Debloat-Windows-10 icon indicating copy to clipboard operation
Debloat-Windows-10 copied to clipboard

Published 20 hours ago verified publisher icon W4RH4WK

Defender disable script not working in Windows 11

Open TechieAndroid opened this issue 2 years ago • 8 comments

This is what happens in my Powershell admin terminal:

PS C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts> ./disable-windows-defender.ps1
Elevating priviledges for this process
Trying to disable scheduled task Windows Defender Cache Maintenance

TaskPath                                       TaskName                          State
--------                                       --------                          -----
\Microsoft\Windows\Windows Defender\           Windows Defender Cache Mainten... Disabled
Trying to disable scheduled task Windows Defender Cleanup
\Microsoft\Windows\Windows Defender\           Windows Defender Cleanup          Disabled
Trying to disable scheduled task Windows Defender Scheduled Scan
\Microsoft\Windows\Windows Defender\           Windows Defender Scheduled Scan   Disabled
Trying to disable scheduled task Windows Defender Verification
\Microsoft\Windows\Windows Defender\           Windows Defender Verification     Disabled
Disabling Windows Defender via Group Policies
Disabling Windows Defender Services
Exception calling "SetAccessControl" with "1" argument(s): "Attempted to perform an unauthorized operation."
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\lib\take-own.psm1:26 char:5
+     $key.SetAccessControl($acl)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : UnauthorizedAccessException

Exception calling "SetAccessControl" with "1" argument(s): "Attempted to perform an unauthorized operation."
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\lib\take-own.psm1:32 char:5
+     $key.SetAccessControl($acl)
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : UnauthorizedAccessException

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:37 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (Start:String) [Set-ItemProperty], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:38 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WinDe ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (AutorunsDisabled:String) [Set-ItemProperty], UnauthorizedAccessExcept
   ion
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:39 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WdNis ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (Start:String) [Set-ItemProperty], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Set-ItemProperty : Attempted to perform an unauthorized operation.
At C:\Users\youbr\Downloads\Debloat-Windows-10-master\scripts\disable-windows-defender.ps1:40 char:1
+ Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WdNis ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (AutorunsDisabled:String) [Set-ItemProperty], UnauthorizedAccessExcept
   ion
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetItemPropertyCommand

Removing Windows Defender context menu item
Removing Windows Defender GUI / tray from autorun

TechieAndroid avatar Oct 02 '21 18:10 TechieAndroid

Windows 11 is not supported.

W4RH4WK avatar Oct 04 '21 17:10 W4RH4WK

Windows 11 is not supported.

Oh okay I wasn't aware that it was version dependant. Just out of curiosity, what makes Windows 11 specifically incompatible?

TechieAndroid avatar Oct 04 '21 18:10 TechieAndroid

It's not that Windows 11 is completely incompatible. It's just that I've not tested any of the scripts on Windows 11 and currently lack the time and motivation to debug and fix issues.

They might just work for the most part, or they might not. Personally, I'll stick with Windows 10 for a while, and will probably switch back to Linux when I put together a new rig.

W4RH4WK avatar Oct 04 '21 21:10 W4RH4WK

It's not that Windows 11 is completely incompatible. It's just that I've not tested any of the scripts on Windows 11 and currently lack the time and motivation to debug and fix issues.

They might just work for the most part, or they might not. Personally, I'll stick with Windows 10 for a while, and will probably switch back to Linux when I put together a new rig.

I understand. Yeah I mostly use Linux myself but my job required me to get back into using Windows regularly, so I have been digging into the internals and trying to find ways to lessen the memory usage in it.

I tried disabling defender throu group policy and the registry but neither worked, it keeps coming back. My final resort was going to be wiping the program files for defender from windows. I've done it before but I never much cared for destructive methods.

TechieAndroid avatar Oct 04 '21 22:10 TechieAndroid

I tried disabling defender throu group policy and the registry but neither worked, it keeps coming back. My final resort was going to be wiping the program files for defender from windows. I've done it before but I never much cared for destructive methods.

Disabling Defender's real-time protection via group policies and disabling Scheduled Tasks was enough for me such that it doesn't cause any issues. Ripping out Defender completely causes issues with other components like the Windows Store.

W4RH4WK avatar Oct 05 '21 15:10 W4RH4WK

I tried disabling defender throu group policy and the registry but neither worked, it keeps coming back. My final resort was going to be wiping the program files for defender from windows. I've done it before but I never much cared for destructive methods.

Disabling Defender's real-time protection via group policies and disabling Scheduled Tasks was enough for me such that it doesn't cause any issues. Ripping out Defender completely causes issues with other components like the Windows Store.

Does the anti-malware service still run for you? That's what I was trying to disable.

TechieAndroid avatar Oct 05 '21 16:10 TechieAndroid

No, I think disabling the Scheduled Task took care of that. image

W4RH4WK avatar Oct 05 '21 18:10 W4RH4WK

Untitled

No, I think disabling the Scheduled Task took care of that. !

Hello W4RHAWK! I have been following your advice to disable Defender on a fresh win10 installation via group-policy for a few months, but it seems something re-enables the tasks every month or so and a quick is scan is performed regardless.

The only policy I enabled was "Turn-off real time protection". Have you noticed anything of the sort or have any insights on what could be resetting the tasks?

TIA

Edit: Maybe forced catch-up scans are the culprit here? I will try disabling them but I still don't see why this would set the status of the schedules scans back to Enabled.

kokotas89 avatar Mar 15 '22 11:03 kokotas89