Windows Defender question

3

357mag

Member
Messages
139
Reaction score
5
Just wondering if I make an NTLite Install Disc with Windows Defender disabled, could I enable it later on in Windows if I so choose to do so? Or is it simply permanently disabled?

Having a hard time making up my mind about whether or not I want it disabled.

I read you can go into Local Group Policy and disable it from there, but will Windows go behind my back and just re-enable it later?
 
Defender is very simple to disable from an offline image. Unlike a live system, there is no Tamper Protection to block your every attempt to disable the core Defender services while they're running. You can re-enable Defender by applying a reg file and restarting Windows.

To disable Defender services in the image:
https://www.ntlite.com/community/in...indows-defender-in-windows-11.3012/post-28465

To re-enable Defender on a live system:
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000
"DisableRealtimeMonitoring"=dword:00000000
"DisableAntiVirus"=dword:00000000

; Microsoft Defender Antivirus Mini-Filter Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter]
"Start"=dword:00000000

 Microsoft Defender Antivirus Network Inspection System Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv]
"Start"=dword:00000003

; Microsoft Defender Antivirus Network Inspection Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc]
"Start"=dword:00000003

; Microsoft Defender Antivirus Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000002
 
I would rather do this if it works. It was posted here.

METHOD 3: Following NTLite options

In resume, this method is the same as the last one (Garlin's), but using NTLite paths.

* Step 1: Disable 1 Setting of Microsoft Defender

On Left Panel, go to Configure > Settings > Window Defender
  • Tamper Protection - Disabled
  • Windows Defender - Disabled
Done.

* Step 2: Disable 6 Services of Microsoft Defender (Windows Defender):

On left panel, go to Configure > Services
  • WdNisSvc - Disabled
  • WinDefend - Disabled
Then, Configure > Extra Services
  • WdFilter - Disabled
  • WdNisDrv - Disabled
Done.

That's it! Microsoft Defender is now Permanently Disabled.
 
That does exactly the same thing as the shared reg file in the same thread you're reading (and which I responded at the time).

It's more work to make sure you didn't forget one of the NTLite settings than importing a single reg file. The advantage of the reg file is you can confirm all the changes in one pass.
 
The code you posted about how to enable Windows Defender, how do you get that into the registry?
 
1. Copy the text into a .reg file (using NotePad). From the Registry screen, import this reg file.
2. Apply changes. If you reload the updated image, you will see the same changes reflected in the different Settings & Services screens.

3. Copy the 2nd reg file to another filename. On the live system, execute it with "reg import Enable.reg", and then restart Windows.
 
I have already downloaded the file that disables Defender. You uploaded a registry file that is click-able and downloads. I have that. If I import that file into NTLite that should disable Defender. But how do you execute the file that re-enables Defender with "reg import Enable.reg"?

I have no clue.
 
When you have a reg file, to load all those settings into the Registry you can either click on the file from Explorer, or run "reg import file.reg".
 
I assume I don't include the line that says "Windows Registry Editor Version 5.00".
 
Windows won't recognize a reg file unless it has the "Windows Registry Editor Version 5.00" + one blank line header.
 
You must log in or register to reply here.
Back
Top