This application removes / disables Windows Defender, including the Windows Security App, Windows Virtualization-Based Security (VBS) , Windows SmartScreen, Windows Security Services , Windows Web-Threat Service and Windows File Virtualization (UAC) , Microsoft Defender App Guard, Microsoft Driver Block List, System Mitigations and Windows Defender's Settings Page (in Settings App , Winodws 10 or newer).
During the adding of #85 issue, some parts of code in github project can be modified. I want to learn how to work with Sublime Merge. When the code will be synced, the message will be removed.
- Windows
8.x
,10
and11
(all versions).
A system restore point is recommended before you apply the script.
If you meet any problems, you can write details in Issues Section.
Download the compiled script from Releases Section. Open with admin rights and follow the window showing menu options.****
The options are to remove, disable and enable Windows Defender by pressing 3 different buttons. 1️⃣. Pressing "Y", Windows Defender will be REMOVED. 2️⃣. Pressing "N", Windows Defender will be DISABLED. 3️⃣. Pressing "R", Windows Defender will be ENABLED.
Requires a Windows 8/10/11 ISO Image
1️⃣. Extract from ISO or download or extract an valid install.wim from Windows 8 or newer Windows versions.
2️⃣. After the settings was applied, you can save changes into install.wim
or into ISO Image Disc
.
DefenderRemover.exe installwimmount <#(Option to disable/enable/remove defender from .wim image)#> export.iso
Needs and Windows ISO Image mounted or from a CD/DVD drive or from USB Flash Drive.
(The letter of drive is detected automaticly by the script)
!Attention This requires 8 - 16 GB of space in C:\ (it creates a folder named MountedDefenderRemover in C:\ and mounts Windows Image in that folder)
After the process is configured , the ISO Image will be saved in c:\defenderRemovedISO\WindowsDefenderRemovedImage.iso
After Applying the script with desired option, the device will reboot automaticly.
Before to start the script, an automatic system restore point is created. If something fails, can be restored easily.
That is a false positive.
Some Security apps flag this app as a virus because of the way the .exe files are created.
🛑 If i have a clean installed Windows with no updates the script is works, why in updated Windows the script is not working?
Updated Windows includes a Windows Intelligence Update
this is designed for blocking actions , modifying Windows defender/Security Polocies, and so on.
If the script is not work for you, first check if you have the Windows Security Intelligence Update installed. If you have, disable tamper protection, and re-apply the script.
Starting with version 12, you can disable, remove or enable Windows Defender with arguments.
Defender.Remover.exe /R
OR
Defender.Remover.exe /r
Defender.Remover.exe /N
OR
Defender.Remover.exe /n
ATTENTION! AFTER APPLYING THIS PART, YOUR DEVICE WILL REBOOT AUTOMATICALLY.
Defender.Remover.exe /Y
OR
Defender.Remover.exe /y
If you have some problems when opening an app (extremely rare) and it will be saying "The app can not run because Device Guard" or "Windows Defender Application Guard Blocked this app" you must remove 4 files (with the same name, from 4 different locations).
The location of the files are:
a. In EFI Partition
$Path_To_EFI_System_Partition\Microsoft\Boot\WiSiPolicy.p7b
b. In Code Integrity Location
$env:windir\System32\CodeIntegrity\WiSiPolicy.p7b
c. In Windows Folder
$env:windir\Boot\EFI\wisipolicy.p7b
d. In WinSxS Folder
This module is not added to the script because implementing the removal of the file from the EFI partition is impossible (for now) to implement.
Manually removal: Go to "C:\Windows\WinSxS" and Search for winsipolicy.p7b then delete the file.
i.e:
[IO.DirectoryInfo]::New("$env:windir\WinSxS").GetFiles("*", [IO.SearchOption]::AllDirectories).Where({ $_.Name -eq "winsipolicy.p7b" }) | Remove-Item -Force
1️⃣. How to use the package remover without downloading the executable from the release?
RESPONSE: Run the desired ".bat" file from cmd with PowerRun (by dragging to the executable). You must reboot to take effect of the removal.
2️⃣. What are the ideal conditions for running the remover version of the script?
RESPONSE: The "ideal" condition is to run the Remover Version of the script on a Clean Installation of Windows. Why do I recommend that? Because the "Windows Intelligence Update" would not be installed and thus no defender package.