search

W4RH4WK / Debloat-Windows-10

A Collection of Scripts Which Disable / Remove Windows 10 Features and Apps
Other
6.1k stars 843 forks source link

Defender disable script not working in Windows 11 #296

Open TechieAndroid opened 3 years ago

TechieAndroid commented 3 years ago

This is what happens in my Powershell admin terminal:

PS C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts> ./disable-windows-defender.ps1
Elevating priviledges for this process
Trying to disable scheduled task Windows Defender Cache Maintenance

TaskPath                                       TaskName                          State
--------                                       --------                          -----
\Microsoft\Windows\Windows Defender\           Windows Defender Cache Mainten... Disabled
Trying to disable scheduled task Windows Defender Cleanup
\Microsoft\Windows\Windows Defender\           Windows Defender Cleanup          Disabled
Trying to disable scheduled task Windows Defender Scheduled Scan
\Microsoft\Windows\Windows Defender\           Windows Defender Scheduled Scan   Disabled
Trying to disable scheduled task Windows Defender Verification
\Microsoft\Windows\Windows Defender\           Windows Defender Verification     Disabled
Disabling Windows Defender via Group Policies
Disabling Windows Defender Services
Exception calling "SetAccessControl" with "1" argument(s): "Attempted to perform an unauthorized operation."
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\lib\take-own.psm1:26 char:5
+     $key.SetAccessControl($acl)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : UnauthorizedAccessException

Exception calling "SetAccessControl" with "1" argument(s): "Attempted to perform an unauthorized operation."
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\lib\take-own.psm1:32 char:5
+     $key.SetAccessControl($acl)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : UnauthorizedAccessException

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:37 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (Start:String) [Set-ItemProperty], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:38 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (AutorunsDisabled:String) [Set-ItemProperty], UnauthorizedAccessExcept
   ion
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:39 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WdNis ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (Start:String) [Set-ItemProperty], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:40 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WdNis ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (AutorunsDisabled:String) [Set-ItemProperty], UnauthorizedAccessExcept
   ion
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Removing Windows Defender context menu item
Removing Windows Defender GUI / tray from autorun
W4RH4WK commented 3 years ago

Windows 11 is not supported.

TechieAndroid commented 3 years ago

Windows 11 is not supported.

Oh okay I wasn't aware that it was version dependant. Just out of curiosity, what makes Windows 11 specifically incompatible?

W4RH4WK commented 3 years ago

It's not that Windows 11 is completely incompatible. It's just that I've not tested any of the scripts on Windows 11 and currently lack the time and motivation to debug and fix issues.

They might just work for the most part, or they might not. Personally, I'll stick with Windows 10 for a while, and will probably switch back to Linux when I put together a new rig.

TechieAndroid commented 3 years ago

It's not that Windows 11 is completely incompatible. It's just that I've not tested any of the scripts on Windows 11 and currently lack the time and motivation to debug and fix issues.

They might just work for the most part, or they might not. Personally, I'll stick with Windows 10 for a while, and will probably switch back to Linux when I put together a new rig.

I understand. Yeah I mostly use Linux myself but my job required me to get back into using Windows regularly, so I have been digging into the internals and trying to find ways to lessen the memory usage in it.

I tried disabling defender throu group policy and the registry but neither worked, it keeps coming back. My final resort was going to be wiping the program files for defender from windows. I've done it before but I never much cared for destructive methods.

W4RH4WK commented 3 years ago

I tried disabling defender throu group policy and the registry but neither worked, it keeps coming back. My final resort was going to be wiping the program files for defender from windows. I've done it before but I never much cared for destructive methods.

Disabling Defender's real-time protection via group policies and disabling Scheduled Tasks was enough for me such that it doesn't cause any issues. Ripping out Defender completely causes issues with other components like the Windows Store.

TechieAndroid commented 3 years ago

I tried disabling defender throu group policy and the registry but neither worked, it keeps coming back. My final resort was going to be wiping the program files for defender from windows. I've done it before but I never much cared for destructive methods.

Disabling Defender's real-time protection via group policies and disabling Scheduled Tasks was enough for me such that it doesn't cause any issues. Ripping out Defender completely causes issues with other components like the Windows Store.

Does the anti-malware service still run for you? That's what I was trying to disable.

W4RH4WK commented 3 years ago

No, I think disabling the Scheduled Task took care of that. image

kokotas89 commented 2 years ago

Untitled

No, I think disabling the Scheduled Task took care of that. !

Hello W4RHAWK! I have been following your advice to disable Defender on a fresh win10 installation via group-policy for a few months, but it seems something re-enables the tasks every month or so and a quick is scan is performed regardless.

The only policy I enabled was "Turn-off real time protection". Have you noticed anything of the sort or have any insights on what could be resetting the tasks?

TIA

Edit: Maybe forced catch-up scans are the culprit here? I will try disabling them but I still don't see why this would set the status of the schedules scans back to Enabled.