New
#11
The following procedure can remove a file or folder that cannot be removed by normal means.
my ditty about using RoboCopy to clear out a rogue file - TenForums
Denis
The following procedure can remove a file or folder that cannot be removed by normal means.
my ditty about using RoboCopy to clear out a rogue file - TenForums
Denis
I'm not that skilled with batch and don't understand all the code, but in addition to handling bad path characters, what else it does that could not be done with robocopy or del commands?
I saw that command somewhere on super user board some time ago, from what I understand it copies over directory tree discarding files? this is good trick!
The script in Brink's tutorial uses RoboCopy to delete a folder that cannot be deleted by normal means.
@Matthew Wai
I understand but "by normal means" could mean many things, one of which is bad path characters, I was assuming it handles something in addition to that. ex. file in use etc..
- - - Updated - - -
Here it is straight from my bookmarks, however it is not the same but similar, [see answer 2]
command line - Recursively delete empty directories in Windows - Super User
It could probably be applied to copying a folder over non empty one, didn't test but that link remained in my head.
@Matthew Wai, @Megahertz, @Bree, @zebal, @Berton & @Try3
firstly thanks all for all those replies & respective contributions to the OP, I posted this a month ago but then never got the chance to test this BAT, & to reply. Now that finally am done testing with the code today provided by @Matthew Wai, so reverting here
My installed OS was 21h1.928 (19043.928) where windows defender was removed earlier, now today, I installed the new LCU 2021-04 CU+SSU KB5001391 [19041.964.1.12].msu, & after installation, the OS version currently is 19043.964
& with that LCU, Windows defender returns, here are the filenames, folders & their locations for Defender
Total Files (2+2=4):
1. Name: SecurityHealthSystray.exe (2)
Locations: C:\Windows\System32\ &
C:\Windows\WinSxS\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec
2. 2 manifest files
Names: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest,
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest
Location: C:\Windows\WinSxS\Manifests\
Folders (2):
Names: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.1_none_753cc0191556f0a2 &
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a
Location: C:\Windows\WinSxS\
Earlier in the OP, I forgot to mention some of the files & folder names & their location I wanna delete & listed here in my this post, so I create the BAT file with the help of your coded, added/modified little bit as per all the files & folder names & their respective locations added. then run that BAT as admin
Result:
Files (2+2)
1. SecurityHealthSystray.exe (2)
locations: C:\Windows\System32\ &
C:\Windows\WinSxS\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec
Result: After running the BAT: not deleted at the first attempt as the process SecurityHealthSystray.exe (Windows Defender) running, stopped the process tree via task manager, & in 2nd run of the BAT, deleted from both locations
2. 2 manifest files
Name: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest,
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest
Location: C:\Windows\WinSxS\Manifests\
Result: Not deleted at first run, not even at 2nd run, after stopping/closing the WD process from TM & reboot.
Folders (2):
Names: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.1_none_753cc0191556f0a2 &
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a
Location: C:\Windows\WinSxS\
Result: Both deleted when running the BAT for the first time, without stopping the process from Task Manager.
So, from these results & finding, I need to re-configure the BAT like the following way
Attaching the BAT file here for check & inspection
Method 1:
1. Stop the process from Task Manager first
2. Take full permissions for all the files & folder I mentioned here under the current user & fully delete all.
3. Delete this reg entry as well
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"="%windir%\\system32\\SecurityHealthSystray.exe"
4. Prompt user for a reboot to fully complete the process.
5. Optional: after reboot, the BAT should run automatically one more time, just to check & confirm for any leftover file remaining & deletion. This step would not be required if all the files, folders & the reg key are positively deleted in 3rd step before reboot.
Method 2:
If, by any means, the defender process (SecurityHealthSystray.exe) can't be stopped fully via the BAT configuration, then
1. First Del the reg key fully
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"="%windir%\\system32\\SecurityHealthSystray.exe"
& Auto reboot.
2. After reboot, BAT should run automatically & take full permission of all the above-mentioned files & folders under the current user account & delete them completely.
3. OPTIONAL: Just like STEP 5 in Method 1.
Attaching my modded BAT here for check & modification
Thanks in advance.
WD Removal.zip
Try using the following line to end the process:
WMIC process where name='SecurityHealthSystray.exe' Delete
Try using NSudo: https://nsudo.m2team.org/
Code:C:\NSudoC_x64.exe -U:T CMD /C DEL /F /Q "C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest"
The following lines will disable and stop Microsoft Defender:
C:\NSudoC_x64.exe -U:T SC config "WinDefend" start=Disabled
C:\NSudoC_x64.exe -U:T SC stop "WinDefend"
NSudo is a small tool that allows the commands to run as TrustedInstaller.
Use it only if you know what you are doing.
The file path can be changed at will.
Last edited by Matthew Wai; 30 Apr 2021 at 06:32.
@SM03, extracts all from "Testing.zip" and run "Testing.cmd".
See whether the following files will be deleted.Code:C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest
Last edited by Matthew Wai; 14 May 2021 at 05:09.
Hey @Matthew Wai
I am not seeing any 'testing.zip' here in this post of yours when I clicked on the hyperlinked 'testing.zip. it's showing this
"Invalid Attachment specified. If you followed a valid link, please notify the administrator"
I see the original posted date is 30th April, & now, this post just edited 2 days ago, so asking did you delete the attachment? can you share that again?
@Brink , tagging you too, as it says "...if you followed a valid link, please notify the administrator"