Slimdown10_v2.0.2 (continued)

• If you want to include defender-dism-x64.cab it doesnt get copied into the uup folder for W10UI to integrate it as the only cab which gets copied is "Windows10.0-KB5011048-%ImageArchitecture%.cab"
• If CreateIso is activated and the ISO is generated the next time you start Slimdown this ISO is used as source (maybe warn if 2 isos exist or write iso to subfolder "_Done")
• if no ISO exists (original script had a check and warning) and you choose index 1 nontheless all files in the root dir of Slimdown get deleted
• Authroot could also be updated regularly
• "net accounts /maxpwage:unlimited" gets written to setupcomplete.cmd twice
• "RD /S /Q %systemdrive%\SETUP\Files\" in Cleanup.cmd fails as %systemdrive% points to e.g "C:\". You should use "%SystemRoot%" instead.

For me disabling Sounds never really worked in the script.

Spoiler: Fix

After the line " for /f "tokens=1 delims=" %%b in ('reg query "%%a" 2^>nul ^| find /i "%%a\"') do ("

add

" reg add "%%b\.None" /f >nul"

If you want to have Defender active but also wannna switch it on/off constantly where Tamper Protection is interfering you could go the following route:

Spoiler: Defender On/Off User Based

Choose "2" in the initial settings and add the following block after "if %DisableDefender% EQU 0 goto skipDefenderRealTime" (copied from "Disable Completely")

Code:

Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f >nul
Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f >nul
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f >nul
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f >nul
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d "0" /f >nul
Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d 1 /f >nul
"%~dp0tools\%HostArchitecture%\NSudo.exe" -U:T -P:E -UseCurrentConsole -Wait Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "4" /f >nul
"%~dp0tools\%HostArchitecture%\NSudo.exe" -U:T -P:E -UseCurrentConsole -Wait Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t REG_DWORD /d "2" /f >nul
"%~dp0tools\%HostArchitecture%\NSudo.exe" -U:T -P:E -UseCurrentConsole -Wait Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Features" /v "SenseDevMode" /t REG_DWORD /d "0" /f >nul
"%~dp0tools\%HostArchitecture%\NSudo.exe" -U:T -P:E -UseCurrentConsole -Wait Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v "FirstAuGracePeriod" /t REG_DWORD /d "0" /f >nul
"%~dp0tools\%HostArchitecture%\NSudo.exe" -U:T -P:E -UseCurrentConsole -Wait Reg add "HKLM\TK_SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t REG_DWORD /d "1" /f >nul

and deactivate ("REM") the following line:

"Reg add "HKLM\TK_SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f >nul"

 

Will download again & do more testing.

 

You need to login to view this posts content.