MSMG ToolKit

Discussion in 'MDL Projects and Applications' started by MSMG, Nov 21, 2013.

Tags:

Page 851 of 1370

Enthousiast MDL Tester

Oct 30, 2009

49,647

103,306

450
#17001 Enthousiast, Oct 30, 2020
You need to login to view this posts content.
Feartamixg MDL Addicted

May 15, 2016

783

629

30

#17002 Feartamixg, Oct 31, 2020

You need to login to view this posts content.
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17003 MSMG, Oct 31, 2020 (OP)

Yes.

graver.x said: ↑

Thanks! Can now be used with RU-RU ISO?
Click to expand...

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17004 MSMG, Oct 31, 2020 (OP)

You need to login to view this posts content.

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17005 MSMG, Oct 31, 2020 (OP)

The delay in removing the components is due to a version of new code protector I have used to pack the exe.
It takes time to unpack and then executes the command.

Even for me on Ryzen 5 3600 with 16GB RAM it takes 1 minute to start executing the removal process.

Will try to optimize the speed.

nosirrahx said: ↑

Is the new build supposed to be significantly slower? On a very fast system component removal seems to be 4 times slower than in the past.

I just checked and removing a component tales 1:55.

EDIT:

I went back a version and no removals take :30 so there certainly a major difference here.
Click to expand...

Supern00b said: ↑

@MSMG:
I'm happy to report that ltsc 1809 x64 Spanish image is flawless. It's a perfect run with defender and smartscreen removed, resetbase an NO errors at all.
It's an enormous effort you put into this project to resolve the most obscure issues, I can't thank you enough.

I'll repeat the procedure on a x86 image today and will report back if any issues arise.

Cheers.

Edit: The x86 ltsc 1809 Spanish image is also flawless, no issues at all.
There is indeed a delay when removing components with the toolkit helper method, but that doesn't bother me.
You've done it again, really a marvelous job.
Click to expand...

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
graver.x MDL Senior Member

Jan 18, 2020

347

484

10

#17006 graver.x, Oct 31, 2020

Feartamixg said: ↑

Is there a way to stop setup asking for Windows product key?
Click to expand...

Usually I am not confused by the request for a key, since it is not difficult to select "I do not have a key" to continue with the installation. But now I also used the ei.cfg option that Enthousiast suggested.

Thanks everyone, friends! Together we are strong!

MSMG said: ↑

You can use the .572 CU too if you don't remove Internet Explorer and Kernel Debugging and also can use .610 CU if Kernel Debugging is not removed.
Click to expand...

Thanks for the tip, MSMG. I'll try with 19042.610 RU-RU ISO and share the test result.
AkarshM MDL Novice

Oct 21, 2020

15

7

0

#17007 AkarshM, Oct 31, 2020

Can we still remove all the required components individually or is the Package list method the only one working right now in 10.7?
Yanta MDL Senior Member

May 21, 2017

477

274

10
#17008 Yanta, Oct 31, 2020
ingviowarr said: ↑

@Yanta

Just my 2 cents. May be easier (more reliable) way is to do so:

- Make a full backup of your system (just in case)
- Prepare exactly the same ISO edition (1809), but with Defender+SmartScreen included (not removed). May be (I'm not sure) integrate rescent updates also : people say W10UI utility is the most reliable.
- Reinstall over live system
- Reapply your security / ptrivacy settings, GPO, tweaks, etc. (AutoSettingsPS is great for massive applying tweaks. You can even backup your GPO settings with it)
- Recheck installed programs, if they are still OK.

To be honest, I don't welcome such methods, but in your situation it may appear acceptable.
Click to expand...

MSMG said: ↑

Yes the installation cab files are around 160MB but the Toolkit removed Windows Defender files are just around 70MB + registry entries.

If you could give more time then will create a manual restore pack for Defender for CU 1397.
Click to expand...

I've just finished my first test which is to install Windows 10 1809 over Windows 10 1809 but with defender included in the second image.

The first time the system is booted the Windows Defender Antivirus service is at manual. Setting it to automatic fixes the problem

If the DisableAntiSpyware registry entry is found the Antivirus settings page says "settings are managed by your organization"

The Windows Security option on the lest side of the Updates and Security page in the settings app is not added.

The program files folders still only total 31mb. I'm obviously missing something.

The only entry points for Windows Security is via the tray icon or in settings app, system, about.

I can't turn off smartscreen setting (Flashes up that it's disabled then reset to 'block'. I want it off. Perhaps I can disable it by GP or registry.

This was done on a fresh install with no user programs, tweaks or data. I'll now restore all that to a fresh image without defender and try the upgrade again. I suspect many of the tweaks, services and tasks will be reset... but we'll see
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17009 MSMG, Oct 31, 2020 (OP)

Yes you remove individually.

AkarshM said: ↑

Can we still remove all the required components individually or is the Package list method the only one working right now in 10.7?
Click to expand...

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17010 MSMG, Oct 31, 2020
Last edited: Oct 31, 2020
(OP)

You need to login to view this posts content.

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Supern00b MDL Addicted

Dec 30, 2010

762

556

30

#17011 Supern00b, Oct 31, 2020

MSMG said: ↑

The delay in removing the components is due to a version of new code protector I have used to pack the exe.
It takes time to unpack and then executes the command.

Even for me on Ryzen 5 3600 with 16GB RAM it takes 1 minute to start executing the removal process.

Will try to optimize the speed.
Click to expand...

It's no big deal, really.
If the delay from the code protector secures your work, then I'm happy to use it as-is.
Anyway, the whole image build process from start to finish takes some time, so one minute more is not something to bitch about.

Cheers.
kosta26 MDL Junior Member

Jan 1, 2019

91

5

0

#17012 kosta26, Oct 31, 2020

Version 10.7, very long processing. Now the second component on a weak laptop has been spinning for 20 minutes.
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17013 MSMG, Oct 31, 2020 (OP)

The delay in removing the components is due to a new version of code protector I have used to pack the exe, It takes time to unpack and then executes the command.

The time taken to remove one component will be same using the list method, so use the remove list method with your selected component names it will be faster.

kosta26 said: ↑

Version 10.7, very long processing. Now the second component on a weak laptop has been spinning for 20 minutes.
Click to expand...

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
ingviowarr MDL Senior Member

Dec 14, 2009

345

362

10

#17014 ingviowarr, Oct 31, 2020
Last edited: Oct 31, 2020

You need to login to view this posts content.
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17015 MSMG, Oct 31, 2020 (OP)

You need to login to view this posts content.

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
kosta26 MDL Junior Member

Jan 1, 2019

91

5

0
#17016 kosta26, Oct 31, 2020
Can I use 10.7 and 19042.508 ru-ru?
ToolKitHelper Mount Edge, didn't delete the new browser.
Version Toolkit 10.7.

I am currently checking the sfc /scannow system with the following remote components:
ToolKitHelper Mount AdobeFlashForWindows
ToolKitHelper Mount CEIP_SQM
ToolKitHelper Mount KernelDebugging
ToolKitHelper Mount UnifiedTelemetryClient
ToolKitHelper Mount WindowsInsiderHub
ToolKitHelper Mount SecurityCenter
ToolKitHelper Mount EdgeChromium
ToolKitHelper Mount Edge
ToolKitHelper Mount EdgeDevToolsClient
ToolKitHelper Mount MapControl
ToolKitHelper Mount OneDrive
ToolKitHelper Mount QuickAssist
ToolKitHelper Mount WindowsMixedReality
ToolKitHelper Mount WindowsReaderPDF
ToolKitHelper Mount WindowsDefender
ToolKitHelper Mount XboxGameCallableUI
ToolKitHelper Mount GameExplorer
ToolKitHelper Mount FileExplorer
ToolKitHelper Mount PeopleExperienceHost
Attached Files:

Безымянный.jpg

File size:

70.5 KB

Views:

19
MSMG MDL Developer

Jul 15, 2011

6,414

15,608

210

#17017 MSMG, Oct 31, 2020 (OP)

You need to use 19042.608

ToolKitHelper Mount Edge is Edge Classic
ToolKitHelper Mount EdgeChromium is the new Edge Chromium

kosta26 said: ↑

Can I use 10.7 and 19042.508 ru-ru?
ToolKitHelper Mount Edge, didn't delete the new browser.
Version Toolkit 10.7.

I am currently checking the sfc /scannow system with the following remote components:
ToolKitHelper Mount AdobeFlashForWindows
ToolKitHelper Mount CEIP_SQM
ToolKitHelper Mount KernelDebugging
ToolKitHelper Mount UnifiedTelemetryClient
ToolKitHelper Mount WindowsInsiderHub
ToolKitHelper Mount SecurityCenter
ToolKitHelper Mount EdgeChromium
ToolKitHelper Mount Edge
ToolKitHelper Mount EdgeDevToolsClient
ToolKitHelper Mount MapControl
ToolKitHelper Mount OneDrive
ToolKitHelper Mount QuickAssist
ToolKitHelper Mount WindowsMixedReality
ToolKitHelper Mount WindowsReaderPDF
ToolKitHelper Mount WindowsDefender
ToolKitHelper Mount XboxGameCallableUI
ToolKitHelper Mount GameExplorer
ToolKitHelper Mount FileExplorer
ToolKitHelper Mount PeopleExperienceHost
Click to expand...

MSMG ToolKit v13.4

MSMG ToolKit to Convert W8.1/Srv 2012 R2 RTM/GA ISO - W8.1/Srv 2012 R2 Update 1 ISO
MSMG USB Flash Drive Format Tool v1.2 | Windows 8.1 Registry Tweaks | Windows Thin PC - Addon Packages

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
kosta26 MDL Junior Member

Jan 1, 2019

91

5

0
#17018 kosta26, Oct 31, 2020
Last edited: Oct 31, 2020
You need to login to view this posts content.
Attached Files:

2.jpg

File size:

71.7 KB

Views:

11
Yanta MDL Senior Member

May 21, 2017

477

274

10

#17019 Yanta, Oct 31, 2020

You need to login to view this posts content.

MSMG MDL Developer

: Jul 15, 2011

: 6,414

: 15,608

: 210

#17020 MSMG, Oct 31, 2020 (OP)

Yes remove ;WindowsDefender from settingspagevisibility just forgot to change the text.

And that reg file forgot to cleanup while exporting from original registry, here's the cleaned up one and contains only the Defender entries.

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Antimalware-ShieldProvider]
"ProviderGuid"="{928f7d29-0577-5be5-3bd3-b6bdab9ab307}"
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
  5c,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,48,00,65,00,61,00,6c,\
  00,74,00,68,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,\
  65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend]
"EventMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
  00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
  73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,70,\
  00,45,00,76,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ParameterMessageFile"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
  46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
  00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,\
  70,00,45,00,76,00,4d,00,73,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ProviderGuid"="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}"
"TypesSupported"=dword:00000007


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecFlt]
"Description"="@%SystemRoot%\\System32\\Drivers\\mssecflt.sys,-1002"
"DisplayName"="@%SystemRoot%\\System32\\Drivers\\mssecflt.sys,-1001"
"ErrorControl"=dword:00000001
"Group"="Filter"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,6d,00,73,00,73,00,65,00,63,00,66,\
  00,6c,00,74,00,2e,00,73,00,79,00,73,00,00,00
"Start"=dword:00000000
"SupportedFeatures"=dword:00000007
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecFlt\Instances]
"DefaultInstance"="MsSecFlt Instance"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecFlt\Instances\MsSecFlt Instance]
"Altitude"="385600"
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecFlt\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0e,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%systemroot%\\system32\\SecurityHealthAgent.dll,-1001"
"DisplayName"="@%systemroot%\\system32\\SecurityHealthAgent.dll,-1002"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
  00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,48,00,65,00,61,00,6c,00,74,00,\
  68,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,65,00,00,\
  00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
  00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,\
  00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,\
  74,00,65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,\
  00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense]
"Description"="@%ProgramFiles%\\Windows Defender Advanced Threat Protection\\MsSense.exe,-1002"
"DisplayName"="@%ProgramFiles%\\Windows Defender Advanced Threat Protection\\MsSense.exe,-1001"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,e0,93,04,00
"ImagePath"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,20,00,41,00,64,00,\
  76,00,61,00,6e,00,63,00,65,00,64,00,20,00,54,00,68,00,72,00,65,00,61,00,74,\
  00,20,00,50,00,72,00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,5c,00,\
  4d,00,73,00,53,00,65,00,6e,00,73,00,65,00,2e,00,65,00,78,00,65,00,22,00,00,\
  00
"LaunchProtected"=dword:00000002
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
  00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\
  61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,\
  74,00,65,00,50,00,61,00,67,00,65,00,66,00,69,00,6c,00,65,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\
  61,00,74,00,65,00,50,00,65,00,72,00,6d,00,61,00,6e,00,65,00,6e,00,74,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,\
  65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,\
  74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
  00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,73,00,\
  65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,\
  44,00,72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,63,00,6b,00,4d,00,65,00,6d,00,\
  6f,00,72,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,53,00,69,00,6e,00,\
  67,00,6c,00,65,00,50,00,72,00,6f,00,63,00,65,00,73,00,73,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,62,00,\
  50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,\
  00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,\
  00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,\
  00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,\
  00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,\
  72,00,65,00,61,00,74,00,65,00,53,00,79,00,6d,00,62,00,6f,00,6c,00,69,00,63,\
  00,4c,00,69,00,6e,00,6b,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,44,00,65,00,6c,00,65,00,67,00,61,00,74,00,65,00,53,\
  00,65,00,73,00,73,00,69,00,6f,00,6e,00,55,00,73,00,65,00,72,00,49,00,6d,00,\
  70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,\
  65,00,61,00,73,00,65,00,57,00,6f,00,72,00,6b,00,69,00,6e,00,67,00,53,00,65,\
  00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
  65,00,4d,00,61,00,6e,00,61,00,67,00,65,00,56,00,6f,00,6c,00,75,00,6d,00,65,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
  53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,65,00,\
  6d,00,45,00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  79,00,73,00,74,00,65,00,6d,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  79,00,73,00,74,00,65,00,6d,00,74,00,69,00,6d,00,65,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,\
  4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,69,00,6d,00,65,00,\
  5a,00,6f,00,6e,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,55,00,6e,00,64,00,6f,00,63,00,6b,00,50,00,72,00,69,00,\
  76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0e,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WindowsDefender-1"="v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Defender\\MsMpEng.exe|Svc=WinDefend|Name=Allow Out TCP traffic from WinDefend|"
"WindowsDefender-2"="v2.0|Action=Block|Active=TRUE|Dir=In|App=%ProgramFiles%\\Windows Defender\\MsMpEng.exe|Svc=WinDefend|Name=Block All In traffic to WinDefend|"
"WindowsDefender-3"="v2.0|Action=Block|Active=TRUE|Dir=Out|App=%ProgramFiles%\\Windows Defender\\MsMpEng.exe|Svc=WinDefend|Name=Block All Out traffic from WinDefend|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot]
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-400"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-390"
"ErrorControl"=dword:00000001
"Group"="Early-Launch"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,57,00,64,00,42,00,6f,00,6f,00,74,\
  00,2e,00,73,00,79,00,73,00,00,00
"Start"=dword:00000000
"SupportElamHive"=dword:00000000
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0e,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter]
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-340"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-330"
"ErrorControl"=dword:00000001
"Group"="FSFilter Anti-Virus"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,57,00,64,00,46,00,69,00,6c,00,74,\
  00,65,00,72,00,2e,00,73,00,79,00,73,00,00,00
"Start"=dword:00000000
"SupportedFeatures"=dword:00000003
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances]
"DefaultInstance"="WdFilter Instance"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance]
"Altitude"="328010"
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0e,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
"DependOnService"=hex(7):42,00,46,00,45,00,00,00,00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-242"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-370"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,57,00,64,00,4e,00,69,00,73,00,44,\
  00,72,00,76,00,2e,00,73,00,79,00,73,00,00,00
"Start"=dword:00000003
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0e,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
"DependOnService"=hex(7):57,00,64,00,4e,00,69,00,73,00,44,00,72,00,76,00,00,00,\
  00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-242"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-320"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4e,00,69,00,\
  73,00,53,00,72,00,76,00,2e,00,65,00,78,00,65,00,22,00,00,00
"LaunchProtected"=dword:00000003
"ObjectName"="NT AUTHORITY\\LocalService"
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc\Security]
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,5c,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,\
  00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-240"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-310"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,73,00,\
  4d,00,70,00,45,00,6e,00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
"LaunchProtected"=dword:00000003
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,\
  00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
  50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
  63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
  00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,73,00,\
  65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
  65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
  54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0e,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Yanta said: ↑

With many of the AV products anywhere between 1 and 2 GB I was expecting Defender to be at least several hundred megabytes.

I must say, that would be the first time I've ever been positively surprised by Windows, or any Microsoft product for that matter.

I'm still testing but I thought I'd just update before I call it a night.

The 'settingspagevisibility' needed to have WindowsDefender removed as the value "hides" the named pages.

I cannot change (due to access denied errors) the HardThreshholds value. Couldn't change permissions either.

One of the nasties of Defender is that Microsoft are determined to stop people blocking telemetry and data collection. The TamperProtection key IIRC is completely ignored if it exists. The hosts files on all systems here are 18,000 lines long. A substantial portion of that is to block Microsoft telemetry and data collection. Given I have always avoided Defender like the plague I've not actually seen the impact of Defender now quarantining hosts files. I guess I'm about to find out the hard way.

That reg file will have serious negative impacts on my systems. CDPSvc is disabled here. A lot of the firewall rules in there open the system up, rather than securing it and a lot of the rules apply to components that are not installed. Many others apply to services and features that I don't use or have blocked. But thank you for providing it. It was worthwhile understanding how this all hangs together.

Removing ;WindowsDefender from settingspagevisibility did fix the issue with it missing from the settings app.

I expect it will take a few more days to complete all testing. Will update then.
Click to expand...

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

(You must log in or sign up to post here.)

Page 851 of 1370