In windows server you can remove windows deffender completly using DISM commands, unfortuntely the same command does not work on normal pedestrian windows 10 enterprise. So I wanted to inquire if anyone here knows how to use DISM or in an other similarly thorough way uninstall windows defender from a normal non server windows 10 installation?
? ---- > $name = 'Windows-Defender-Client-Package' $packages = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages' $found = split-path -leaf (reg query $packages.replace(':','') /f $name | findstr HKEY) function reg_own([string[]]$A){ #key [opt],all,usr,own,acc,perm : reg_own "HKCU:\My","","S-1-5-32-545","","Allow","FullControl" $D1=[uri]."M`odule"."G`etType"('System.Diagnostics.Process')."G`etMethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn 'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))} $path=$A[0]; $rk=$path-split':\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier] $u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all' $rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] ) $x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0} };if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions') $p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)} $c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames() foreach($n in $subkeys){Own1 "$k\$n"}}}}; Own1 $rk[1]; if($env:VO){get-acl Registry::$path|fl}} # lean & mean ps snippet by AveYo foreach ($item in $found) { reg_own "$packages\$item" 'preserve' 'S-1-1-0' set-itemproperty -Path "$packages\$item" -Name "Visibility" -Value 1 remove-item -Path "$packages\$item\Owners" remove-windowspackage -Online -PackageName "$item" -NoRestart }
thanks but when I run it i get an error: PS C:\Windows\system32> C:\RemoveWD.ps1 set-itemproperty : Der Pfad "C:\Windows\system32\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1" kann nicht gefunden werden, da er nicht vorhanden ist. In C:\RemoveWD.ps1:19 Zeichen:1 + set-itemproperty -Path "$packages\$item" -Name "Visibility" -Value 1 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Windows\syst...DE~10.0.19041.1:String) [Set-ItemProperty], ItemNotFo undException + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand remove-item : Der Pfad "C:\Windows\system32\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1\Owners" kann nicht gefunden werden, da er nicht vorhanden ist. In C:\RemoveWD.ps1:20 Zeichen:1 + remove-item -Path "$packages\$item\Owners" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Windows\syst....19041.1\Owners:String) [Remove-Item], ItemNotFoundEx ception + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand remove-windowspackage : Zugriff verweigert In C:\RemoveWD.ps1:21 Zeichen:1 + remove-windowspackage -Online -PackageName "$item" -NoRestart + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: ) [Remove-WindowsPackage], COMException + FullyQualifiedErrorId : Microsoft.Dism.Commands.RemoveWindowsPackageCommand set-itemproperty : Der Pfad "C:\Windows\system32\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.329" kann nicht gefunden werden, da er nicht vorhanden ist. In C:\RemoveWD.ps1:19 Zeichen:1 + set-itemproperty -Path "$packages\$item" -Name "Visibility" -Value 1 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Windows\syst...~10.0.19041.329:String) [Set-ItemProperty], ItemNotFo undException + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand remove-item : Der Pfad "C:\Windows\system32\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.329\Owners" kann nicht gefunden werden, da er nicht vorhanden ist. In C:\RemoveWD.ps1:20 Zeichen:1 + remove-item -Path "$packages\$item\Owners" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (C:\Windows\syst...9041.329\Owners:String) [Remove-Item], ItemNotFoundEx ception + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand remove-windowspackage : Zugriff verweigert In C:\RemoveWD.ps1:21 Zeichen:1 + remove-windowspackage -Online -PackageName "$item" -NoRestart + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: ) [Remove-WindowsPackage], COMException + FullyQualifiedErrorId : Microsoft.Dism.Commands.RemoveWindowsPackageCommand
I dont know . It apears to work for me . ObjectNotFound PathNotFound Windows-Defender-Client-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1\Owners" kann nicht gefunden werden, da er nicht vorhanden ist. Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.329\Owners" kann nicht gefunden werden, da er nicht vorhanden ist.. Ich hab kein ahnung . Ich wird C durchsuchen und gucken ob ich windows-defender-client-package finden kann ? = Wann es nicht da is kann man es nicht uninstalieren ? I have no idea . I would search C to see if i can find a windows-defender-client-package . If its not there it cant be uninstalled ?
offline mode install wim tweak to remove package or online mode srdrepository database set isinbox to 1 then remove sechealthui appxpackage plus GPO tweaks to permanently disable defender. Both ways we get 0x8000701 error at time we are updating os via wu or via dism add-package