[BUG][help wanted]: Cannot enable Windows Defender #104
Comments
AzrailxZain
changed the title
|
Hi, thanks for the report with the logs all necessary information. I'm sorry that it did not work. Let's team up and solve this together.
I tested this and Defender was runnning after reboot and and errors disappeared after rerunning revert scripts the errors disappeared. For the reason, when I read the logs I see that:
This is caused by some Defender services not properly running (due to disabled status before). However it's OK that those commands fail. They are compansated by successful registry modifications that does the same thing. I see that the important revert functions work. Please test my suggestions and let me know if they worked or we need to do more, based on feedback we can release a patch solving it. |
|
Hey! Seems like we might need a patch to fix it.. Thank you for your help!! Screenshot of Registry: Screenshot of Windows Security: |
|
I got also errors when I executed the revert-code but the logged are not really errors but part of process when escalating privileges (they exit with success in the end anyway). I will fix those in next patch. However I don't get your errors nor produce the behavior:
On both Windows 11 and 10 21H1, I get the script after single run of revert script both before and after reboot. And I get "Security at Glance" that you attached without any issues. Another issue I see that the script adds default OS values in revert script as policies. However, it's better to simply just delete the registry values as system by default does not include those registry entries. I'll also improve this aspect with a patch. You can get the similar by manually deleting those (create a system restore point in case something get messed up): reg delete "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall" /va /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /va /f
reg delete "HKCU\SOFTWARE\Policies\Microsoft\Windows Defender" /va /f
reg delete "HKCU\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /va /f
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /va /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /va /f
reg delete "HKCU\SOFTWARE\Microsoft\Windows Defender" /va /fThanks again, it's no longer my script but ours as we improve it together 👍 |
Haha I do not rly feel like I'm improving it but if you think that, it makes me happy :D So I copy pasted all of the reg delete commands into CMD (ran as admin). It said successful after each of them but I am still getting a blank page (as in the picture in my last post).. any other ideas? |
|
Happy to be able to help. I wish could help more, but I unfortunately can't if I cannot reproduce the issue on same OS version (W10 21H1) when I test. This might be caused by something elese than privacy.sexy "Disable Defender" script. You already helped improving many aspects of it. Contribution is not necessarily code but also feedback. The error messages will be much better in following versions. Let's keep the issue open until and see if someone else from the community would encounter the issue or present a solution. |
|
Hey
|
|
Update: I was not feeling comfy with the way the system was working, so I did a reinstallation of W10 without deleting my data. That fixed the bugs and not working functions but now the Defender is back up again :/ |
Change behavior of registry reverting from adding default value to removing value that overrides. It then leaves the system in cleaner state, removes "managed by your organization" warning, and makes the scripts more future-proof providing compatibility with Microsoft patches updating the defaults. This is implemented by using `reg delete` over `reg add` and `Remove-MpPreference` over `Set-MpPreference`. > Disable Windows Defender Scheduled Scan task Surpress the error when reverting the script as the task may not exist in some Windows versions. > Limit catch-up security intelligence (signature) updates Change to "Disable" instead of "Limit", and bring back its revert code. Fix reverting of following scripts setting non-default values: > Turn off Windows Defender SpyNet reporting > Disable checking for signatures before scan > Limit CPU usage during idle scans to minumum > Disable scanning when not idle > Disable scanning on mapped network drives on full-scan Fix following scripts setting unexpected behavior: > Disable running scheduled auto-remediation > Limit CPU usage during idle scans to minumum > Disable randomizing scheduled task times > Disable creating system restore point on a daily basis Add more documentation for MpPreference module: - Add more reference URLs - Add status query as documentation - Add information regarding default values - Describe meaning of enumeration values - Document commands not doing expected in Windows 11
|
All of your updates are appreciated. I'm sorry that it led the re-installation. I am working on improving the scripts with extensive testing on Windows 10, 11. I already fixed some problems and improved some aspects we talked about in 16f2a87. I see that managing defender with cmdlet ( My suggestion is that you disable Defender by only using |
Change behavior of registry reverting from adding default value to removing value that overrides. It then leaves the system in cleaner state, removes "managed by your organization" warning, and makes the scripts more future-proof providing compatibility with Microsoft patches updating the defaults. This is implemented by using `reg delete` over `reg add` and `Remove-MpPreference` over `Set-MpPreference`. > Disable Windows Defender Scheduled Scan task Surpress the error when reverting the script as the task may not exist in some Windows versions. > Limit catch-up security intelligence (signature) updates Change to "Disable" instead of "Limit", and bring back its revert code. Fix reverting of following scripts setting non-default values: > Turn off Windows Defender SpyNet reporting > Disable checking for signatures before scan > Limit CPU usage during idle scans to minumum > Disable scanning when not idle > Disable scanning on mapped network drives on full-scan Fix following scripts setting unexpected behavior: > Disable running scheduled auto-remediation > Limit CPU usage during idle scans to minumum > Disable randomizing scheduled task times > Disable creating system restore point on a daily basis Add more documentation for MpPreference module: - Add more reference URLs - Add status query as documentation - Add information regarding default values - Describe meaning of enumeration values - Document commands not doing expected in Windows 11
Where do I find that Disable OS components for Defender category? I would give it a try, even when risking another reinstallation :D |
Change behavior of registry reverting from adding default value to removing value that overrides. It then leaves the system in cleaner state, removes "managed by your organization" warning, and makes the scripts more future-proof providing compatibility with Microsoft patches updating the defaults. This is implemented by using `reg delete` over `reg add` and `Remove-MpPreference` over `Set-MpPreference`. > Disable Windows Defender Scheduled Scan task Surpress the error when reverting the script as the task may not exist in some Windows versions. > Limit catch-up security intelligence (signature) updates Change to "Disable" instead of "Limit", and bring back its revert code. Fix reverting of following scripts setting non-default values: > Turn off Windows Defender SpyNet reporting > Disable checking for signatures before scan > Limit CPU usage during idle scans to minumum > Disable scanning when not idle > Disable scanning on mapped network drives on full-scan Fix following scripts setting unexpected behavior: > Disable running scheduled auto-remediation > Limit CPU usage during idle scans to minumum > Disable randomizing scheduled task times > Disable creating system restore point on a daily basis Add more documentation for MpPreference module: - Add more reference URLs - Add status query as documentation - Add information regarding default values - Describe meaning of enumeration values - Document commands not doing expected in Windows 11
|
Microsoft Store seems to be dependent on Defender 1 2 3 4 5, and some others also linked same issues with Store and Photos app 6 7 . So you’re right that those issues were related to disabling Defender. This we should document. One more great contribution, I’m sure others in community would appreciate a warning 👍 I can also reproduce this behavior, and see that calculator does not even start. What issues did you have with Photos app? Was it an error or missing functionality? Did you have problems with any other app that you remember? Even though those apps fail, privacy.sexy should never fail to revert the issue. I tested scripts on probably more than 30 virtual machines now after your reports, and found some problems (all will be fixed in next patch) but I still can’t reproduce your main problem 🙁: You run revert script, reboot, re-run the revert script and still get errors from
About |
The Photos App would not open at all (searched for Fotos -> run (also as admin) or tried to open a picture). There would be a blank little grey window popping up which should probably contain an error message.. but yea, it was blank :D
I tried disabling the Defender by turning off all functions in the "normal" Windows security settings but obviously Microsoft wont let its tool snap away like that. I had put a DWORD in the registry under local machine, microsoft..... windows defender with the name "DisableAntiSpyware" or something like that. Since that didnt work, I put the value to 0 and removed the DWORD again, restarted and then found privacy.sexy
I'll give this a try once you upload patch |
Change behavior of registry reverting from adding default value to removing value that overrides. It then leaves the system in cleaner state, removes "managed by your organization" warning, and makes the scripts more future-proof providing compatibility with Microsoft patches updating the defaults. This is implemented by using `reg delete` over `reg add` and `Remove-MpPreference` over `Set-MpPreference`. > Disable Windows Defender Scheduled Scan task Surpress the error when reverting the script as the task may not exist in some Windows versions. > Limit catch-up security intelligence (signature) updates Change to "Disable" instead of "Limit", and bring back its revert code. Fix reverting of following scripts setting non-default values: > Turn off Windows Defender SpyNet reporting > Disable checking for signatures before scan > Limit CPU usage during idle scans to minumum > Disable scanning when not idle > Disable scanning on mapped network drives on full-scan Fix following scripts setting unexpected behavior: > Disable running scheduled auto-remediation > Limit CPU usage during idle scans to minumum > Disable randomizing scheduled task times > Disable creating system restore point on a daily basis Add more documentation for MpPreference module: - Add more reference URLs - Add status query as documentation - Add information regarding default values - Describe meaning of enumeration values - Document commands not doing expected in Windows 11
|
By the way: this is the current state of the registry under ../../Windows Defender
I gotta make use of your scripts to disable the Defender. You said it would be the safest (and easiest to revert) by using the "Disable OS components for Defender" category right? How long would you need for the next patch? I'm getting a bit short in time for a few projects. Those project software always causes the Defender to take 90% of my CPU :/ |
|
Current scripts for disabling/enabling OS components would work fine for you, there's no fixes to them in next patch. However other scripts are heavily reworked. However if you want the fixed version, here I attach the latest (unreleased) and fixed versions of the script for you: 0.112.rc-defender.zip New scripts include many minor fixes. I tested them on W10 and W11 many times and did not encounter any problems with enabling or when disabled. A patch will come in 1 to 2 weeks as it will include some more stuff outside of Defender. I also recommend running script generated on "Standard" recommendation mode from privacy.sexy. It's designed to not break it but would help to optimize. |
|
Just tried to run the disable script from the zip file you attached. Defender was not deactivated (I did not restart the PC, should I do that?). This is how the Windows Security Settings look like after using the script:
So this time it did not even deactivate the Defender completely as it was still using a lot of my CPU during a test run of my project. Hmmm |
|
Worked well now, I'll close with this comment! Thank you! |
- Refactor to use `Set-MpPreference` in a function instead.
- Better support for both Windows and Windows 11 with platform-specific
logic, due to poor `Remove-MpPreference` used in Windows 10:
* Use `Remove-MpPreference` on Windows 11, but switch to
`Set-MpPreference` for some edge cases using a flag.
* Use `Set-MpPreference` on Windows 10 by default, and use
`Remove-MpPreference` for only small amount of cases where it is
supported.
- Set default value instead of `Remove-MpPreference` on Windows 10 when
it does not work as expected.
- Improve error messages when:
* Command name (cmdlet) is not supported
* Command parameter is not support
* Failing due to Defender service not working
* Argument is not supported (e.g. for 'Broad')
- Skip if a parameter or argument is not supported instead of failing.
- Set OS defaults when using `Set-MpPreference` when `Remove-MpPreference`
does not set the OS defaults.
- Skip setting the setting if it already is as desired.
- Remove redundant scripts in "Disable remediation actions" setting
`LowThreatDefaultAction`, `ModerateThreatDefaultAction`,
`HighThreatDefaultAction` and `SevereThreatDefaultAction`. As they are
all controlled by and limited to value of `UnknownThreatDefaultAction`.
- Fix registry policies not matching cmdlet behavior:
> CheckForSignaturesBeforeRunningScan
> SignatureUpdateCatchupInterval
- Fix reverting registry policies (`reg delete` command and error
output):
> Disable Malicious Software Reporting tool diagnostic data
> Turn off block at first sight
- Fix DisableCatchupQuickScan MpPreference command being in wrong
category by moving it to its right category and adding its correct
equivalent.
German edition of Windows returns German output for `schtasks.exe` commands. So checking for "Running" fails immediately as reported #104. Revert recent change from using `Get-ScheduledTask` and `Unregister-ScheduledTask` to `schtasks.exe`. Also remove unused `$powershellFile` variable.
German edition of Windows returns German output for `schtasks.exe` commands. So checking for "Running" fails immediately as reported #104. Revert recent change from using `Get-ScheduledTask` and `Unregister-ScheduledTask` to `schtasks.exe`. Also remove unused `$powershellFile` variable.
- Improve error messages with cause of the problem and suggested solution. - Also document * Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store. * Document services that `netsh advfirewall` depends on - Fix some bad whitespace character in documentation.
- Improve error messages with cause of the problem and suggested solution.
- Also document
* Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store
(as reported in #104).
* Document services that `netsh advfirewall` depends on
- Fix some bad whitespace character in documentation.
- Improve error messages with cause of the problem and suggested solution.
- Document:
* Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store
(as reported in #104).
* Document services that `netsh advfirewall` depends on.
- Fix some bad whitespace character in documentation.
- Improve error messages with cause of the problem and suggested solution.
- Document:
* Disabling `WinDefend` breaks `Set-MpPreference` and Microsoft Store
(as reported in #104).
* Document services that `netsh advfirewall` depends on.
- Fix some bad whitespace character in documentation.
|
@AzrailxZain FYI new patch has been up for a while with all improvements so I recommend updating yours and let me know if you would have any more issues. Thank you again. |
|
@undergroundwires Also an update for you: |
|
Hi @AzrailxZain , sorry for the late response, let's track this issue in #170. |
Description
Heya! I used your script to disable Windows Defender (it was taking 99% of my CPU while running cloud bases programmes). After I closed the cloud based program, I wanted to enable Windows Defender again. So I went to your website and used the revert script for Windows Defender. When I ran the .bat file, I got a bunch of red error messages in the command window while running. Afterwards, Windows Defender still won't open. Says smth like "Your IT Services blocked...".
I will attach what the command window says as a .txt file
OS
Which OS are you using? What version of OS you were using? Windows 10 Home, Update 21H1
Reproduction steps
How can the bug be recreated?
Well, for me the bug is recreatable by just trying to run the revert Windows Defender Deactivation file.
Scripts
I cannot upload the used file from privacy.sexy since GitHub wont let me upload that file type. It is the file that I downloaded on your website under Privacy over Security -> Revert "Disable Windows Defender"
It is named privacy-script (1).bat
Screenshots
Wont be helpful
Here is the .txt from the command window:
CommandWindowCopyPaste.txt
Additional information
The text was updated successfully, but these errors were encountered: