i don't have that useless banner in settings in my windows 10, i don't even know how it gets removed, or if it was there from the start or not lol, it must be some tweak from one of many tweaking tools i used, but yeah it's so annoying especially for one who don't use onedrive nor microsoft account nor edge as default browser, in windows 11 seems they split that banner contents into system and account settings, i think somehow better
One of the bits i had added removed that banner, as from what i can see online you need something called vive or mach to disable it. So me being me thought i would get those tools and disable the banner. Neither worked! I was hoping to find what it disabled. My original code i removed just deleted autologger parts which got rid of that banner in settings but affected that usage feature. Seems the same case as most stuff in w10/11 that things are all intertwined with other bits and no way to separate it easy. Luckily the bits i removed is turned off by two registry/policy edits. So the code i had isnt required.
As i originally removed those autologger parts they cant be restored so it a be a full reinstall as i dont think a repair install would work. At least now in mrp 150 it no longer affect other features. Have fixed a few other glitches such as removing edge's shortcut on the desktop, cant prevent it being installed but that can be done via other tools not connected to mrp.
The project is at tc2 now, so it very close to rc. Hoping to have it completed by end of this month. Just my time is limited at moment due to other things going on.
MRP does nog shutdown Defender in Windows 11 22H2 .22621.1265. Maybe you can look at it for the next MRP version?
Seems defender has been hardened in latest w11 updates from what i have read up on it. On my 2nd pc that is on w11 22h2 defender is terminated it has never restarted or any updates appear for it. Will look into why it no longer staying disabled if i can for some.
Thank you very much. I tried the register tweak with usertweaks.cmd too in installation, but Defender is still on. I don't know why it is not working anymore.
M$ flexing its muscles i guess, "you will have defender!!" --- Not if i can find a way to prevent it. Will do my best to duck tape it, removing it may have to be a option, but i think it can only be really done on the install wim file so it gone before os installation if that the case then it have to be done with other tools and not with mrp.
Yes it is that Tamper Protection.... What i read about it: I have added new code to try and prevent WD running but i think to fully remove or disable Defender you will need to use other tools. MRP attempts to make Defender not operate by using multiple methods to jam it working, but as it seems that as M$ have hard coded Tamper Protection sadly this may soon be a waste of time. Will see what my new changes do and if they no longer work and TP returns etc then i will remove the option/code to disable defender in MRP on Windows 10/11 as it could be a pointless operation.
It still can be disabled, if you haven't installed the new updates via wmi services query using powershell / wmic + NSUDO or AVEYO run as TI it will not work using net\sc ... only with WMI queries Code: gwmi Win32_BaseService|where Name -Match 'WinDefend|Sense|WdBoot|WdFilter|WdNisSvc|WdNisDrv|wscsvc'|foreach {$_.StopService()} wmic path Win32_Service where(Name Like '%%%%WinDefend%%%%' OR Name Like '%%%%Sense%%%%' OR Name Like '%%%%WdBoot%%%%' OR Name Like '%%%%WdFilter%%%%' OR Name Like '%%%%WdNisSvc%%%%' OR Name Like '%%%%WdNisDrv%%%%' OR Name Like '%%%%wscsvc%%%%') call stopService
The changed routine seems to work and the tamper side not auto switch on. All defender bits are disabled via registry and other means like tasks etc, some options in the defender gui not switch or usable but defender is not in use on w11. The defender's gui may not show properly or at all but the thing should not be operational anyway.. You can check the registry to make sure. At least tamper is disabled and stays off. Or not use the MRP option to disable defender and use a 3rd party tool instead, the choice is yours, i can only do so much in the limitations of batch scripting. Need more testing, but that will have to wait until later after this exam.
The wmic method causes mrp to abort same with the pshell way, it maybe because it during early oobe stage ie when still setting up before any user name entered. As i have had things fail in that early stage before. I use another way to take permissions on the registry etc. As i mentioned i need to do more testing before i fully commit the code.
If ms really go to town by hard locking defender then the mrp option to disable it will be only for w8.x and below and the user will have to use other methods to disable it.
Have added more info about the Disable Defender option in the creator, it will tell you when you select(tick) the box in that MRP can no longer fully disable defender but it will block as much as possible such as scanning, updating etc. Tamper Protection is no longer easy to disable outside the Defender's GUI but as i block as much as possible with tasks and other Policy edits MRP does a good job of giving Defender a very big headache! So if you do use the option remember that the Defender GUI will probably no longer open and it may be best to leave the option alone and use a 3rd party tool to either remove or disable Defender in a better way - if that is possible. Recap: Using the Disable Defender MRP option will prevent Defender from scanning etc but it not fully disable it due to the hardcoding that M$ have added into the OS. For Windows 8.x the option will fully disable Defender. For Server's of any type the option is ignored.
Disable it after logon .. didn't have problems... But even during first install step .. you can do some registery manipulation I didn't have any problem with this
I pre-unlock the some registry locations before setup has completed but no action is done on them unless the options that those normally locked registry areas are needed. It does no harm, i just pre-set them to be usable by the user at a later time. Apart from this new TamperProtection key that the OS auto-locks regardless.
To be honest im fed up of m$ pissing about and give us users no choice in the matter. I will no longer do anything with defender further in mrp, the end user has a choice to use the option to block majority of its working or use other tools to disable or remove it. Im done with it. The MRP option for this pita will be left as is.
I have done a last addition to the mrp disable defender routine. Managed to actually stop it running, even if the tamperprotection is on or not defender is not running and cannot be started cetainly on my test of win11. Even after several reboots. The gui bit in settings not start up it just blank, services and tasks for it disabled too. Did a wu check, no defender definitions shown or downloaded. Hopefully managed to shaft defender Cant say it will be the same for others, but it a bit better than it was. Just dont ask for a revert script as it would not work as a lot is done to prevent it. Mrp 150 is at rc1, soon rc2 so no more will be done on that section.