[Solved]Build 14251 and removing contana defender...

Discussion in 'Windows 10' started by LiteOS, Jan 30, 2016.

  1. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #1 LiteOS, Jan 30, 2016
    Last edited: Feb 1, 2016
    (Q)Build 14251 and removing contana defender...

    ms change the component store so after the package "removed"
    it reinstall it back

    i saw windows modder that did success to lite it

    someone trying to bypass this defense mechanism?

    my suspicion is on pending xml in winsxs dir
    altered to install back the packages
     
  2. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #2 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    Not an answer for these days? I am eager to learn too.

    Since 11102, there are many packages that will be brought back automatically after being removed.

    Well, here is my best to Windows Defender:

    1. Delete these Service keys from registry

    WdBoot
    WdFilter
    WdNisDrv
    WdNisSvc
    WinDefend

    2. Delete these content from the registry key

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM]
    "Autorecover MOFs"

    %ProgramFiles%\windows defender\protectionmanagement.mof
    %ProgramFiles%\windows defender\clientwmiinstall.mof
    %ProgramFiles%\windows defender\ammonitoringinstall.mof
    %ProgramFiles%\windows defender\amstatusinstall.mof
    %ProgramFiles%\windows defender\xx-xx\protectionmanagement.mfl

    3. Delete Windows Defender folder from C:\Program Files (and C:\Program Files (x86))

    4. Remove these packages

    Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-AppLayer-Group-WOW64-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-AppLayer-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Client-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-Client-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Client-WOW64-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-Client-WOW64-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-CloudClean-Group-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-Core-Group-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Core-Group-WOW64-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-Core-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-Group-Policy-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~xx-XX~10.0.14251.1000
    Windows-Defender-Management-Group-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~amd64~~10.0.14251.1000
    Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~amd64~~10.0.14251.1000

    5. Reboot or Install

    I hope it is merely a bug at the moment.
     
  3. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #3 LiteOS, Feb 1, 2016
    Last edited: Feb 1, 2016
    (OP)
    If it will be also removed from winsxs it wont recover

    btw is this build worth our time ?


    edit:

    did u tried to remove only
    "Autorecover MOFs"

    and then remove the packages ?
     
  4. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #4 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    The problem is, after my repeated experiments, everything remains. That is why I HOPE it a bug.

    OneDrive too.

    Edit: No. I will try again.
     
  5. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    can u run dism cleanup with resetbase

    if its remove the files from winsxs then its done

    i tried to run it but there error
     
  6. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #6 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    OK. I will do it now.

    Oh, no. I am doing it with clean APPLIED image. /resetbase would not be allowed for PENDING processes.

    I am going to reboot now. See you.
     
  7. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #7 LiteOS, Feb 1, 2016
    Last edited: Feb 1, 2016
    (OP)
    I successed to uninstall cortana
    just need to run resetbase

    removing defender break dism resetbase

    Im trying sfc scannow
     
  8. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #8 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    It would not work at all.

    To disable/delete Defender Service is as good as Group Policy Disabled, but NOT removal.

    As for Cortana, to me, it is OK to remove without any trick.

    Anyway, to me, the only way to successfully remove 11102/11103/14251 Windows Defender packages is:

    1. Manually remove Windows Defender installed folders
    2. Manually Remove Defender-related registry keys
    3. Manually Remove Defender-related WinSxS folders and files
    4. Manually Remove Defender-related TaskScheduler
     
  9. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #9 LiteOS, Feb 1, 2016
    Last edited: Feb 1, 2016
    (OP)
    I did something else
    i remove it with package removal
    remove dirs from winsxs
    cos there was 2 files that's wont delete
    i delete them from recovery

    did the restart and now its not reinstall it back

    another time lets test

    deny the permission to the folders
    reboot and then reset the permission run resetbase
    that might clean it nicely and wont break the resetbase


    edit:

    removing again the packages fix the dism resetbase :)
     
  10. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #10 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    Yes, you are doing what I am talking about: Remove it MANUALLY.

    But why since 11102?

    Edit: deny the permission? I do not think so.

    OK. Here is another thing I found about Microsoft-Client-Features-Classic-Package:

    1. speechpal.dll
    2. 6 pictures of lock screen
     
  11. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #11 LiteOS, Feb 1, 2016
    Last edited: Feb 1, 2016
    (OP)
    Probably new policy of each Windows needs AV :rolleyes: / spy



    speechpal ? is it new feature?

    deny the permission - why not ?
     
  12. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #12 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    No. It is, I think, about Speech of Cortana.

    But why MS put Lock Screen background pictures (C:\Windows\Web\Screen) together with Speech?
     
  13. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #13 LiteOS, Feb 1, 2016
    Last edited: Feb 1, 2016
    (OP)
    they change it package or cortanapal still exist

    yea that's weird
     
  14. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #14 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    Off-topic:

    Madonna Louise Ciccone is surprisingly here in Taiwan now by her private aircraft.

    Oh, I forgot about NTlite. I will test it now or then.
     
  15. Prosto

    Prosto MDL Addicted

    Mar 18, 2015
    769
    307
    30
    :D:D:D
    specifically, MS made changes in build 14251 so that they could not clean installation, so errors occur when removing components.
     
  16. xinso

    xinso MDL Guru

    Mar 5, 2009
    4,242
    5,507
    150
    #16 xinso, Feb 1, 2016
    Last edited: Feb 1, 2016
    Oh, I have never known about it, because I have always been testing them by dism applying the image to other partition.

    But how? So I wondered if the image was the same?

    OK. I will try to install from DVD/USB some other time. Thanks.
     
  17. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    enterprise doesnt have problem when clean installation
     
  18. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    2,731
    435
    90
    why remove this services...their install for a reason use them...if u dont use them, just leave it alone. is better than blowing up later;)
     
  19. thorin0815

    thorin0815 MDL Senior Member

    Jul 16, 2015
    439
    293
    10
    Because we probably don't use them, but Microsoft still does if they stay in the system. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,448
    571
    60
    #20 LiteOS, Feb 2, 2016
    Last edited: Feb 2, 2016
    (OP)
    Ms making small observation between client to server, there a group that want their client OS like server.

    they forcing their POV to our believes