ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows Server 2019 Need to Download and Run without AV Deleting Files

    IT Discussion
    windows windows server windows server 2019 windows defender av antivirus cli command line
    4
    11
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottalanmiller
      last edited by

      I have a Windows Server 2019 pure command line machine and I need to download and run some stuff. But when I download a file I just get "Program failed to run: Operation did not complete successfully because teh file contains a virus or potentially unwanted software". And the OS instantly deletes the file.

      I have used this command to turn on Windows Defender: sc stop WinDefend but this doesn't change the behaviour. It does the same thing regardless.

      I don't want to completely remove Defender, but I can't seem to get around it. It's overly aggressive and I can find no way to stop it so that I can install software.

      E O 2 Replies Last reply Reply Quote 0
      • E
        Emad R @scottalanmiller
        last edited by Emad R

        @scottalanmiller

        I made this script cause I dont rely on Windows AV , i rely on my judgement on how not to get Viruses

        sc config "wuauserv" start= disabled
        sc config "Sense" start= disabled
        sc config "WdNisSvc" start= disabled
        sc config "WinDefend" start= disabled
        
        REG add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 4 /f
        
        @echo off 
        echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender -> Turn Off"
        echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> File Explorer -> Configure Windows Defender SmartScreenTurn -> Off"
        echo "REGEDIT = Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	EnableLUA=0"
        
        sc stop wuauserv
        sc stop Sense
        sc stop WdNisSvc
        sc stop WinDefend
        

        You dont need all of it, i think you only need

        @echo off
        echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender -> Turn Off"
        echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> File Explorer -> Configure Windows Defender SmartScreenTurn -> Off"

        Try to do the 2 gpedit using command line, I am not sure how then reboot

        1 Reply Last reply Reply Quote 0
        • S
          scottalanmiller
          last edited by

          So here is an interesting point. The sc commands appear to silently fail in PowerShell, and throw an Access Denied error in CMD.

          1 Reply Last reply Reply Quote 0
          • O
            Obsolesce @scottalanmiller
            last edited by

            @scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

            I have a Windows Server 2019 pure command line machine and I need to download and run some stuff. But when I download a file I just get "Program failed to run: Operation did not complete successfully because teh file contains a virus or potentially unwanted software". And the OS instantly deletes the file.

            I have used this command to turn on Windows Defender: sc stop WinDefend but this doesn't change the behaviour. It does the same thing regardless.

            I don't want to completely remove Defender, but I can't seem to get around it. It's overly aggressive and I can find no way to stop it so that I can install software.

            If you use WAC, you can see what is happening and make an exception for that file.

            There's a whole Defender area in there, it's pretty cool.

            S 1 Reply Last reply Reply Quote 0
            • S
              scottalanmiller @Obsolesce
              last edited by

              @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

              If you use WAC, you can see what is happening and make an exception for that file.

              Can I even install that, given that downloads and installs are what is not working? 😞

              O 1 Reply Last reply Reply Quote 0
              • O
                Obsolesce @scottalanmiller
                last edited by

                @scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                If you use WAC, you can see what is happening and make an exception for that file.

                Can I even install that, given that downloads and installs are what is not working? 😞

                You would have it on something else and add this server to your list. But if you can't download anything, something is very off.

                S 1 Reply Last reply Reply Quote 0
                • S
                  scottalanmiller @Obsolesce
                  last edited by

                  @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                  @scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                  @Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                  If you use WAC, you can see what is happening and make an exception for that file.

                  Can I even install that, given that downloads and installs are what is not working? 😞

                  You would have it on something else and add this server to your list. But if you can't download anything, something is very off.

                  Fresh install 😞

                  1 Reply Last reply Reply Quote 0
                  • B
                    black3dynamite
                    last edited by

                    What type of executable file keep getting deleted, exe or msi?

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      scottalanmiller @black3dynamite
                      last edited by

                      @black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                      What type of executable file keep getting deleted, exe or msi?

                      It is a .exe in the case of my experiment.

                      1 Reply Last reply Reply Quote 0
                      • B
                        black3dynamite
                        last edited by

                        https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

                        For now, just temporary disable Real-Time Protection via PowerShell
                        Set-MpPreference -DisableRealtimeMonitoring $true

                        Download the executable and scan it manually before you install
                        Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

                        Enable Real-Time Protection after the install
                        Set-MpPreference -DisableRealtimeMonitoring $false

                        S 1 Reply Last reply Reply Quote 4
                        • S
                          scottalanmiller @black3dynamite
                          last edited by

                          @black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

                          https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

                          For now, just temporary disable Real-Time Protection via PowerShell
                          Set-MpPreference -DisableRealtimeMonitoring $true

                          Download the executable and scan it manually before you install
                          Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

                          Enable Real-Time Protection after the install
                          Set-MpPreference -DisableRealtimeMonitoring $false

                          Excellent, now THAT did it.

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post