diff --git a/src/defender-control/dcontrol.cpp b/src/defender-control/dcontrol.cpp
index 0198858..0aa0d3b 100644
--- a/src/defender-control/dcontrol.cpp
+++ b/src/defender-control/dcontrol.cpp
@@ -2,17 +2,65 @@
 
 namespace DCONTROL
 {
+  // forget about this for now
+  //
   bool enable_control()
   {
-
     return true;
   }
 
-
+  // write a working poc
+  //
   bool disable_control()
   {
 
-
     return true;
   }
+
+  // Checks whether Real-Time Protection is activated on windows
+  //
+  bool check_defender()
+  {
+    LSTATUS status;
+    HKEY hkey;
+    DWORD result{};
+    DWORD buff_sz = sizeof(DWORD);
+
+    // https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
+    // KEY_WOW64_64KEY if we are in an x86 environment
+    // KEY_ALL_ACCESS to access
+    // but we only need to read for this call
+
+    status = RegOpenKeyExW(
+      HKEY_LOCAL_MACHINE,
+      L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
+      0,
+      KEY_READ | KEY_WOW64_64KEY,
+      &hkey
+    );
+
+    // running by default if we can't identify it
+    //
+    if (status)
+    {
+      std::cout << "Error opening Real-Time Protection key" << std::endl;
+      return true;
+    }
+
+    status = RegQueryValueExW(
+      hkey,
+      L"DisableRealtimeMonitoring",
+      0, NULL,
+      reinterpret_cast<LPBYTE>(&result),
+      &buff_sz
+    );
+
+    if (status)
+    {
+      std::cout << "Failed to read DisableRealtimeMonitoring" << std::endl;
+      return true;
+    }
+
+    return result == 0;
+  }
 }
\ No newline at end of file
diff --git a/src/defender-control/dcontrol.h b/src/defender-control/dcontrol.h
index 15ffd87..aac9abd 100644
--- a/src/defender-control/dcontrol.h
+++ b/src/defender-control/dcontrol.h
@@ -1,8 +1,9 @@
 #pragma once
 
 #include <Windows.h>
+#include <iostream>
 
 namespace DCONTROL
 {
-
+  bool is_av_running();
 }
\ No newline at end of file
diff --git a/src/defender-control/defender-control.vcxproj b/src/defender-control/defender-control.vcxproj
index dd34586..da489c3 100644
--- a/src/defender-control/defender-control.vcxproj
+++ b/src/defender-control/defender-control.vcxproj
@@ -109,6 +109,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
diff --git a/src/defender-control/main.cpp b/src/defender-control/main.cpp
index e93193f..48ad93e 100644
--- a/src/defender-control/main.cpp
+++ b/src/defender-control/main.cpp
@@ -1,20 +1,24 @@
 #include "dcontrol.h"
 
-// We are going to reverse engineer the d-control from sordum
-// and build an open source safe version since i struggle trust
-// defender control cause of the virus total false positivies
 // to-do:
-// finish dumper
-// write poc
 // write argument parser
 // create cli program
 // maybe make a ui for this
 
+
+
 // entrypoint
 //
 int main()
 {
+  if (DCONTROL::is_av_running()) {
+    printf("running...\n");
+  }
+  else {
+    printf("not running...\n");
+  }
 
+  system("pause");
 
   return 0;
 }