search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.22k stars 887 forks source link

Updated Windows Defender Disable Methods in README. #530

Open 0xdf223 opened 8 months ago

0xdf223 commented 8 months ago

Added three working windows defender disable methods to the README.

google-cla[bot] commented 8 months ago

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

chrisbensch commented 7 months ago

So far, the best way I've found to remove Defender from both Win10 and Win11 uses Psexec, Sordum DefenderControl, and disable-defender.ps1 from https://github.com/jeremybeaume/tools/tree/master. Here are my steps: Open Virus settings and disable real-time monitoring and tamper protection, using psexec to run sordum defendercontrol to disable Defender, then again using psexec to run disable-defender.ps1. It will finish after a reboot. If you want to do it all in one fell swoop, you need to modify disable-defender.ps1 and manually specifiy the path to psexec.exe. Works on the most recent version of 10/11 fully updated.