Open Cassandre60 opened 1 week ago
Great bug report @Cassandre60. A lot of useful information. I will do some research and adding disabling of these services.
I will also increase the aggressiveness by disabling and block execution of executables of this services.
These should help with this issue.
We have #170, but it's not as helpful and concrete as this report which gives me the technical details to be able to go further.
Please keep in mind that these changes will not be fast, so no timelines promised, but hopefully in next patch release.
I will share the code with you once its ready to test if they help with getting rid of these processes/services.
Thanks for the quick reply, no problems on the timeline, just appreciate the work you and your colleagues are doing.
You could also try "Defender Remover" by ionuttbara (https://github.com/ionuttbara/windows-defender-remover)
only make sure that you disable "Tamper Protection" and all realtime protection in Windows Defender before running it.
My defender is maybe disabled by like 95%, so I'm afraid to mess things up now, since I'm a normal user. On my task manager smartscreen.exe, Windows Defender SmartScreen takes 0% CPU and around 1.5 MB of RAM and MpDefenderCoreService.exe Antimalware Core Service takes 0% CPU and 5.5MB of RAM, so I'm pretty satisfied with what I have. I'll consider your script on a new install, maybe. Btw, I'm on Windows 11 IoT Enterprise LTSC.
Hi,
This should successfully get rid of smartscreen.exe
:
Please test this and let me know if worked. It should persist against reboots. I will add it in next patch if you confirm it works.
I just applied the tool provided by @Silver347, and it removed all the residue, thanks for the suggestion nonetheless.
I'd be happy if anyone else who did not apply any other third party tool give feedback on this to move this issue and solution forward.
Hi @undergroundwires,thanks for the reply,excuse me for my poor language skills.
First of all I'd like to thank you sincerely for devoting your free time to create this awesome customizable script and I apologize for not really providing any scripted solution for the problem mentioned in the post but instead relying on someone elses project,
The truth is I have no coding skills and as far as I've seen this software (which I recommended) completely removes Windows Defender entirely...which is a problem since there is no way to revert any of this once it's applied.
This script also disables some security mitigations (which I believe are Spectre and Meltdown at the OS level,VBS,UAC) which is not ideal...and I shouldn't have honestly recommended it in the first place.
Most of (if not all of it) are registry tweaks inside the .exe file which can be unziped with any archiving tool such as (WinRAR,7-Zip etc.),which can be used to further improve the project...and again I apologize for not offering any proper solution.
Description
After I disabled Defender using the 1100 lines script generated by privacy.sexy, I still have : +webthreatdefusersvc_4549a, Web Threat Defense User Service_4549a +WinDefend, Microsoft Defender Antivirus Service +MDCoreSvc, Microsoft Defender Core Service still running.
Is this normal/expected behavior, or does this mean that Windows Defender is still enabled? I'm new to this space of privacy/debloating, so I might get some things wrong.
Reproduction steps
In privacy.sexy, check windows defender and then click run script.
Expected behavior
For Defender to be completely removed.
Screenshots
No response
privacy.sexy environment details
No response
Additional context
In powershell, Get-MpComputerStatus | select AMRunningMode returns AMRunningMode
Normal which as far as I know means Defender is still running.