Hi muchomurka,
Ok
Another question,
At the end of the link you suggested, there are two ways to roll back:
1 - To revert this update to the previous version
2 - To revert this update to the CAMP version
What is the difference between them? ... What is the CAMP Version?
Which one should I use?
Thank you
Clamarc
1. there were several antimalware platform updates so this is one step back only
2. imo CAMP means "right after OS installation, before winupdate", no antimalware platform patch installed
your choice is 2
OK muchomurka,
Very, very thank's
Clamarc
TairikuOkami, you are my HERO.
I have battled the Defender issue for awhile. Uninstalled Malwarebytes because of it, as it thought that program was the culprit. Up until the last WD update snuck in a few days back it would defer to my antivirus, and not make too much noise, so I didn't have much reason to dig.
But then, after the last update for it, it no longer would defer to my 3rd party AV, and would swell to 2gigs of RAM within minutes of starting the PC.
I got "smart" and hopped straight to the policy manager, thinking I was going to teach it a lesson. The joke was on me.
There are lots of directions floating around the internet, and this is by far the best one I have found, and also the only one that would actually work.
I did have some problems though. Because of mpcmdrun.exe some of the registry entries didn't take, even in safe mode.
To those of you that experience this, reboot an extra couple of times after running the bat file twice, then go down each entry in it and check the reg keys manually for yourself, to see which ones did not change the way they should or weren't created.
I will add--before you run a bat file, or do any changes to the registry at all; do two things. Set a system restore point, then make copy (export) of your registry before you do a thing to it.
One thing that tripped me up this time, is I didn't have registry editor open as admin. So make sure you run regedit and the task scheduler as administrator.
After making sure that the tasks were disabled via task scheduler, and removing triggers (the rest of you do this at your own risk!), I was able to get all keys but one via elevated regedit.
The holdout is
rem reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
Also, the antispyware key would not generate from the script, but I was able to create it manually using regedit.
Where the value will not change to 4, but stays at 3. I am thinking this has something to do with WD Advanced Threat Protection Service, which still is inaccessible to edit from services.
All services listed in your screenshot from process hacker are disabled. Also thank you for the idea for the nice program.
I've set the policy editor, on the off-chance it still works now that the AV is disabled, and am looking forward to Let IOBit Defender actually run now.
Thanks so much again, you are a true life saver! I intend to check back in here w/an update in a couple of days, to report on whether it stuck or not.
Last but not least, I am in your eternal gratitude for the reversal bat file on Github! Chances are at some time the settings will need to be reversed.
You just rock and the admin on this forum needs to give you way more stars.
I keep this service mentioned for a reference only. It handles boot, so Windows might need it.
Actually disabling it might result in Critical Process Died BSOD, making Windows unbootable.
https://docs.microsoft.com/en-us/win...rotect-windows
I have the exact same problem. Unfortunately, I possess zero knowledge as to how to fix it. Is there a tutorial or something I can use to learn exactly what it is I'm looking at (git hub link) and how to run it as an admin? Any assistance would be greatly appreciated as I'm just about to toss this laptop into the trash where it currently belongs, thanks to Microsoft. It takes an egregious amount of time to perform the simplest of tasks, such as moving between programs. It's taken me 17 min so far just to quote/comment/reply here (19 min). Thank you!
I still think the easiest way is to just use Autoruns.
1. Set the options as shown
2. In the filter (search box) type: windows defender
3. Uncheck the boxes shown, then reboot
Then you can just disable the Defender Services.
Quote
