Yes, after rebuilding the image, its size is at 5,52GB. Probelm is, the 5 indexes itself just increase by about 100MB per index (uncompressed size), the compressed boot.wim by 38MB but the final compressed image is 2,5GB bigger. Also did that with Toolkit 10.4 (same windows image, same settings) and there the image just increased by 370MB (from 3,75GB to 4,12GB) . I now added DaRT to the boot image and edited the install.wim in NTLite. Result is: The whole iso image just increased by 400MB. So I think it has something to do with Toolkit 10.8
The uncompressed size of DirectX 9.0c is around 274 MB and Visual C++ is around 168 MB The Toolkit uses the standard latest DISM to service the image and that includes exporting, you can check if the rebuild has done properly or not by opening the wim image with 7-zip and if you see any [DELETE] folder then the rebuild is not done. I don't know whether the NTLite uses DISM API or the WimLib-ImageX API to optimize the final image and did you choose any image cleanup in it to reduce the size. Just now finished creating a W10 19042.661 Pro image using standard DISM commands and the final size after rebuilding is 5.0.9 GB The Dart pack takes up some space since it contains debug symbols folder.
Since I deleted the increased image, I'll do it again to see if there went something wrong. I'm not worried about the DaRT pack, only integrated it to the boot image. Will see what happens in about an hour.
Has anyone done the following yet? Step 1: Build an image with Defender removed and install. Step 2: Merge a reg file that adds and then disables all Defender components + sets all policy restrictions on Defender. Step 3: Set permission on all of these keys to deny modification. Step 4: Attempt to install a CU. If I get some free time I might try this out. Probably a 1/3 chance of this actually working, 1/3 chance of this breaking updates and 1/3 chance of windows simply running your changes over and installing Defender anyway,
In the case of the screenshot I didn't do a complete rebuild/recompress after building the image. I did it before in another try on 10.8 and the size decreased to 5,52GB, which is still 1,5GB more than the image was before editing. Also rebuilding in NTLite didn't change that. Will try that command now on my virtual building machine. Edit: That command shows me an error. Error: 5 Access is denied. And the dism error log says: -> Fail to flush file buffers Happens also when I use the dism binary included in toolkit and also when I use a different image (the new 2009_19042_630). Was reading that this can happen because of an Antivirus but on that virtual machine I don't even have Defender installed (removed it from the image before installing).
Yes I have fixed it in the next version to provide choice for selecting the index. Updating some packs, will be releasing it when it's finished.
Regarding bugs, i tried to use the latest Toolkit on the latest Windows ISO but i could not remove many things due to "bugs" as a message said. When will all these bugs be handled, next version?
I spent some time playing around with removing Defender and making it stick. I did 2 experiments but this was the starting point for both: Create a new image with Defender removed and installed without connecting to the internet after install. Create folders associated with Defender and setting deny all for all users. Create keys associated with Defender, set policy restrictions and services disabled and then again denied permissions to these keys. Experiment 1: upgrade to next build via in-place upgrade. Experiment 2: installs updates individually downloaded from COU. The first experiment obliterated everything I had set up. The second experiment resulted in Defender installed into the folders (even though the permissions were unchanged) and Defender is only partially working. Its there but it is crippled. I get a tray icon but I can change settings or scan. For the time being it looks like the only way to do this is probably to build a new image every time you want to upgrade and remove defender again from that image (as well as your other modifications) and do an in-place upgrade. Other than that, you are getting defender again.
Sounds like a lot of work. I have 10 PCs... I couldn't imagine doing that every month But I don't think a solution will ever be found regarding components being restored. It's been 18 months. If a solution was coming I suspect someone would have found it by now. For me, staying on 1809 LTSC works. There's nothing in later versions anyway that make upgrading compelling in any way.
For me its only Defender. The components I choose to remove stay gone for good. The only minor irritation is that some of them recreate new folders and files but they are "dead" and do not run or create annoying shortcuts all over my start menu. For a time I did the "make a new image without Defender and upgrade" method and it does gets old. I have not done this once in 2020.
1. google and download Defender Control v1.6 2. Disable defender then restart Pc. 3. Use Windows-Defender-Online.cmd [Run .cmd using PowerRun.exe or NSudo.exe] Code: @Echo Off Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Windows-Defender-Nis-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1\Owners" /f Pause dism /online /remove-package /packagename:Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.19041.1 dism /online /remove-package /packagename:Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.1 dism /online /remove-package /packagename:Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~amd64~~10.0.19041.1 dism /online /remove-package /packagename:Windows-Defender-ApplicationGuard-Inbox-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1 dism /online /remove-package /packagename:Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1 dism /online /remove-package /packagename:Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.19041.1 Pause dism /online /cleanup-image /startcomponentcleanup Pause dism /online /cleanup-image /startcomponentcleanup /resetbase Pause dism /online /cleanup-image /restorehealth Pause sfc /scannow Pause NOTES: This is for Windows 10.0.19041.1, change the version in Windows-Defender-Online.cmd to the version of Windows 10 you are running. Use a cmd like this, Code: dir /b %windir%\servicing\packages\*.mum > c:\packages.txt to write versions to C::\packages.txt, read C::\packages.txt, for Windows defender version information.