1. n3ro97

    n3ro97 MDL Member

    Oct 17, 2018
    105
    63
    10
    #26161 n3ro97, Aug 17, 2023
    Last edited: Aug 17, 2023
  2. n3ro97

    n3ro97 MDL Member

    Oct 17, 2018
    105
    63
    10
    Some developers know how to mitigate virus detections, MAS by WindowsAddict for example.
    We can assume that ToolKitHelper.exe elevates privileges, deletes files, modifies files, modifies registry, removes system component packages (like DISM, or even uses DISM itself, who knows).

    "Without such commands, however, you could not accomplish what you can with it" - This is the problem, we don't even know what it performs exactly. So this type justification is only assumption.

    "I assume closed source code could prevent legal issues" - It is very easy to stay underground this days with VPN/proxy/VM/Sandbox/encrypted browser/temp mail/burner accounts + codebase64/telegram encrypted messages for DL links (all methods stacked on itself for best results). So there is no way Microsoft would find anyone by any means. Just don't place direct links on the forum page.

    "What I would recommend nevertheless is using a(n offline) virtual machine to perform your tasks" - This method is pointless with such type of software, because user is gonna use ISO later on live system anyway that has been modified with ToolKitHelper.exe in VM. So not only VM is affected, but ISO itself.
     
  3. tempdrive1

    tempdrive1 MDL Member

    Aug 29, 2021
    103
    135
    10
    I see where you are coming from, but your views have flaws themselves, just as mine.

    Just because the detection is mitigated, it would not make it safer.
    If you have to use software, that registers your credit card or phone number, it can be back tracked if there is a real need for it for whatever reason (you buy VPN service as I am sure you would not want to go with free version, and some time back when I was checking Telegram, it was also requiring a phone number, which in many areas come with a name and ID assigned).
    If you deploy a modified image and add security software, it ought to detected malicious system files, thus the damage could be minimized.

    But I assume you will be using this software anyway.
    In a sandboxed (virtual machine) environment you would not litter your system at least and you can do a deployment and thorough scan if you need to be certain.
    A modified binary will be detected as it will not be signed.

    Alternatively, you could create a pure DISM-based version, all you need to do is to unlock Registry entries to be able to remove any component, and there you have your own solution.
    It is difficult to tell what benefits there are for using the ToolKit for component removal compared to DISM, at least I have not taken the time to compare the results, given how difficult/complicated it is to compare Registry entries for instance.

    Let us see whether you get a better reply from someone else.
     
  4. n3ro97

    n3ro97 MDL Member

    Oct 17, 2018
    105
    63
    10
    #26165 n3ro97, Aug 17, 2023
    Last edited: Aug 17, 2023
    "Just because the detection is mitigated, it would not make it safer." - I mean my initial suggestion was to minimize virus detection, not concern of safety because I believe Toolkit is safe. The topic went a little bit of the track.

    "If you have to use software, that registers your credit card or phone number, it can be back tracked" - There are VPN services that offer trial period (same features as for fully paid) and can be created with temp mail, no phone number, credit card or any identity requirements. Also for more extra privacy this VPN burner accounts can be created in VM+sandbox+web proxy+encrypted browser so you are additionally protected. Telegram accounts can be created with burner/virtual phone numbers + you don't need even smartphone for app. You can use VM Android OS + VPN. All illegal telegram group owners are not creating accounts with their own phones/sim cards obviously. You can fake everything this days if you have enough knowledge how to do it and resources. Anyways, Telegram was only example, there are other solutions.

    "If you deploy a modified image and add security software, it ought to detected malicious system files, thus the damage could be minimized." - ToolKitHelper.exe can be detected but system image files that has been modified/injected with potential malicious code could be undetected by any AV. So this is not a solution. Of course, this is all hypothetical.

    "In a sandboxed (virtual machine) environment you would not litter your system" - Again, ToolKitHelper.exe is not big issue because of possibility to run it in VM, but the problem is the modified system image, hypothetically.

    "A modified binary will be detected as it will not be signed." - There could be 100% workaround to this with such high level of system image modification that ToolkitHelper.exe can provide, again hypothetically.

    "Alternatively, you could create a pure DISM-based version" - Yeah, but ToolkitHelper.exe offers way more than that, it is not even comparable. It would be possible but also would take insane amount of testing and development, for which I am grateful to MSMG.

    The topic is not about ToolKitHelper.exe being malware, but suggestion to minimize virus detection with code optimization and mitigations, if possible.
     
  5. Jingzin

    Jingzin MDL Addicted

    Nov 10, 2021
    666
    536
    30
    Updated my windows today to ltsb 2016 just to see how it would work against 12400f 16gb ram, x3 m2 NVMe 5tb only gtx 1660 didn't want to work bought 1060 and it worked. Didn't debloat anything, no much to debloat anyways, only disabled defender. Dism reset base works no problem.
    Gpu runs much cooler than in windows 11 and draws only 7w to 11w while idle against windows 11 11w to 30w idle .
    Task manager says cpu load 0% when nothings running, and only 1.2gb ram used when idle.

    Probably best windows up the date
     
  6. ORZpasserAtw

    ORZpasserAtw MDL Novice

    Sep 8, 2020
    18
    4
    0
    I just played Forza Horizon 5 on Steam(it just went free weekend) on Windows 11 22621.1105
    If your delete XboxTCUI, it will also delete "C:\Windows\System32\gamingtcui.dll" which is UWP cannot solve itself.
    I have to copy this dll from untouched iso to get it working
     
  7. Is possible with the toolkit to enable or disable capabilities? How should be done?
     
  8. zero cool root

    zero cool root MDL Senior Member

    Jun 17, 2011
    391
    162
    10
    Hi..!!

    In the member repositories @abbodi1406 @Enthousiast @GezoeSloog and @LostED (link below) I don't find Windows Server 2022 Essentials, only Windows Server 2022 Standard and Datacenter. Does this version exist...??

    opendirectory.luzea.de
     
  9. Jingzin

    Jingzin MDL Addicted

    Nov 10, 2021
    666
    536
    30
    Hi,

    Does anyone know if it's possible and if so how to add windows photo viewer skin after I installed windows?
    I'm talking about the msmg skin from the first page included in packs. There's Photo viewer.dll.res and Photowiz.dll.res file where should I place them?

    Thanks in advance
     
  10. bababafasdfggg

    bababafasdfggg MDL Junior Member

    Oct 5, 2018
    50
    17
    0
    Hi.
    It's possible to get updates from Windows folder SoftwareDistribution/Download and put for example Windows10.0-KB5029244-x64.cab file into Tolkit Update folder?
    It will work with all *.cab files and *.msu files?
     
  11. haris_mdlf69

    haris_mdlf69 MDL Addicted

    Oct 23, 2018
    657
    1,235
    30
  12. chintu9192

    chintu9192 MDL Novice

    Aug 11, 2021
    11
    1
    0
    hi,
    MSMG TOOLKIT 13.5 work on WINDOWS 11 PRO X64 V22H2 (10.0.2262X.1848) build? OR
    MSMG TOOLKIT 13.5 ITS ONLY WORK ON Windows 11 Client v22H2 v10.0.2262x.1992 ?
     
  13. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    Congratulations to the Indians for landing the CHANDRAYAAN 3 module on the moon's pole not illuminated by the sun where the existence of ice was discovered by the CHANDRAYAAN 1 module.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. MIMMO61

    MIMMO61 MDL Senior Member

    Aug 19, 2009
    379
    108
    10
    #26178 MIMMO61, Aug 23, 2023
    Last edited: Aug 23, 2023
    In the first post in the supported operating sistyems it says Windows 11 v21H2/v22H2 (all editions)
    Version 13.4 is OK.
     
  16. Feartamixg

    Feartamixg MDL Addicted

    May 15, 2016
    786
    631
    30
    "Editions" refers to Home, Pro, Enterprise, etc, not the version number.

    From the v13.5 changelog:
     
  17. MIMMO61

    MIMMO61 MDL Senior Member

    Aug 19, 2009
    379
    108
    10
    I thank you for the clarification.
    For version 22621.1702 I will use Toolkik 13.4