1) It seems to me, that this means NTLite will need an update for W10 and W11, because it's not as simple as turning on the group policy anymore, by itself, since both of these operating systems in the newer editions require layers of settings to disable Defender. Agreed?
2) The other thing to consider, is that the poster wasn't actually uninstalling Defender, which at one point is what was being implied, "I use NTLite to remove Defender" and "I remove it through ntlite". Instead, they were just toggling the reg key setting in NTLite to disable it. So I'm curious if removing the component on W11 avoids the issues.
Months ago in my testing I did remove it in W10 via NTLite, and it seemed to work well, but I would need to revisit that, now that I have learned more about Windows Update and Defender behaviors in W10 as my custom image progressed.
3) I started out using TenForums as well, but their tutorial didn't work on W10 21H2 Home, same as it didn't work here on W11 21H2 Pro. Both tutorials on Ten/Eleven Forums need to be updated, since I have shown with my keys (and you did too for W11) that it is possible to fully disable Defender, even with all the disclaimers on the tutorial and statements made by Microsoft.
I still fully standby my solution for my W10 edition until proven wrong (you don't need my entire reg file obviously, just the relevant ones based on the comments). Also it's possible these tutorials were just never the solution to begin with, which I think is really the case, as I'll expand on more in the items below.
4) That one DisableAntiSpyware policy key doesn't fully turn off all of the Defender features, as there are other parts that continue to run which appear in Task Manager (antimalware / on W10 21H2 Home at least), and that's why I had to layer it, like you ended up doing too in W11.
5) I would specifically test this on Home edition if possible, because I've come across too many policies in general, that no longer work on Home edition and/or W10 21H2 in my testing. This is a big part of why I always went with user-toggled keys rather than policies, but also because I didn't want to lock pages down if I could avoid doing so.
6) I am curious about TamperProtection, because you have a value of 0, I have 4 when I toggle it off as a user in W10.
7) You toggled these services, but I don't see them in the W10 services panel, but they do appear in my regedit?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense]
On that note, I'd suggest adding comments to all the keys so that people know what they are changing.
8) The other thing to try if you didn't already, is to go ahead and integrate it and install that to test. When I tried to disable the Defender and WU services on W10 via integration, Windows Setup errors out. I'm not sure exactly which service(s) was responsible yet, but I had made a post about it, I just haven't had the time to do a bunch of re-installs and figure out precisely which one(s) are at fault and in what combination:
https://www.ntlite.com/community/index.php?threads/ntlite-image-failure.2860/
9) I think you are oversimplifying the internet fairy tale thing, if you have an active internet connection then updates are going to be installed when you install Windows. It seems like all of your testing here is on a live desktop, not taking into account Windows Setup, user provisioning, etcetera. You are correct though about my wording, I did say "reinstalling Defender" and I meant to say “update”. This is a part of why things can be re-enabled or overwritten.
10) I don't think Sordum's tool is needed for probably anything in Windows, most tools like this are just changing reg keys. It's cleaner and more transparent to just integrate those keys into an image, or run a reg file post-install, than to use a 3rd party tool post-install. I would be curious to know what they actually do, using a reg compare tool. In fact I think I'm going to download it now and see, because when I used Bitsum's tools I was disappointed since they weren't changing as much as they claim to be.