@MSMG I see that when the System (19042.844) connects to the internet, automatically the key below is removed. Code: [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 And the key below Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000 Change automatically to Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000001
Yes have specified the changes in the chnagelog.txt The new component names are System Apps ========== WindowsStoreClient - Windows Store Back-end Client XboxClient - Xbox Console Companion (Xbox App) Back-end Client Windows Apps =========== ServicesStoreEngagement - Services Store Engagement | Depends on WindowsStoreApp StorePurchaseApp - Store Purchase App | Depends on WindowsStoreApp WindowsStoreApp - Windows Store Front-end App | Depends on WindowsStoreClient, XboxIdentityProvider XboxApp - Xbox Console Companion (Xbox App) Front-end App | Depends on XboxClient I'm doing my best to add new components for removal, it will be added when possible.
The DisableAntiSpyware value gets deleted when TamperProtection is on, Try disabling it offline before connecting to net. or there might be new settings added in latest CU and needs to be found out. Code: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000
@MSMG I disabled TamperProtection offline with MSMG Toolkit..!! [4] Customize => [7] Import Custom Registry Setting from Registry File Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000
@MSMG The regkey below Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] Now it have the value DWORD Code: TamperProtectionSource
Ok try disabling these services Code: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sense] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend] "Start"=dword:00000004 or Code: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sense] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsSecFlt] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SecurityHealthService] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sense] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdBoot] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdFilter] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdNisDrv] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WdNisSvc] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend] "Start"=dword:00000004 Also the TamperProtection value has more values TamperProtection Off = 0 – applies to Windows Home & Pro TamperProtection On = 1 – applies to Windows Home & Pro TamperProtection disabled = 2 – applies to Windows Enterprise & Education
@MSMG By my tests (19042.844 - Pro) to disable or enable Tamper Protection now the regkeys and values are: DISABLE Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000000 "TamperProtectionSource"=dword:00000002 ENABLE Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] "TamperProtection"=dword:00000001 "TamperProtectionSource"=dword:00000005 ==================================================================== To disable Windows Defender the regkeys and values are: Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001 "DisableAntiVirus"=dword:00000001
Thanks but same issue. After a while, the regkey below is removed. Code: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=dword:00000001
Pl restart your machine after executing the script & you will see theres no any defender icon present on taskbar as well system settings security will say no any security software present on your OS . yopu can then install any thrid party av or total security software on your os.
@mdl052020 MSMG Toolkit removes Windows Defender very well and there is no trace or icon on the system
Updated the Toolkit to v11.3 Spoiler: Change-log v11.3 + Updated the ToolKit to support Windows 10 21H1 (v10.0.19043) Source OS. + Updated the Microsoft Windows PowerShell 7 Pack (Windows 10) for MSMG ToolKit with PowerShell 7.1.2 Runtime. + Updated the Microsoft .NET 5 Pack (Windows 10) for MSMG ToolKit with Microsoft .NET 5.0.3 Runtime. + Fixed a bug in the Feature "Integrate Microsoft Default Inbox Apps" where the Google's VP9 Extension App was not integrated. + Updated the Feature "Integrate WHD Updates" to Integrate Windows 10 21H1 (v10.0.19043) Enablement update package. + Updated the Feature "Remove Windows Component" - Split Windows Store back-end, Services Store Engagement and Store Purchase App from Windows Store App component. + Updated the Feature "Remove Windows Component" - Split Xbox back-end from Xbox App component. + Updated the Feature "Remove Windows Component" with revised component dependency settings. + Updated the Feature "Remove Windows Component" to support Windows 10 Client v1809 (v10.0.17763.1757) Source OS. + Updated the Feature "Remove Windows Component" to support Windows 10 Client v1903/v1909 (v10.0.18362.1379/v10.0.18363.1379) Source OS. + Updated the Feature "Remove Windows Component" to support Windows 10 Client v2004/v20H2 (v10.0.19041.804/v10.0.19042.804) Source OS. + Optimized the ToolKit code (Thanks to MDL Member : RaiyvaN). Will add the Microsoft .NET 5 Pack (Windows 7/8.1) later when it's finished.
@MSMG, if I remember correctly, you created a toolkit for creating bootable ISO's from extracted files and folders. If it's so could you please share it with me, I looked around but unable to find it. Thanks.