MSMG ToolKit

Discussion in 'MDL Projects and Applications' started by MSMG, Nov 21, 2013.

  1. zero cool root

    zero cool root MDL Senior Member

    Jun 17, 2011
    274
    68
    10
    #18521 zero cool root, Feb 20, 2021
    Last edited: Feb 20, 2021
    @MSMG

    I see that when the System (19042.844) connects to the internet, automatically the key below is removed.

    Code:
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    

    And the key below

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000000
    
    Change automatically to

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000001
    
     
  2. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    5,139
    10,764
    180
    Yes have specified the changes in the chnagelog.txt

    The new component names are

    System Apps
    ==========

    WindowsStoreClient - Windows Store Back-end Client
    XboxClient - Xbox Console Companion (Xbox App) Back-end Client

    Windows Apps
    ===========

    ServicesStoreEngagement - Services Store Engagement | Depends on WindowsStoreApp
    StorePurchaseApp - Store Purchase App | Depends on WindowsStoreApp
    WindowsStoreApp - Windows Store Front-end App | Depends on WindowsStoreClient, XboxIdentityProvider
    XboxApp - Xbox Console Companion (Xbox App) Front-end App | Depends on XboxClient


    I'm doing my best to add new components for removal, it will be added when possible.

     
  3. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    5,139
    10,764
    180
    The DisableAntiSpyware value gets deleted when TamperProtection is on, Try disabling it offline before connecting to net.

    or there might be new settings added in latest CU and needs to be found out.

    Code:
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000000
    
     
  4. zero cool root

    zero cool root MDL Senior Member

    Jun 17, 2011
    274
    68
    10
    @MSMG

    I disabled TamperProtection offline with MSMG Toolkit..!!

    [4] Customize => [7] Import Custom Registry Setting from Registry File

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000000
    
     
  5. zero cool root

    zero cool root MDL Senior Member

    Jun 17, 2011
    274
    68
    10
    @MSMG

    The regkey below

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    
    Now it have the value DWORD

    Code:
    TamperProtectionSource
    
     
  6. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    5,139
    10,764
    180
    Ok try disabling these services

    Code:
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sense]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
    "Start"=dword:00000004
    
    or

    Code:
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sense]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsSecFlt]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SecurityHealthService]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sense]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdBoot]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdFilter]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdNisDrv]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdNisSvc]
    "Start"=dword:00000004
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
    "Start"=dword:00000004
    
    Also the TamperProtection value has more values

    TamperProtection Off = 0 – applies to Windows Home & Pro
    TamperProtection On = 1 – applies to Windows Home & Pro
    TamperProtection disabled = 2 – applies to Windows Enterprise & Education


     
  7. zero cool root

    zero cool root MDL Senior Member

    Jun 17, 2011
    274
    68
    10
    #18527 zero cool root, Feb 20, 2021
    Last edited: Feb 20, 2021
    @MSMG

    By my tests (19042.844 - Pro) to disable or enable Tamper Protection now the regkeys and values are:

    DISABLE
    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000000
    "TamperProtectionSource"=dword:00000002
    
    ENABLE
    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
    "TamperProtection"=dword:00000001
    "TamperProtectionSource"=dword:00000005
    
    ====================================================================

    To disable Windows Defender the regkeys and values are:

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000001
    "DisableAntiVirus"=dword:00000001
    
     
  8. zero cool root

    zero cool root MDL Senior Member

    Jun 17, 2011
    274
    68
    10
  9. mdl052020

    mdl052020 MDL Senior Member

    May 31, 2020
    457
    474
    10
    Pl restart your machine after executing the script & you will see theres no any defender icon present on taskbar as well system settings security will say no any security software present on your OS . yopu can then install any thrid party av or total security software on your os.
     
  10. Tiger-1

    Tiger-1 MDL Guru

    Oct 18, 2014
    5,762
    6,951
    180
    @mdl052020 MSMG Toolkit removes Windows Defender very well and there is no trace or icon on the system :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. mdl052020

    mdl052020 MDL Senior Member

    May 31, 2020
    457
    474
    10
    yes brother i totaly agree with you :)
     
  12. kandido

    kandido MDL Novice

    Jun 14, 2015
    49
    23
    0
    Thank You so much, Sir
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. MSMG

    MSMG MDL Developer

    Jul 15, 2011
    5,139
    10,764
    180
    Updated the Toolkit to v11.3

    v11.3
    + Updated the ToolKit to support Windows 10 21H1 (v10.0.19043) Source OS.
    + Updated the Microsoft Windows PowerShell 7 Pack (Windows 10) for MSMG ToolKit with PowerShell 7.1.2 Runtime.
    + Updated the Microsoft .NET 5 Pack (Windows 10) for MSMG ToolKit with Microsoft .NET 5.0.3 Runtime.
    + Fixed a bug in the Feature "Integrate Microsoft Default Inbox Apps" where the Google's VP9 Extension App was not integrated.
    + Updated the Feature "Integrate WHD Updates" to Integrate Windows 10 21H1 (v10.0.19043) Enablement update package.
    + Updated the Feature "Remove Windows Component" - Split Windows Store back-end, Services Store Engagement and Store Purchase App from Windows Store App component.
    + Updated the Feature "Remove Windows Component" - Split Xbox back-end from Xbox App component.
    + Updated the Feature "Remove Windows Component" with revised component dependency settings.
    + Updated the Feature "Remove Windows Component" to support Windows 10 Client v1809 (v10.0.17763.1757) Source OS.
    + Updated the Feature "Remove Windows Component" to support Windows 10 Client v1903/v1909 (v10.0.18362.1379/v10.0.18363.1379) Source OS.
    + Updated the Feature "Remove Windows Component" to support Windows 10 Client v2004/v20H2 (v10.0.19041.804/v10.0.19042.804) Source OS.
    + Optimized the ToolKit code (Thanks to MDL Member : RaiyvaN).


    Will add the Microsoft .NET 5 Pack (Windows 7/8.1) later when it's finished.
     
  14. tefor

    tefor MDL Member

    Apr 5, 2017
    241
    196
    10
    You are very kind MSMG , thank you so much

     
  15. ceo54

    ceo54 MDL Senior Member

    Aug 13, 2015
    363
    64
    10
    @MSMG, if I remember correctly, you created a toolkit for creating bootable ISO's from extracted files and folders. If it's so could you please share it with me, I looked around but unable to find it.

    Thanks.
     
  16. ultimate_live

    ultimate_live MDL Addicted

    Mar 15, 2011
    838
    639
    30
    Will try it with next version.

    What is the difference between the WHD folder and the Update folder?
     
  17. Feartamixg

    Feartamixg MDL Addicted

    May 15, 2016
    509
    337
    30