1. kosta26

    kosta26 MDL Junior Member

    Jan 1, 2019
    91
    5
    0
    Do not delete windows defender, or use build 1809(it does not return deleted components)
     
  2. 0x723465

    0x723465 MDL Novice

    Mar 16, 2015
    10
    1
    0
    Yes, after rebuilding the image, its size is at 5,52GB.

    Probelm is, the 5 indexes itself just increase by about 100MB per index (uncompressed size), the compressed boot.wim by 38MB but the final compressed image is 2,5GB bigger.
    Also did that with Toolkit 10.4 (same windows image, same settings) and there the image just increased by 370MB (from 3,75GB to 4,12GB) .

    I now added DaRT to the boot image and edited the install.wim in NTLite. Result is: The whole iso image just increased by 400MB.
    So I think it has something to do with Toolkit 10.8
     
  3. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    6,414
    15,627
    210
    The uncompressed size of DirectX 9.0c is around 274 MB and Visual C++ is around 168 MB

    The Toolkit uses the standard latest DISM to service the image and that includes exporting, you can check if the rebuild has done properly or not by opening the wim image with 7-zip and if you see any [DELETE] folder then the rebuild is not done.

    I don't know whether the NTLite uses DISM API or the WimLib-ImageX API to optimize the final image and did you choose any image cleanup in it to reduce the size.

    Just now finished creating a W10 19042.661 Pro image using standard DISM commands and the final size after rebuilding is 5.0.9 GB

    The Dart pack takes up some space since it contains debug symbols folder.


     
  4. 0x723465

    0x723465 MDL Novice

    Mar 16, 2015
    10
    1
    0
    Since I deleted the increased image, I'll do it again to see if there went something wrong.
    I'm not worried about the DaRT pack, only integrated it to the boot image.

    Will see what happens in about an hour.
     
  5. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,293
    627
    60
    Has anyone done the following yet?

    Step 1: Build an image with Defender removed and install.
    Step 2: Merge a reg file that adds and then disables all Defender components + sets all policy restrictions on Defender.
    Step 3: Set permission on all of these keys to deny modification.
    Step 4: Attempt to install a CU.

    If I get some free time I might try this out. Probably a 1/3 chance of this actually working, 1/3 chance of this breaking updates and 1/3 chance of windows simply running your changes over and installing Defender anyway,
     
  6. 0x723465

    0x723465 MDL Novice

    Mar 16, 2015
    10
    1
    0
    #17408 0x723465, Nov 15, 2020
    Last edited: Nov 15, 2020
    In the case of the screenshot I didn't do a complete rebuild/recompress after building the image.
    I did it before in another try on 10.8 and the size decreased to 5,52GB, which is still 1,5GB more than the image was before editing.
    Also rebuilding in NTLite didn't change that.

    Will try that command now on my virtual building machine.

    Edit:
    That command shows me an error.

    Error: 5
    Access is denied.

    And the dism error log says:
    -> Fail to flush file buffers

    Happens also when I use the dism binary included in toolkit and also when I use a different image
    (the new 2009_19042_630). Was reading that this can happen because of an Antivirus but on that
    virtual machine I don't even have Defender installed (removed it from the image before installing).
     
  7. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    6,414
    15,627
    210
    You need to run it in a Command Prompt with Administrator Privilege.

     
  8. AkarshM

    AkarshM MDL Novice

    Oct 21, 2020
    15
    7
    0
    Will this bug be fixed in the next version?
     
  9. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    6,414
    15,627
    210
    Yes I have fixed it in the next version to provide choice for selecting the index.

    Updating some packs, will be releasing it when it's finished.

     
  10. inTerActionVRI

    inTerActionVRI MDL Expert

    Sep 23, 2009
    1,770
    3,601
    60
    @MSMG, I found some more typo and possibilities to reduce some lines. PMs
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. 0x723465

    0x723465 MDL Novice

    Mar 16, 2015
    10
    1
    0
    I did, even tried it with elevated rights using NSudo.
     
  12. BT 1

    BT 1 MDL Junior Member

    Feb 16, 2017
    82
    18
    0
    Regarding bugs, i tried to use the latest Toolkit on the latest Windows ISO but i could not remove many things due to "bugs" as a message said. When will all these bugs be handled, next version?
     
  13. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,293
    627
    60
    I spent some time playing around with removing Defender and making it stick.

    I did 2 experiments but this was the starting point for both:

    Create a new image with Defender removed and installed without connecting to the internet after install.
    Create folders associated with Defender and setting deny all for all users.
    Create keys associated with Defender, set policy restrictions and services disabled and then again denied permissions to these keys.

    Experiment 1: upgrade to next build via in-place upgrade.
    Experiment 2: installs updates individually downloaded from COU.

    The first experiment obliterated everything I had set up.
    The second experiment resulted in Defender installed into the folders (even though the permissions were unchanged) and Defender is only partially working. Its there but it is crippled. I get a tray icon but I can change settings or scan.


    For the time being it looks like the only way to do this is probably to build a new image every time you want to upgrade and remove defender again from that image (as well as your other modifications) and do an in-place upgrade. Other than that, you are getting defender again.
     
  14. Yanta

    Yanta MDL Senior Member

    May 21, 2017
    491
    284
    10
    Sounds like a lot of work. I have 10 PCs... I couldn't imagine doing that every month :)

    But I don't think a solution will ever be found regarding components being restored. It's been 18 months. If a solution was coming I suspect someone would have found it by now.

    For me, staying on 1809 LTSC works. There's nothing in later versions anyway that make upgrading compelling in any way.
     
  15. nosirrahx

    nosirrahx MDL Expert

    Nov 7, 2017
    1,293
    627
    60
    For me its only Defender. The components I choose to remove stay gone for good. The only minor irritation is that some of them recreate new folders and files but they are "dead" and do not run or create annoying shortcuts all over my start menu.

    For a time I did the "make a new image without Defender and upgrade" method and it does gets old. I have not done this once in 2020.
     
  16. Ace2

    Ace2 MDL Guru

    Oct 10, 2014
    2,206
    1,909
    90
    #17420 Ace2, Nov 16, 2020
    Last edited: Nov 16, 2020
    1.
    google and download Defender Control v1.6

    2.
    Disable defender then restart Pc.

    3.
    Use Windows-Defender-Online.cmd [Run .cmd using PowerRun.exe or NSudo.exe]

    Code:
    @Echo Off
    
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Nis-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f
    
    Pause
    
    dism /online /remove-package /packagename:Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.19041.1
    dism /online /remove-package /packagename:Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1
    dism /online /remove-package /packagename:Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~~10.0.19041.1
    dism /online /remove-package /packagename:Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1
    dism /online /remove-package /packagename:Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1
    dism /online /remove-package /packagename:Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.19041.1
    
    Pause
    
    dism /online /cleanup-image /startcomponentcleanup
    
    Pause
    
    dism /online /cleanup-image /startcomponentcleanup /resetbase
    
    Pause
    
    dism /online /cleanup-image /restorehealth
    
    Pause
    
    sfc /scannow
    
    Pause
    NOTES:
    This is for Windows 10.0.19041.1, change the version in Windows-Defender-Online.cmd to the version of Windows 10 you are running.;)

    Use a cmd like this,
    Code:
    dir /b %windir%\servicing\packages\*.mum > c:\packages.txt
    to write versions to C::\packages.txt, read C::\packages.txt, for Windows defender version information.;)