ionuttbara / windows-defender-remover

A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.
Other
3.93k stars 271 forks source link

(Removal) Breaks Windows Sandbox #45

Closed Mnky313 closed 1 year ago

Mnky313 commented 1 year ago

After running the script (removal) Windows Sandbox no longer opens.

I believe it's related to the Container Manager Service not being able to start. It gives an error stating 'The system cannot find the path specified'

I'm assuming it is one of the packages that are uninstalled but I'm doing more testing (I have to do it outside of a VM in order to test windows sandbox).

ionuttbara commented 1 year ago

Thx for feedback.. I'll check.

Mnky313 commented 1 year ago

Update after some testing, one of the folders removed is 'C:\Windows\Containers' (in RemoveCommand.bat)

I believe this is causing Sandbox to stop working.

Just tested it after removing that folder from the list that is deleted and Sandbox is still working.

(though I was not able to copy the folder from another install to the one with Sandbox not working.

ionuttbara commented 1 year ago

The Content from C:\Windows\Containers is removing a wim file which is used by Windows Defender Offline Scan. So this is not affecting Sandbox. Maybe the way of disablation VBS is causing the problems. So i said, this will be investigated.

ionuttbara commented 1 year ago

Enable VBS (Virtualization Based Security) and reboot and see if this works.

ionuttbara commented 1 year ago

Its assume the innexistence of vid service. (Virtualization Infrastructure)

Mnky313 commented 1 year ago

Its assume the innexistence of vid service. (Virtualization Infrastructure)

Enable VBS (Virtualization Based Security) and reboot and see if this works.

I didn't get a chance to try these, but after reinstalling windows and only removing the part that deletes C:\Windows\Containers (along with the 3 reg entries to fix that other issue I had with network shares) Sandbox is working perfectly again.

Though interestingly the registry entry to disable VBS (HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity is set to 0) but VBS is still enabled somehow...

image

I wonder if enabling Windows Sandbox/HyperV re-enables this and ignore the registry key for some reason.

ad1tya2 commented 1 year ago

I think windows sandbox is a UWP application As mentioned in this issue it seems management of UWP apps is broken severely and after a few windows updates i couldnt even open some UWP apps like paint, notepad, store.

Mnky313 commented 1 year ago

I think windows sandbox is a UWP application As mentioned in https://github.com/jbara2002/windows-defender-remover/issues/42 it seems management of UWP apps is broken severely and after a few windows updates i couldnt even open some UWP apps like paint, notepad, store.

Interesting, I was able to open other application and I ran the script after updating.

I'm just hoping that the C:\Windows\Containers thing fixed it for me, waiting on a windows update to see if that breaks stuff.

Normally I re-run this script and some others after updates that reinstall the Windows Security app.

ad1tya2 commented 1 year ago

I think windows sandbox is a UWP application As mentioned in https://github.com/jbara2002/windows-defender-remover/issues/42 it seems management of UWP apps is broken severely and after a few windows updates i couldnt even open some UWP apps like paint, notepad, store.

Interesting, I was able to open other application and I ran the script after updating.

I'm just hoping that the C:\Windows\Containers thing fixed it for me, waiting on a windows update to see if that breaks stuff.

Normally I re-run this script and some others after updates that reinstall the Windows Security app.

Try to uninstall a windows UWP app, or maybe install a random UWP app and uninstall it or try to update an existing app.

I have not really observed any predictable behaviour, but uninstalls updates and installs of UWP apps are definitely affected

ionuttbara commented 1 year ago

I think windows sandbox is a UWP application As mentioned in this issue it seems management of UWP apps is broken severely and after a few windows updates i couldnt even open some UWP apps like paint, notepad, store.

Windows Sandbox App it's a system app. So this is not affected by this issue.

ionuttbara commented 1 year ago

i need to change the medium which i can do scripting test. In VM Containers such Sandbox are working fine without any problems, when i applied the script. Until i will change the test (up to second PC) i can't find the cause of this problem. I tested the removal part in Windows 11 21H2 build 22621.1, 22623.1355, 22624.1745 in 3 differnt Virtualization Apps (Virtual Box, VMware and Hyper-V) and i have positive results. So idk. First check if you downloaded Defender Remover version 10.3 or newer before to apply (in version 10.3 or lower it had problems with containters and Hyper-V).

ionuttbara commented 1 year ago

fixed in 12.4.6