Open Ana06 opened 11 months ago
day1player
commented
11 months ago I didnt think it was possible to disable it with a script due to Tamper Protection, but if we can automate that it would be the best thing we could do because then we could do unattended installs with Vagrant and the like.. It would be amazing
day1player
commented
11 months ago Even if we could automate killing Defender, but require Tamper Protection to be disabled, that would be a step in the right direction. The issue is that I believe doing it through group policy requires a reboot, so we would have to figure out how to wrap that into the install.. I think that would get confusing and might require some creative thinking with Boxstarter
Ana06
commented
11 months ago Commando-vm README also includes detailed instruction to do this manually: https://github.com/mandiant/commando-vm
Ana06
commented
6 months ago From https://github.com/mandiant/VM-Packages/issues/837#issuecomment-2011870798:
Uninstall-WindowsFeature -Name Windows-DefenderHas someone else tried this?
emtuls
commented
6 months ago I did try it, but I believe it is only a feature for Windows Server builds, which is why it error's out for me. https://learn.microsoft.com/en-us/powershell/module/servermanager/uninstall-windowsfeature?view=windowsserver2022-ps Uninstalls specified Windows Server roles, role services, and features from a computer that is running Windows Server
FWIW, I was able to simply add most of the Registry Keys from this blog post and only needed to manually disable Tamper Protection, and it seemed to disable Defender for me:
https://www.maketecheasier.com/permanently-disable-windows-defender-windows-10/
Disable Tamper Protection and Windows Defender, preferably via Group Policy. Resources:
@mandiant/flare-vm commando-vm should we add this to the debloat package?
In flare-vm the focus is on Windows 10 and we would like to automate this step that are currently doing manually.