"G Data" blocks the Explorer Patch ddls and bricks the computer

[bdurrer]

The Virus scanner prevents the execution of explorer.exe, the system starts with no Taskbar nor Desktop. All I can open is the Task Manager, from where I can start some programs. However, the Windows Settings are also unavailable. The EP_installer is blocked too, so I can't even uninstall EP.

Ironically, since the TrayIcons and Settings can't be accessed, I can't turn off G Data.

Can I somehow manually remove EP? If so, how?

[bdurrer]

Update:

Right before I was about to reset the whole computer, it somehow ended up booting. Not exactly sure how I managed that. I did countless reboots, also tried in windows safe mode - but the G DATA anti-virus is quite sticky.

I also tried to uninstall and/or reinstall using the fork (https://github.com/Amrsatrio/ExplorerPatcher/releases/tag/22621.3880.66.6_92fce8c), however the command line reported a failure doing so while explorer.exe was dead.

Maybe windows somehow restored something after the many forced reboots.

It certainly is a issue that g data cant be disabled and explorer patcher cannot even execute the uninstaller. I think it might be helpful to have an uninstaller that does not contain any installation files which would be seen as virus. Or at least have a how-to what could be manually deleted using a command line.

I love the project but this stuff has sadly become too risky for me. Microsoft has defeated me

[pyrates999]

Duplicate of: https://github.com/valinet/ExplorerPatcher/issues/3228

Please close this.

MS just doesn't like EP and has added it to windows defender, even though it is not a virus and not a hack tool.

All builds of EP are done by github build servers against the source code in the repo. Only binary is the reimplemented windows 10 taskbar and windows 10 start menu files. There is no third party build servers.

See the release notes here for the powershell script you can run that excludes all the directories necessary in windows defender: https://github.com/valinet/ExplorerPatcher/releases

The powershell script you must run with elevated privileges.

Future updates to EP won't be flagged then.

You can also set windows defender to exclude the directory that you manually download EP to so you can install it without windows defender blocking it.

if you get the error: 0x800106ba, it means Windows Defender is not active. You may have another antivirus program active.

[Amrsatrio]

Delete C:\Windows\dxgi.dll.

We will publish manual install/uninstall instructions by this week.

[Amrsatrio]

I think it might be helpful to have an uninstaller that does not contain any installation files which would be seen as virus.

They will be flagged regardless. Anything EP drops. I'm very sure there's a revelation or something in the antivirus industry which makes them hate this tool...

[Amrsatrio]

I checked our previous release 65.5 and apparently GData flags it now.

[Amrsatrio]

Also, if you want to keep using this software, please check the releases page to know which files and folders should be excluded from AV scans.

[bdurrer]

Duplicate of: #3228

Please close this.

I created a new ticket because this one didn't just trigger the virus-scanner, it bricked that device (due to how stupid the GData GUI is). But as Amrasatrio already mentioned that there will be a manual instruction soonish, which is the key solution to get around this.

Delete C:\Windows\dxgi.dll.

We will publish manual install/uninstall instructions by this week.

Closing the ticket as this is the solution, together with setting the AV exclusions correctly (I don't think this will work on this device, as it is halfway managed by a company

[Amrsatrio]

Yeah, RIP then. I suggest compiling EP on your own at this point. Maybe fork this repo, enable GitHub actions, and you will have your own personal builds. The AV flags are only given once the files have spread enough so keep this in mind.

[Amrsatrio]

Also, if you don't mind, you can try submitting a report to GData https://submit.gdatasoftware.com/privacy?lang=en and uploading the ExplorerPatcher.amd64.dll file.

[pyrates999]

(I don't think this will work on this device, as it is halfway managed by a company

You shouldn't be installing EP on any work computer as your admin privileges could be taken away at any time.