Since we are talking about issues and possible bugs in 18363.418, I'd like to mention that the Windows Defender policy structure is different in 1909. Applying the old policy and registry tweaks that turned off Windows defender in 1809 and 1903, do not appear to turn off Windows Defender in 1909. At best, the Windows Defender Antivirus Service loads, and can be set to consume few resources with real-time scanning and windows firewall turned off by group policies. But Windows Defender Antivirus Service still loads, and still performs background scans regardless of what your PC Settings say. Windows Defender remains to be a nuisance and 3rd party antivirus programs (e.g. Symantec Norton Internet Security, etc.) don't shut it off in 1909. The service and its key files (MsMpEng.exe and MpCmdRun.exe) appear owned and controlled by TrustedInstaller. The only thing I've been able to do is open a command prompt and rename MsMpEng.exe to MsMpEng.bak and MpCmdRun.exe to MpCmdRun.bak. But I don't consider this a permanent fix. Windows Defender is a real thorn in my side. Maybe this issue is better in a different forum. Let me know...
Tips and Fixes Overview (will be extended asap): Fixes for not being offered the option to create a local offline account on Home (+SL): https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-272#post-1550716 Can't inplace upgrade, with keeping all files and apps, on 18363.32x+ installs: https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-274#post-1551221 Solution: How to do an inplace upgrade, with keeping all files and apps, on 18363.32x+ installs, using a 18363.32x+ ISO: https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-298#post-1553368 How to go from 18362.32x+ to 18363.32x+ (online): https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-275#post-1551290 How to go from 18362.10022 > 18363.32x+ (online by upgrade) https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-291#post-1552812 How to go from 18362/3.10022 > 18363.418 (without the need to upgrade): https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-298#post-1553407 For people who have ran any cleanup, and the WIS2RP fix doesn't work: https://forums.mydigitallife.net/th...pc-19h1-2-release.79259/page-304#post-1553808
The old tweaks and group policies did not work for me in 1909. The policy and registry keys are different. I ran MRP, generated an .ini, ran a script to no avail. In fact the script reactivated MpCmdRun which downloads signitures from MS on bootup and the WinDefend service still runs. Strategies for disabling Windows Defender are going to be different for 1909.
I ran it and no trace of defender found, no service not even the security page was there, can you post the MRP project log and debug log?
I'm not sure where the logs are kept. But I can show you how the registry structure is different. I was able to turn off defender (without uninstalling it) by setting the following keys, running sysinternals autoruns, unchecking the WinDefend service, and unchecking the (4) defender scheduled tasks. So this creates a fix that can easily be undone. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "ServiceKeepAlive"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] "DisableRealtimeMonitoring"=dword:00000001 "DisableBehaviorMonitoring"=dword:00000001 "DisableScanOnRealtimeEnable"=dword:00000001 "DisableOnAccessProtection"=dword:00000001 "DisableIOAVProtection"=dword:00000001 "DisableRawWriteNotification"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] "DisableScanOnUpdate"=dword:00000001 "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 "DisableUpdateOnStartupWithoutEngine"=dword:00000001 "RealtimeSignatureDelivery"=dword:00000000 "UpdateOnStartUp"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
Man, Microsoft's whole spiel about "Windows 10 is just Windows - we're never making another" or whatever really didn't stick around long it seems. When's Windows 11 coming out? 2021?
That's a good one. I was on one of their launch teams. As long as there is money to be made, there will be new releases. The question is, when will they stop?
I manually disabled Windows Defender on 1903 through Group Policy and it keeps activated if I don't manually disable all of its settings (I only tried disabling all of them on the Settings' app before using a Group Policy, not just one or some) via the Settings' app too. Is it normal? It should be only needed to disable it using a Group Policy. If I only disable all of its settings on the Settings' app its main setting reactivates (the only one that does this) every timr I sign in to my user account.
That's what to expect. All of the registry settings I posted were set with the group policy editor. I would have to take screen shots of all of them. So it's easier just to show the registry settings. Sysinternals Autoruns lets you turn off the WinDefend service. Prior to shutting it off, I took ownership of the MsMpEng.exe executable, but I don't think that is necessary. Run Autoruns and just uncheck the box next to the WinDefend service and then uncheck the 4 boxes for the scheduled defender tasks. Everytime Windows boots up, it is probably going to load new antivirus signatures and do a quick scan. I don't think this is good for users with SSDs.
It may do that (load new antivirus signatures and do a quick scan) after disabling Windows Defender using a Group Policy? Why do you think it's not good for users with SSDs? Also, I've been using NTLite and/or MSMG ToolKit but there are some settings I can only change after installing Windows by using programs like Winaero Tweaker because these two programs can't befkre creating an image. Do you know any programs which can configure Windows' settings NTLite and MSMG ToolKit can't before creating an image?
There's a limited amount of writes that can be performed to an SSD. Writes cause wear to SSDs. If the Windows Defender signature keys are downloaded (and written) to you SSD, everytime you bootup, then this creates an excessive wear situation for your SSD.
Well, I have a HDD so do you think I should buy a SSD one (or SSHD) or a laptop which comes with one (or wih a SSHD)? My 1903 install has some bugs like some things (msconfig) not being in my native language but in english (even after a clean install, so it looks like it's a translation problem, which is unnaceptable) and I can't install windows updates because apparently disc cleanup was run and may have broken it (I don't know if it was disc cleanup that caused this problem). Do you think if I do a clean 1909 install (when it comes out) or do an upgrade 1909 install (by running it's setup.exe) the problems will be fixed (at least the first one, since the second one may return after a disc cleanup)?