ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows Server 2019 Need to Download and Run without AV Deleting Files

    Scheduled Pinned Locked Moved IT Discussion
    windowswindows serverwindows server 2019windows defenderavantivirusclicommand line
    11 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Emad RE
      Emad R @scottalanmiller
      last edited by Emad R

      @scottalanmiller

      I made this script cause I dont rely on Windows AV , i rely on my judgement on how not to get Viruses

      sc config "wuauserv" start= disabled
sc config "Sense" start= disabled
sc config "WdNisSvc" start= disabled
sc config "WinDefend" start= disabled

REG add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 4 /f

@echo off 
echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender -> Turn Off"
echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> File Explorer -> Configure Windows Defender SmartScreenTurn -> Off"
echo "REGEDIT = Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	EnableLUA=0"

sc stop wuauserv
sc stop Sense
sc stop WdNisSvc
sc stop WinDefend

      You dont need all of it, i think you only need

      @echo off
      echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender -> Turn Off"
      echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> File Explorer -> Configure Windows Defender SmartScreenTurn -> Off"

      Try to do the 2 gpedit using command line, I am not sure how then reboot

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        So here is an interesting point. The sc commands appear to silently fail in PowerShell, and throw an Access Denied error in CMD.

        1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce @scottalanmiller
          last edited by

          @scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

          I have a Windows Server 2019 pure command line machine and I need to download and run some stuff. But when I download a file I just get "Program failed to run: Operation did not complete successfully because teh file contains a virus or potentially unwanted software". And the OS instantly deletes the file.

          I have used this command to turn on Windows Defender: sc stop WinDefend but this doesn't change the behaviour. It does the same thing regardless.

          I don't want to completely remove Defender, but I can't seem to get around it. It's overly aggressive and I can find no way to stop it so that I can install software.

          If you use WAC, you can see what is happening and make an exception for that file.

          There's a whole Defender area in there, it's pretty cool.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Obsolesce
            last edited by

            @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

            If you use WAC, you can see what is happening and make an exception for that file.

            Can I even install that, given that downloads and installs are what is not working? 😞

            ObsolesceO 1 Reply Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce @scottalanmiller
              last edited by

              @scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

              @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

              If you use WAC, you can see what is happening and make an exception for that file.

              Can I even install that, given that downloads and installs are what is not working? 😞

              You would have it on something else and add this server to your list. But if you can't download anything, something is very off.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Obsolesce
                last edited by

                @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                @scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                If you use WAC, you can see what is happening and make an exception for that file.

                Can I even install that, given that downloads and installs are what is not working? 😞

                You would have it on something else and add this server to your list. But if you can't download anything, something is very off.

                Fresh install 😞

                1 Reply Last reply Reply Quote 0
                • black3dynamiteB
                  black3dynamite
                  last edited by

                  What type of executable file keep getting deleted, exe or msi?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @black3dynamite
                    last edited by

                    @black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                    What type of executable file keep getting deleted, exe or msi?

                    It is a .exe in the case of my experiment.

                    1 Reply Last reply Reply Quote 0
                    • black3dynamiteB
                      black3dynamite
                      last edited by

                      https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

                      For now, just temporary disable Real-Time Protection via PowerShell
                      Set-MpPreference -DisableRealtimeMonitoring $true

                      Download the executable and scan it manually before you install
                      Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

                      Enable Real-Time Protection after the install
                      Set-MpPreference -DisableRealtimeMonitoring $false

                      scottalanmillerS 1 Reply Last reply Reply Quote 4
                      • scottalanmillerS
                        scottalanmiller @black3dynamite
                        last edited by

                        @black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                        https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

                        For now, just temporary disable Real-Time Protection via PowerShell
                        Set-MpPreference -DisableRealtimeMonitoring $true

                        Download the executable and scan it manually before you install
                        Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

                        Enable Real-Time Protection after the install
                        Set-MpPreference -DisableRealtimeMonitoring $false

                        Excellent, now THAT did it.

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post