Comments (9)
undergroundwires
commented on July 28, 2024
Great bug report @Cassandre60. A lot of useful information. I will do some research and adding disabling of these services.
I will also increase the aggressiveness by disabling and block execution of executables of this services.
These should help with this issue.
We have #170, but it's not as helpful and concrete as this report which gives me the technical details to be able to go further.
Please keep in mind that these changes will not be fast, so no timelines promised, but hopefully in next patch release.
I will share the code with you once its ready to test if they help with getting rid of these processes/services.
from privacy.sexy.
Cassandre60
commented on July 28, 2024
Thanks for the quick reply, no problems on the timeline, just appreciate the work you and your colleagues are doing.
from privacy.sexy.
Silver347
commented on July 28, 2024
You could also try "Defender Remover" by ionuttbara (https://github.com/ionuttbara/windows-defender-remover)
only make sure that you disable "Tamper Protection" and all realtime protection in Windows Defender before running it.
from privacy.sexy.
Cassandre60
commented on July 28, 2024
My defender is maybe disabled by like 95%, so I'm afraid to mess things up now, since I'm a normal user.
On my task manager smartscreen.exe, Windows Defender SmartScreen takes 0% CPU and around 1.5 MB of RAM and
MpDefenderCoreService.exe Antimalware Core Service takes 0% CPU and 5.5MB of RAM, so I'm pretty satisfied with what I have.
I'll consider your script on a new install, maybe. Btw, I'm on Windows 11 IoT Enterprise LTSC.
from privacy.sexy.
undergroundwires
commented on July 28, 2024
Hi,
This should successfully get rid of smartscreen.exe:
Apply script
@echo off
:: https://privacy.sexy — v0.13.5 — Fri, 12 Jul 2024 11:42:38 GMT
:: Ensure admin privileges
fltmc >nul 2>&1 || (
echo Administrator privileges are required.
PowerShell Start -Verb RunAs '%0' 2> nul || (
echo Right-click on the script and select "Run as administrator".
pause & exit 1
)
exit 0
)
:: Initialize environment
setlocal EnableExtensions DisableDelayedExpansion
:: ----------------------------------------------------------
:: Disable SmartScreen process (breaks Microsoft Store apps)-
:: ----------------------------------------------------------
echo --- Disable SmartScreen process (breaks Microsoft Store apps)
:: Check and terminate the running process "smartscreen.exe"
tasklist /fi "ImageName eq smartscreen.exe" /fo csv 2>NUL | find /i "smartscreen.exe">NUL && (
echo smartscreen.exe is running and will be killed.
taskkill /f /im smartscreen.exe
) || (
echo Skipping, smartscreen.exe is not running.
)
:: Configure termination of "smartscreen.exe" immediately upon its startup
PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe' /v 'Debugger' /t 'REG_SZ' /d '%WINDIR%\System32\taskkill.exe' /f"
:: Add a rule to prevent the executable "smartscreen.exe"" from running via File Explorer
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='smartscreen.exe'; try {; $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) {; $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) {; $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: `$executableFilename` is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) {; while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) {; $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) {; New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch {; Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
PowerShell -ExecutionPolicy Unrestricted -Command "try {; $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) {; Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) {; New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) {; Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch {; Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
:: ----------------------------------------------------------
:: Pause the script to view the final state
pause
:: Restore previous environment settings
endlocal
:: Exit the script successfully
exit /b 0Revert script (if you change your mind)
@echo off
:: https://privacy.sexy — v0.13.5 — Fri, 12 Jul 2024 11:42:38 GMT
:: Ensure admin privileges
fltmc >nul 2>&1 || (
echo Administrator privileges are required.
PowerShell Start -Verb RunAs '%0' 2> nul || (
echo Right-click on the script and select "Run as administrator".
pause & exit 1
)
exit 0
)
:: Initialize environment
setlocal EnableExtensions DisableDelayedExpansion
:: Disable SmartScreen process (breaks Microsoft Store apps) (revert)
echo --- Disable SmartScreen process (breaks Microsoft Store apps) (revert)
:: Remove configuration preventing "smartscreen.exe" from starting
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe' /v 'Debugger' /f 2>$null"
:: Remove the rule that prevents the executable "smartscreen.exe" from running via File Explorer
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='smartscreen.exe'; try {; $blockEntries = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun' -ErrorAction Ignore; if (-Not $blockEntries) {; Write-Output "^""Skipping, no action needed: No block rules exist, `"^""$executableFilename`"^"" is not blocked."^""; exit 0; }; $blockingRulesForExecutable = @(; $blockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; ); if (-Not $blockingRulesForExecutable) {; Write-Output "^""Skipping, no action needed: `"^""$executableFilename`"^"" is not currently blocked."^""; exit 0; }; foreach ($blockingRuleForExecutable in $blockingRulesForExecutable) {; $blockingRuleIndexForExecutable = $blockingRuleForExecutable.Name; Write-Output "^""Removing rule `"^""$blockingRuleIndexForExecutable`"^"" that blocks `"^""$executableFilename`"^""."^""; Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun' -Name "^""$blockingRuleIndexForExecutable"^"" -Force -ErrorAction Stop; Write-Output "^""Successfully revoked blocking of `$executableFilename` under rule `"^""$blockingRuleIndexForExecutable`"^""."^""; }; } catch {; Write-Error "^""Failed to revoke blocking of `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
:: Restore the File Explorer DisallowRun policy if no other blocks are active
PowerShell -ExecutionPolicy Unrestricted -Command "try {; $currentDisallowRunPolicyValue = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name 'DisallowRun' -ErrorAction Ignore | Select-Object -ExpandProperty 'DisallowRun'; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) {; Write-Output 'Skipping, no action needed: DisallowRun policy is not active.'; Exit 0; }; if ($currentDisallowRunPolicyValue -ne 1) {; Write-Output "^""Skipping, DisallowRun policy is not configured by privacy.sexy, unexpected value: `"^""$currentDisallowRunPolicyValue`"^""."^""; Exit 0; }; $remainingBlockingRules = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun' -ErrorAction Ignore; if ($remainingBlockingRules) {; Write-Output 'Skipping deactivating DisallowRun policy, there are still active rules.'; Exit 0; }; Write-Output 'No remaining rules, deleting DisallowRun policy.'; Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name 'DisallowRun' -Force -ErrorAction Stop; Write-Output 'Successfully restored DisallowRun policy.'; } catch {; Write-Error "^""Failed to restore DisallowRun policy: $_"^""; Exit 1; }"
:: ----------------------------------------------------------
:: Pause the script to view the final state
pause
:: Restore previous environment settings
endlocal
:: Exit the script successfully
exit /b 0Please test this and let me know if worked. It should persist against reboots. I will add it in next patch if you confirm it works.
from privacy.sexy.
Cassandre60
commented on July 28, 2024
I just applied the tool provided by @Silver347, and it removed all the residue, thanks for the suggestion nonetheless.
from privacy.sexy.
undergroundwires
commented on July 28, 2024
I'd be happy if anyone else who did not apply any other third party tool give feedback on this to move this issue and solution forward.
from privacy.sexy.
Silver347
commented on July 28, 2024
Hi @undergroundwires,thanks for the reply,excuse me for my poor language skills.
First of all I'd like to thank you sincerely for devoting your free time to create this awesome customizable script and I apologize for not really providing any scripted solution for the problem mentioned in the post but instead relying on someone elses project,
The truth is I have no coding skills and as far as I've seen this software (which I recommended) completely removes Windows Defender entirely...which is a problem since there is no way to revert any of this once it's applied.
This script also disables some security mitigations (which I believe are Spectre and Meltdown at the OS level,VBS,UAC) which is not ideal...and I shouldn't have honestly recommended it in the first place.
Most of (if not all of it) are registry tweaks inside the .exe file which can be unziped with any archiving tool such as (WinRAR,7-Zip etc.),which can be used to further improve the project...and again I apologize for not offering any proper solution.
from privacy.sexy.
undergroundwires
commented on July 28, 2024
More aggressive SmartScreen disabling will be released as part of next patch.
The code above should get rid of smartscreen.exe.
Using similar way, we can get rid of MpDefenderCoreService.exe, i.e., MDCoreSvc (Microsoft Defender Core Service).
It works according to my tests. I'd be happy if someone (running with latest updates) can this and verify that it works.
- Go to processes view, ensure "MpDefenderCoreService.exe | MDCoreSvc | Microsoft Defender Core Service" is running.
- Run the script.
- Restart the computer.
- Verify that it is no longer running.
Script to disable Microsoft Defender Core Service
@echo off
:: https://privacy.sexy — v0.13.5 — Wed, 24 Jul 2024 18:11:40 GMT
:: Ensure admin privileges
fltmc >nul 2>&1 || (
echo Administrator privileges are required.
PowerShell Start -Verb RunAs '%0' 2> nul || (
echo Right-click on the script and select "Run as administrator".
pause & exit 1
)
exit 0
)
:: Initialize environment
setlocal EnableExtensions DisableDelayedExpansion
:: ----------------------------------------------------------
:: --Disable Core Service process (`MpDefenderCoreService`)--
:: ----------------------------------------------------------
echo --- Disable Core Service process (`MpDefenderCoreService`)
:: Check and terminate the running process "MpDefenderCoreService.exe"
tasklist /fi "ImageName eq MpDefenderCoreService.exe" /fo csv 2>NUL | find /i "MpDefenderCoreService.exe">NUL && (
echo MpDefenderCoreService.exe is running and will be killed.
taskkill /f /im MpDefenderCoreService.exe
) || (
echo Skipping, MpDefenderCoreService.exe is not running.
)
:: Configure termination of "MpDefenderCoreService.exe" immediately upon its startup
PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDefenderCoreService.exe' /v 'Debugger' /t 'REG_SZ' /d '%WINDIR%\System32\taskkill.exe' /f"
:: Add a rule to prevent the executable "MpDefenderCoreService.exe"" from running via File Explorer
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpDefenderCoreService.exe'; try {; $registryPathForDisallowRun='HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun'; $existingBlockEntries = Get-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -ErrorAction Ignore; $nextFreeRuleIndex = 1; if ($existingBlockEntries) {; $existingBlockingRuleForExecutable = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; if ($existingBlockingRuleForExecutable) {; $existingBlockingRuleIndexForExecutable = $existingBlockingRuleForExecutable.Name; Write-Output "^""Skipping, no action needed: `$executableFilename` is already blocked under rule index `"^""$existingBlockingRuleIndexForExecutable`"^""."^""; exit 0; }; $occupiedRuleIndexes = $existingBlockEntries.PSObject.Properties | Where-Object { $_.Name -Match '^\d+$' } | Select -ExpandProperty Name; if ($occupiedRuleIndexes) {; while ($occupiedRuleIndexes -Contains $nextFreeRuleIndex) {; $nextFreeRuleIndex += 1; }; }; }; Write-Output "^""Adding block rule for `"^""$executableFilename`"^"" under rule index `"^""$nextFreeRuleIndex`"^""."^""; if (!(Test-Path $registryPathForDisallowRun)) {; New-Item -Path "^""$registryPathForDisallowRun"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$registryPathForDisallowRun"^"" -Name "^""$nextFreeRuleIndex"^"" -PropertyType String -Value "^""$executableFilename"^"" ` -ErrorAction Stop | Out-Null; Write-Output "^""Successfully blocked `"^""$executableFilename`"^"" with rule index `"^""$nextFreeRuleIndex`"^""."^""; } catch {; Write-Error "^""Failed to block `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
:: Activate the DisallowRun policy to block specified programs from running via File Explorer
PowerShell -ExecutionPolicy Unrestricted -Command "try {; $fileExplorerDisallowRunRegistryPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer'; $currentDisallowRunPolicyValue = Get-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -ErrorAction Ignore | Select -ExpandProperty DisallowRun; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) {; Write-Output "^""Creating DisallowRun policy at `"^""$fileExplorerDisallowRunRegistryPath`"^""."^""; if (!(Test-Path $fileExplorerDisallowRunRegistryPath)) {; New-Item -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Force -ErrorAction Stop | Out-Null; }; New-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -PropertyType DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; Exit 0; }; if ($currentDisallowRunPolicyValue -eq 1) {; Write-Output 'Skipping, no action needed: DisallowRun policy is already in place.'; Exit 0; }; Write-Output 'Updating DisallowRun policy from unexpected value `"^""$currentDisallowRunPolicyValue`"^"" to `"^""1`"^"".'; Set-ItemProperty -Path "^""$fileExplorerDisallowRunRegistryPath"^"" -Name 'DisallowRun' -Value 1 -Type DWORD -Force -ErrorAction Stop | Out-Null; Write-Output 'Successfully activated DisallowRun policy.'; } catch {; Write-Error "^""Failed to activate DisallowRun policy: $_"^""; Exit 1; }"
:: Suggest restarting computer for changes to take effect
PowerShell -ExecutionPolicy Unrestricted -Command "$osVersion = [System.Environment]::OSVersion.Version; function Test-IsWindows11 { ($osVersion.Major -gt 10) -or (($osVersion.Major -eq 10) -and ($osVersion.Build -ge 22000)) }; if (Test-IsWindows11) {; $ignoreWindows11 = $false; if ($ignoreWindows11) {; Exit 0 <# Skip #>; }; }; $osVersion = [System.Environment]::OSVersion.Version; function Test-IsWindows10 { ($osVersion.Major -eq 10) -and ($osVersion.Build -lt 22000) }; if (Test-IsWindows10) {; $ignoreWindows10 = $false; if ($ignoreWindows10) {; Exit 0 <# Skip #>; }; }; $message = 'For the changes to fully take effect, please restart your computer.'; $warn = $false; if ($warn) {; Write-Warning "^""$message"^""; } else {; Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
:: ----------------------------------------------------------
:: Pause the script to view the final state
pause
:: Restore previous environment settings
endlocal
:: Exit the script successfully
exit /b 0Revert: Restore (re-enable) Microsoft Defender Core Service
@echo off
:: https://privacy.sexy — v0.13.5 — Wed, 24 Jul 2024 18:11:40 GMT
:: Ensure admin privileges
fltmc >nul 2>&1 || (
echo Administrator privileges are required.
PowerShell Start -Verb RunAs '%0' 2> nul || (
echo Right-click on the script and select "Run as administrator".
pause & exit 1
)
exit 0
)
:: Initialize environment
setlocal EnableExtensions DisableDelayedExpansion
:: Disable Core Service process (`MpDefenderCoreService`) (revert)
echo --- Disable Core Service process (`MpDefenderCoreService`) (revert)
:: Remove configuration preventing "MpDefenderCoreService.exe" from starting
PowerShell -ExecutionPolicy Unrestricted -Command "reg delete 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpDefenderCoreService.exe' /v 'Debugger' /f 2>$null"
:: Remove the rule that prevents the executable "MpDefenderCoreService.exe" from running via File Explorer
PowerShell -ExecutionPolicy Unrestricted -Command "$executableFilename='MpDefenderCoreService.exe'; try {; $blockEntries = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun' -ErrorAction Ignore; if (-Not $blockEntries) {; Write-Output "^""Skipping, no action needed: No block rules exist, `"^""$executableFilename`"^"" is not blocked."^""; exit 0; }; $blockingRulesForExecutable = @(; $blockEntries.PSObject.Properties | Where-Object { $_.Value -eq $executableFilename }; ); if (-Not $blockingRulesForExecutable) {; Write-Output "^""Skipping, no action needed: `"^""$executableFilename`"^"" is not currently blocked."^""; exit 0; }; foreach ($blockingRuleForExecutable in $blockingRulesForExecutable) {; $blockingRuleIndexForExecutable = $blockingRuleForExecutable.Name; Write-Output "^""Removing rule `"^""$blockingRuleIndexForExecutable`"^"" that blocks `"^""$executableFilename`"^""."^""; Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun' -Name "^""$blockingRuleIndexForExecutable"^"" -Force -ErrorAction Stop; Write-Output "^""Successfully revoked blocking of `$executableFilename` under rule `"^""$blockingRuleIndexForExecutable`"^""."^""; }; } catch {; Write-Error "^""Failed to revoke blocking of `"^""$executableFilename`"^"": $_"^""; Exit 1; }"
:: Restore the File Explorer DisallowRun policy if no other blocks are active
PowerShell -ExecutionPolicy Unrestricted -Command "try {; $currentDisallowRunPolicyValue = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name 'DisallowRun' -ErrorAction Ignore | Select-Object -ExpandProperty 'DisallowRun'; if ([string]::IsNullOrEmpty($currentDisallowRunPolicyValue)) {; Write-Output 'Skipping, no action needed: DisallowRun policy is not active.'; Exit 0; }; if ($currentDisallowRunPolicyValue -ne 1) {; Write-Output "^""Skipping, DisallowRun policy is not configured by privacy.sexy, unexpected value: `"^""$currentDisallowRunPolicyValue`"^""."^""; Exit 0; }; $remainingBlockingRules = Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun' -ErrorAction Ignore; if ($remainingBlockingRules) {; Write-Output 'Skipping deactivating DisallowRun policy, there are still active rules.'; Exit 0; }; Write-Output 'No remaining rules, deleting DisallowRun policy.'; Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name 'DisallowRun' -Force -ErrorAction Stop; Write-Output 'Successfully restored DisallowRun policy.'; } catch {; Write-Error "^""Failed to restore DisallowRun policy: $_"^""; Exit 1; }"
:: Suggest restarting computer for changes to take effect
PowerShell -ExecutionPolicy Unrestricted -Command "$osVersion = [System.Environment]::OSVersion.Version; function Test-IsWindows11 { ($osVersion.Major -gt 10) -or (($osVersion.Major -eq 10) -and ($osVersion.Build -ge 22000)) }; if (Test-IsWindows11) {; $ignoreWindows11 = $false; if ($ignoreWindows11) {; Exit 0 <# Skip #>; }; }; $osVersion = [System.Environment]::OSVersion.Version; function Test-IsWindows10 { ($osVersion.Major -eq 10) -and ($osVersion.Build -lt 22000) }; if (Test-IsWindows10) {; $ignoreWindows10 = $false; if ($ignoreWindows10) {; Exit 0 <# Skip #>; }; }; $message = 'For the changes to fully take effect, please restart your computer.'; $warn = $false; if ($warn) {; Write-Warning "^""$message"^""; } else {; Write-Host "^""Note: "^"" -ForegroundColor Blue -NoNewLine; Write-Output "^""$message"^""; }"
:: ----------------------------------------------------------
:: Pause the script to view the final state
pause
:: Restore previous environment settings
endlocal
:: Exit the script successfully
exit /b 0Note:, According to my tests disabling this service through reg add "HKLM\System\CurrentControlSet\Services\MDCoreSvc" /v "Start" /t "REG_DWORD" /d "4" /f as administrator or TrustedInstaller does not working, resulting in permission error. The above method should work.
As next step I will look at: webthreatdefusersvc and WinDefend.
@Silver347, thank you for your such a nice comment. It's appreciated that you share knowledge, and it's expected for users to know what they're doing with third party tools.
from privacy.sexy.
Related Issues (20)
- 0.13.3 DMG on Mac only contains the ARM64 version HOT 2
- Hyper-V VM connection issues after running "Standard" HOT 5
- [BUG]: FYI : Disable "Windows Defender Firewall" service also break Windows Sandbox. HOT 4
- [BUG]: WhatsApp (UWP) not starting HOT 1
- desired state / parsing of generated scripts or separate config HOT 1
- How to switch the program language? HOT 2
- [Bug]: "Disable text and handwriting data collection" missing HOT 4
- [Feature]: Add "Progressive Web App (PWA)" support HOT 6
- [Bug]: Wi-Fi not working on startup, or after waking up PC from sleep HOT 9
- [Bug]: Explorer freeze after running Standard HOT 3
- [Bug / Help]: I can't actiavte windows with a key HOT 1
- [Bug]: Privacy over Security broke Windows Defender & My Computer HOT 1
- [Bug]: `ERROR: Invalid syntax. Type "REG ADD /?" for usage.` HOT 2
- [Bug]: Error when applying the `Disable Windows feedback collection` tweak HOT 1
- [Bug]: Cannot open this app: Your IT administrator has disabled Windows Security. Contact your IT help desk. HOT 5
- [Bug]: page cannot be displayed, contact IT for defender on win 11 HOT 3
- [Bug]: Script dosent block mobile.events.data.microsoft.com even when telemetry is turned off in GPO and added that hostname to hosts file
- [Bug]: Can't set a desktop wallapaper or lockscreen background HOT 7
- [Bug]: The Script is not getting executed correctly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from privacy.sexy.