts & apps existence like what you shared, using those will be the last option if nothing works. But I don't think anything will work, as per my experience my WIM (ISO) is WD/WS less, but as soon as Windows receive the monthly LCU, some component of WD/WS is installed via LCU I guess, & immediately after receiving & installing that LCU, Windows start receiving that 'Update for Microsoft Defender Antivirus antimalware platform - KB5007651' again via Windows Update
This does not work? Code: reg load HKLM\OFFLINE_IMAGE_SOFTWARE mount\Windows\System32\Config\Software reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "0" /f reg unload HKLM\OFFLINE_IMAGE_SOFTWARE
Need to test this. what's the process you follow to integrate this into the WIM? BTW, have you already tried & tested this on your own? i.e. adding this to Windows ISO [.WIM] & install that ISO & 'Update for Microsoft Defender Antivirus antimalware platform - KB5007651' not offered
Just replace "mount\Windows\System32\Config\Software" with the location of the Software hive file where the WIM is mounted and run the commands in CMD. I haven't tested it lately because I used it when reconstructing Enteprise G and if I remember correctly Defender Updates were really disabled then. Why not just do offline update, block Windows Update in firewall and just install updates manually. That way you have more control what is installed. That's what I do.
UPDATE: Tried this script you shared. Executed this script 2 times, Open & Run as admin. Followed by a reboot. that Update for Microsoft Defender Antivirus antimalware platform - KB5007651' still shows in Windows Update. I don't get your process fully. Can you explain further? What if I add this reg key (you shared) into the HKLM and/or HKCU hive to executive it after the first Windows boot after a clean install? To answer your other Q, am not interested in offline update procedures. It's just this KB5007651 which I don't want & wanna block permanently.
For example: Code: reg load HKLM\OFFLINE_IMAGE_SOFTWARE C:\mount\Windows\System32\Config\Software reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f reg add "HKLM\OFFLINE_IMAGE_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "0" /f reg unload HKLM\OFFLINE_IMAGE_SOFTWARE If you mounted the WIM to C:\mount. Add that to a batch file and run it. You can do it online too. Code: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\
I tested this on my host OS/live system (23H2 22631.3672). As I already removed WD/WS from the WIM level so those reg keys were not there in the reg editor I checked. So I manually added Code: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] "UpdateOnStartUp"=dword:00000000 "ForceUpdateFromMU"=dword:00000000 & rebooted the system. Now that update is still showing. I am attaching the full Reg key exported for those 'Windows Defender Security Center' & 'Windows Defender' if you wanna check. I believe those are not the keys to blocking this KB5007651, maybe some other reg keys are involved.