Closed Xaymar closed 1 year ago
This might be due to changes from windows updates, will have a look in from my w11 machine when I get the chance to. Thanks for letting me know
For now I just excluded all my drives entirely from any scanning, which works for now. Not as good as no Windows Defender, but better than nothing.
✅ Still present ❌ Gone
SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = 0
SYSTEM\CurrentControlSet\Services\wscsvc\Start = 4
SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = 1
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\SecurityHealth = 3b
SYSTEM\CurrentControlSet\Services\WinDefend\Start = 3
SOFTWARE\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = 1
Unsure how to check WMIC related changes. Seems like a TamperProtection of 0
is invalid on Windows 11, so it resets things related to it.
Edit: Found a way to make it stick after reboot/hibernate:
Seems like Microsoft is finally done moving things around for now. The tool works again as expected, but there's now a 2nd on-access check for applications, which defaults to on. Turning it off as well appears to prevent this from occuring entirely.
See title for the problem. All the changes are reverted upon reboot, and all Group Policy changes made to Windows Defender are also reverted. Seems like Microsoft hates this one weird trick to get 50% of our CPU back and +200% battery lifetime...