As i originally removed those autologger parts they cant be restored so it a be a full reinstall as i dont think a repair install would work. At least now in mrp 150 it no longer affect other features. Have fixed a few other glitches such as removing edge's shortcut on the desktop, cant prevent it being installed but that can be done via other tools not connected to mrp.
The project is at tc2 now, so it very close to rc. Hoping to have it completed by end of this month. Just my time is limited at moment due to other things going on.
MRP does nog shutdown Defender in Windows 11 22H2 .22621.1265. Maybe you can look at it for the next MRP version?
Seems defender has been hardened in latest w11 updates from what i have read up on it. On my 2nd pc that is on w11 22h2 defender is terminated it has never restarted or any updates appear for it. Will look into why it no longer staying disabled if i can for some.
Thank you very much. I tried the register tweak with usertweaks.cmd too in installation, but Defender is still on. I don't know why it is not working anymore.
M$ flexing its muscles i guess, "you will have defender!!" --- Not if i can find a way to prevent it. Will do my best to duck tape it, removing it may have to be a option, but i think it can only be really done on the install wim file so it gone before os installation if that the case then it have to be done with other tools and not with mrp.
Yes it is that Tamper Protection.... What i read about it: I have added new code to try and prevent WD running but i think to fully remove or disable Defender you will need to use other tools. MRP attempts to make Defender not operate by using multiple methods to jam it working, but as it seems that as M$ have hard coded Tamper Protection sadly this may soon be a waste of time. Will see what my new changes do and if they no longer work and TP returns etc then i will remove the option/code to disable defender in MRP on Windows 10/11 as it could be a pointless operation.
It still can be disabled, if you haven't installed the new updates via wmi services query using powershell / wmic + NSUDO or AVEYO run as TI it will not work using net\sc ... only with WMI queries Code: gwmi Win32_BaseService|where Name -Match 'WinDefend|Sense|WdBoot|WdFilter|WdNisSvc|WdNisDrv|wscsvc'|foreach {$_.StopService()} wmic path Win32_Service where(Name Like '%%%%WinDefend%%%%' OR Name Like '%%%%Sense%%%%' OR Name Like '%%%%WdBoot%%%%' OR Name Like '%%%%WdFilter%%%%' OR Name Like '%%%%WdNisSvc%%%%' OR Name Like '%%%%WdNisDrv%%%%' OR Name Like '%%%%wscsvc%%%%') call stopService
The changed routine seems to work and the tamper side not auto switch on. All defender bits are disabled via registry and other means like tasks etc, some options in the defender gui not switch or usable but defender is not in use on w11. The defender's gui may not show properly or at all but the thing should not be operational anyway.. You can check the registry to make sure. At least tamper is disabled and stays off. Or not use the MRP option to disable defender and use a 3rd party tool instead, the choice is yours, i can only do so much in the limitations of batch scripting. Need more testing, but that will have to wait until later after this exam.
The wmic method causes mrp to abort same with the pshell way, it maybe because it during early oobe stage ie when still setting up before any user name entered. As i have had things fail in that early stage before. I use another way to take permissions on the registry etc. As i mentioned i need to do more testing before i fully commit the code.
If ms really go to town by hard locking defender then the mrp option to disable it will be only for w8.x and below and the user will have to use other methods to disable it.
Have added more info about the Disable Defender option in the creator, it will tell you when you select(tick) the box in that MRP can no longer fully disable defender but it will block as much as possible such as scanning, updating etc. Tamper Protection is no longer easy to disable outside the Defender's GUI but as i block as much as possible with tasks and other Policy edits MRP does a good job of giving Defender a very big headache! So if you do use the option remember that the Defender GUI will probably no longer open and it may be best to leave the option alone and use a 3rd party tool to either remove or disable Defender in a better way - if that is possible. Recap: Using the Disable Defender MRP option will prevent Defender from scanning etc but it not fully disable it due to the hardcoding that M$ have added into the OS. For Windows 8.x the option will fully disable Defender. For Server's of any type the option is ignored.
Disable it after logon .. didn't have problems... But even during first install step .. you can do some registery manipulation I didn't have any problem with this
I pre-unlock the some registry locations before setup has completed but no action is done on them unless the options that those normally locked registry areas are needed. It does no harm, i just pre-set them to be usable by the user at a later time. Apart from this new TamperProtection key that the OS auto-locks regardless.
To be honest im fed up of m$ pissing about and give us users no choice in the matter. I will no longer do anything with defender further in mrp, the end user has a choice to use the option to block majority of its working or use other tools to disable or remove it. Im done with it. The MRP option for this pita will be left as is.
I have done a last addition to the mrp disable defender routine. Managed to actually stop it running, even if the tamperprotection is on or not defender is not running and cannot be started cetainly on my test of win11. Even after several reboots. The gui bit in settings not start up it just blank, services and tasks for it disabled too. Did a wu check, no defender definitions shown or downloaded. Hopefully managed to shaft defender Cant say it will be the same for others, but it a bit better than it was. Just dont ask for a revert script as it would not work as a lot is done to prevent it. Mrp 150 is at rc1, soon rc2 so no more will be done on that section.
MRP is at RC3 stage and tested ok, as rc2 i found a spelling mistake so corrected it. When i did a win 11 Pro test install of RC3, and before i rebooted for the first time since the desktop appeared, I had used the disable defender option, i went into Settings and opened Defender which the GUI shown in full as it needs a reboot for the option to fully set, i went into the top option it has and then manage settings or something and saw that real-time scanning was on (so turned that off) then a bit further down i turned off the Tamper Protection too, clicked dismiss on the little message at the side. Rebooted and checked registry the Tamper Protection is now off (0x4 value)... I then went to see if Defender opened, nope a blank window , as all services and tasks for it are disabled. I checked services.msc and it not running at all, the fire wall blocks added also prevent anything going out or in. Did a WU check just normal updates and drivers nothing about Defender. Rebooted several times as well after the updates installed and no defender at all... Please don't ask for a revert script if you later want to use defender as it way to complicated, not that any files/services etc are deleted but the amount of tweaks etc done would be too much for me. I did test RC2 in same way but not went into the defender gui i just rebooted, defender gui was inoperable as expected, registry check shown that tamper is still on (0x5 or 0x1) but that not matter as defender was nowhere to be seen. I did try the RunAsTI method to force set the Tamper registry but it caused MRP abort out because it not return control back to mrp from the calling script. MRP will NOT run as TI as it not required and can cause issues otherwise so it will never be run as TI same as SYSTEM it just upsets all the HKCU settings (Current or Main User). I don't think it is needed, but then the user can ignore the MRP method and just use another tool to control defender. If all goes to plan then MRP 150 will be ready for release tomorrow. Have added a new theme Viglen, that took me a few attempts to get to work. The wallpaper is a space themed one as i not able to find a Viglen suitable wallpaper. There are quite a few changes in MRP150 and sadly my notes went walk about, probably defender sneaked on my pc and ate them so the changelog will not show everything done, as i lost a few revert scripts as i fixed the issues i had and not make backups... No major panic as the most important thing is that the project works properly. Creator v54.0 is complete too ready for MRP150. It has a few more tool tips/msg boxes when using for example 'Disable Defender' and 'Disable CompaTelRunner' options to explain more about them. Other little bits done in the code too.
Have uploaded MRP v150.0 , 2nd post download link, password and hashes have been updated. Spoiler: MRP150 Summary Added new Brand theme: Viglen - can be selected in the Creator 54.0 or automatically if the device has the DMI entries {some Intel boards are Viglen type}. Updated information in the creator for the 'Disable CompatTelRunner' and 'Disable Defender' options so that they give more information on what they can/cant do. When using the Disable Defender option, as soon as the Desktop appears, go to settings > Privacy/Security > Open Defender navigate to the Manage Settings to turn off real-time scanning and Tamper Protection to make sure they are disabled before you reboot. Although it not matter because once the computer has been rebooted Defender has been disabled from scanning/updating etc. Also after a reboot cycle the Defender GUI will not open, it will just be a blank window. Note that no tasks/Services can restart it will be running. There will NOT be a revert script so choose wisely if you want to not use it. It may be best to leave this option unselected and use a 3rd party tool to either disable it or remove it from the Install.WIM file prior to deploying the OS. The MRP method does a good job of making sure it is not operative. Fixed an issue when using the block telemetry option in that before it prevented the Data Usage graph section in Settings from working. Due to the adjustments in the code you will now you will see the banner(s) in Settings App. Updated the 'Disable the 'Get more..' and Windows Experience notifications' option to make sure it stays quiet! Disable WU safeguards for Win10/11, this allows the OS to 'feature' upgrade to the next build that would normally of been blocked from running/installing due to some m$ reasons. Updated the prevent Edge from creating the Desktop shortcut, it may appear for a few seconds before being auto removed, however it may also leave a white icon on the Taskbar where the Edge Icon would of been on W11 installs. Sadly unable to delete this via a script because the taskbar works different on w11, so you will need to manually remove it from the taskbar. Plus many other code updates which has been done since the last release.