Archives/defender-control
2
0
Fork 0
mirror of https://github.com/qtkite/defender-control.git synced 2024-11-04 12:00:15 +00:00
Code Issues Projects Releases Wiki Activity

tamper protection subheading

Browse Source
This commit is contained in:
qtkite 2021-06-07 05:21:28 +10:00
parent d5e11aeb7b
commit f10206c8aa
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -319,6 +319,8 @@ lpValueName: DisableRealtimeMonitoring
To enable the AV, we just do the opposite of what we needed to disable the AV.
## Windows Tamper Protection
But theres, a catch. In a newer recent windows update - you can no longer disable the defender via registries. Well, our program runs completely in usermode, so there must be another way its making these registry changes - most likely through the powershell command Set-MpPreference if we do some research into changing the registry. So we will need to take a peek into the wmic api it accesses.
Luckily for us, all this stuff is documented. Check out these two links:
- https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2019-ps