Then I proceeded to check the keys for each parameter.įirst on the list is the “Real-Time protection”, modifying the key HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring We get a first idea of the configuration location, most interesting keys seems to be under HKLM\SOFTWARE\Microsoft\Windows Defender. I looked for registry access with “Defender” in the path, and this is the result: Procmon, from SysInternals, is a very convenient tool for this kind of research. TL DR : the final script can be found here : Registry configurationįirst, I took some time to look at the registry configuration, where are the parameters located, and how/when the values were changed. ![]() I would also add that some alternative working solutions have been added in the comments of this article (many thanks to their writers !) : it’s definitly worth checking. The “general public” might find another, easier to use solution that suit their need better. I made it as a malware analyst, for my usage, and decided to share it to help others. It aims at disabeling permanently windows defender, even removing its files if you chose to. This script is not intended as a “stop/start” solution. ![]() It finally bothered me enough to take an actual look at how to disable it permanently and reliably, in a fully automated way (a PowerShell script), on my Windows 10 20H2 (build 19042). ![]() Once again, after a Windows update, Windows Defender activated itself again.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |