Need help to create a batch file

Try3 · 17 Mar 2021

zebal said:

I think del command would be more suited for this task, not sure.

Code:

del FOLDER /Q /S

At least this works to remove files that have invalid path characters. (which otherwise can't be removed by normal means)

The following procedure can remove a file or folder that cannot be removed by normal means.

my ditty about using RoboCopy to clear out a rogue file - TenForums

Denis

zebal · 17 Mar 2021

Matthew Wai said:

The following script can remove a folder that cannot be removed by normal means.

Delete Folder in Windows 10

I'm not that skilled with batch and don't understand all the code, but in addition to handling bad path characters, what else it does that could not be done with robocopy or del commands?

Try3 said:

The following procedure can remove a file or folder that cannot be removed by normal means.

my ditty about using RoboCopy to clear out a rogue file - TenForums

I saw that command somewhere on super user board some time ago, from what I understand it copies over directory tree discarding files? this is good trick!

Matthew Wai · 17 Mar 2021

The script in Brink's tutorial uses RoboCopy to delete a folder that cannot be deleted by normal means.

Try3 · 17 Mar 2021

zebal said:

I saw that command somewhere on super user board some time ago

I'd be interested in seeing the link.

zebal said:

it copies over directory tree discarding files?

In effect, yes.

It robocopies the empty dummy source folder into the awkward target folder
and uses the /MIR switch to ensure that only the empty dummy source folder contents are allowed to remain i.e. nothing is allowed to remain.

Denis

zebal · 17 Mar 2021

@Matthew Wai

I understand but "by normal means" could mean many things, one of which is bad path characters, I was assuming it handles something in addition to that. ex. file in use etc..

- - - Updated - - -

Try3 said:

I'd be interested in seeing the link.

Here it is straight from my bookmarks, however it is not the same but similar, [see answer 2]
command line - Recursively delete empty directories in Windows - Super User

It could probably be applied to copying a folder over non empty one, didn't test but that link remained in my head.

SM03 · 29 Apr 2021

@Matthew Wai, @Megahertz, @Bree, @zebal, @Berton & @Try3

firstly thanks all for all those replies & respective contributions to the OP, I posted this a month ago but then never got the chance to test this BAT, & to reply. Now that finally am done testing with the code today provided by @Matthew Wai, so reverting here

My installed OS was 21h1.928 (19043.928) where windows defender was removed earlier, now today, I installed the new LCU 2021-04 CU+SSU KB5001391 [19041.964.1.12].msu, & after installation, the OS version currently is 19043.964

& with that LCU, Windows defender returns, here are the filenames, folders & their locations for Defender

Total Files (2+2=4):
1. Name: SecurityHealthSystray.exe (2)
Locations: C:\Windows\System32\ &
C:\Windows\WinSxS\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec

2. 2 manifest files

Names: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest,
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest

Location: C:\Windows\WinSxS\Manifests\

Folders (2):

Names: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.1_none_753cc0191556f0a2 &
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a

Location: C:\Windows\WinSxS\

Earlier in the OP, I forgot to mention some of the files & folder names & their location I wanna delete & listed here in my this post, so I create the BAT file with the help of your coded, added/modified little bit as per all the files & folder names & their respective locations added. then run that BAT as admin

Result:

Files (2+2)

1. SecurityHealthSystray.exe (2)
locations: C:\Windows\System32\ &
C:\Windows\WinSxS\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec

Result: After running the BAT: not deleted at the first attempt as the process SecurityHealthSystray.exe (Windows Defender) running, stopped the process tree via task manager, & in 2nd run of the BAT, deleted from both locations

2. 2 manifest files
Name: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest,
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest

Location: C:\Windows\WinSxS\Manifests\

Result: Not deleted at first run, not even at 2nd run, after stopping/closing the WD process from TM & reboot.

Folders (2):

Names: amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.1_none_753cc0191556f0a2 &
amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a

Location: C:\Windows\WinSxS\

Result: Both deleted when running the BAT for the first time, without stopping the process from Task Manager.

So, from these results & finding, I need to re-configure the BAT like the following way

Attaching the BAT file here for check & inspection

Method 1:
1. Stop the process from Task Manager first
2. Take full permissions for all the files & folder I mentioned here under the current user & fully delete all.
3. Delete this reg entry as well
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"="%windir%\\system32\\SecurityHealthSystray.exe"

4. Prompt user for a reboot to fully complete the process.
5. Optional: after reboot, the BAT should run automatically one more time, just to check & confirm for any leftover file remaining & deletion. This step would not be required if all the files, folders & the reg key are positively deleted in 3rd step before reboot.

Method 2:
If, by any means, the defender process (SecurityHealthSystray.exe) can't be stopped fully via the BAT configuration, then

1. First Del the reg key fully
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"="%windir%\\system32\\SecurityHealthSystray.exe"
& Auto reboot.

2. After reboot, BAT should run automatically & take full permission of all the above-mentioned files & folders under the current user account & delete them completely.

3. OPTIONAL: Just like STEP 5 in Method 1.

Attaching my modded BAT here for check & modification

Thanks in advance.

WD Removal.zip

Matthew Wai · 29 Apr 2021

SM03 said:

the defender process (SecurityHealthSystray.exe) can't be stopped fully

Try using the following line to end the process:

WMIC process where name='SecurityHealthSystray.exe' Delete

SM03 said:

Result: Not deleted at first run, not even at 2nd run, after stopping/closing the WD process from TM & reboot.

Try using NSudo: https://nsudo.m2team.org/

Code:

C:\NSudoC_x64.exe -U:T CMD /C DEL /F /Q "C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest"

The following lines will disable and stop Microsoft Defender:

C:\NSudoC_x64.exe -U:T SC config "WinDefend" start=Disabled
C:\NSudoC_x64.exe -U:T SC stop "WinDefend"

NSudo is a small tool that allows the commands to run as TrustedInstaller.
Use it only if you know what you are doing.
The file path can be changed at will.

SM03 · 29 Apr 2021

Matthew Wai said:

Try using the following line to end the process:

WMIC process where name='SecurityHealthSystray.exe' Delete

Try using NSudo: www.tenforums.com/attachment.php?attachmentid=329717

Code:

C:\NSudoC_x64.exe -U:T CMD /C DEL /F /Q "C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest"

The following lines will disable and stop Microsoft Defender:

C:\NSudoC_x64.exe -U:T SC config "WinDefend" start=Disabled
C:\NSudoC_x64.exe -U:T SC stop "WinDefend"

NSudo is a small tool that allows the commands to run as TrustedInstaller.
Use it only if you know what you are doing.
The file path can be changed at will.

hey, can you dl my attached batch & edit/update the necessary changes as per the requirement & re attached it?

Sorry for asking if you mind, but am not that much good/confident in CMD/batch scripting so asking for your help.

Matthew Wai · 30 Apr 2021

@SM03, extracts all from "Testing.zip" and run "Testing.cmd".
See whether the following files will be deleted.

Code:

C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest
C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest

SM03 · 17 May 2021

Matthew Wai said:

@SM03, extracts all from "Testing.zip" and run "Testing.cmd".
See whether the following files will be deleted.

Code:

C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.19041.746_none_9d44fd61d4c8aeec.manifest
C:\Windows\WinSxS\Manifests\amd64_windows-securityhealth-sso.resources_31bf3856ad364e35_10.0.19041.1_en-gb_e06d5bd77127a68a.manifest

Hey @Matthew Wai

I am not seeing any 'testing.zip' here in this post of yours when I clicked on the hyperlinked 'testing.zip. it's showing this
"Invalid Attachment specified. If you followed a valid link, please notify the administrator"

I see the original posted date is 30th April, & now, this post just edited 2 days ago, so asking did you delete the attachment? can you share that again?

@Brink , tagging you too, as it says "...if you followed a valid link, please notify the administrator"