I promised myself I wouldn't do it again, only this time because you have a nice nick. Suppose just as an example, as the shortest path of explanation, you choose as a protected folder "C:\Windows". From "Allow an app through Controlled folder access" remove "cmd.exe" and "powershell.exe" if there are here, run script. And say which popup come out? Now you can experiment with all folders and each *.exe If you want to experiment with Windows Defender Sandbox, enable it, restart your PC, disable Controlled folder access and run script. With "disabled" WD attempt to download "eicar" test file, you will say what happens? I ended up here.
Typical reaction of 99.9% of users on this forum, and then you are surprised if I call you by your real name. He does not understand what is being said but promptly attacks the one who wants to help you understand the problem I see that you did not protect WD, recommended to turn on the WD Sandbox and then do the test. if you do not this any further discussion is without effect. I expect you to do it as I recommended.
I already enabled it, forgot to mention that. Just tested it again to make sure. "MsMpEngCP.exe" process was running which is a part of WD sandbox thing, Ran the script, it disabled WD, and that sandbox process was shutdown, downloaded eicar, tested other few apps which WD would have killed at first sight, nothing. All are working without interference.
If the WD sandbox is properly turned on, and you say that this script turns it off there is only one answer to your claim, you're lying !!!! I'll also explain why I can say it, you're lying. Because it is not possible to activate the WD sandbox without restarting the PC you also cannot deactivate it without resetting the PC. This script does not do this, you don't need to run it to find that out, enough to read it. So, you can freely change your name to "I'm stupid of the day" so that everyone can know in advance who they are dealing with.
Lol I know the process and restarted the system before applying the script. It's hilarious how you make claims even without testing the mentioned scripts, and calling liars others who have posted what they find after running it. Anyway I'm not interested in convincing you. Keep believing whatever you prefer. Have a good day.
When someone says such things, I expect them to be able to confirm how they are able to do it. The question is: how can you bypass the WD sandbox?
It's one thing to read about something - WD sandbox - and another to understand what it means for users - yes, it's great against attacks on WD itself (an actor with limited rights will first attack high-privileged processes such as the antivirus, and because of sandboxing won't gain much if exploiting it). It also enables and enforces more mitigations than by default, but due to the nature of sandboxing, scan performance suffers so it's not enabled by default even now, years later. Nobody here has talked about that because it does not matter - we're just showing that setting a registry policy completely neutralizes Defender, despite Tamper Protection or whatever. And setting that registry policy requires admin rights, so using a limited-rights account is the best protection. If on the other hand using an admin-rights account like 90%+ windows users do, and relying on UAC to protect you against unauthorized access - you're actually naked! Any malicious software masquerading as something useful can covertly gain admin rights and with it take over your system, and for example neutralizing/uninstalling Defender and then dl and installing anything. There are several AlwaysNotify-compatible UAC-bypasses in the wild now and have been for many years. Microsoft does not care, because 'UAC is not a security boundary' in their view. So, scared little doggy, how about you copy paste the script in a powershell window and see for yourself? Use a virtual machine with a clean installed windows 10 if you must. Until then, ignored.
Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm. So I advise everyone, use WD with sandbox enabled, in this way you superbly protect your operating system and your data. Only WD offers this, it's very simple for everyone; open CMD.exe as admin, paste this command to it, setx /M MP_FORCE_USE_SANDBOX 1, hint enter and restart your PC, to disable it, same procedure but change commant to, setx /M MP_FORCE_USE_SANDBOX 0, restart needed. that's all.
Could it be by "design" that Windows Defender can be disabled? When you install another Antivirus, Defender automatically gets disabled.
Remove Defender Permanently Script by Aveyo is not working in win10 2004 as i have checked it some days ago .