Hello everyone, here I am again, this time with a question about the Microsoft.Windows.SecHealthUI?

devilink said:
But if you delete

Code: 
Microsoft-Windows-HVSI-Package
Microsoft-Windows-HVSI-WOW64-Package

will delete the container,Is there any influences?
Click to expand...
I don't know the answer. But most of the newer security features are implemented by VM isolation, sometimes in a container-like instance.
It's poorly documented to the public.
 
I havnt used install_tweak_wim so i dont know what and how it does things but cbsenum has a gui and lists all availible packages and their state, hidden or unhidden.
 
garlin said:
10. Conclusion:
Removing the Defender feature packages removes Defender from the Security Center, while keeping non-Defender features (firewall, VBS isolation, application security) visible. If NTLite isn't separating the packages this way, then it should.
Click to expand...

I ran "NTLite /forcelistcomponents /saveallstates" on before & after offline images. NTLite knows some tweaks are different, but doesn't detect any missing components :confused:
Code: 
687,688d686
<                               <Tweak name="DefenderApiLogger\Start">1</Tweak>
<                               <Tweak name="DefenderAuditLogger\Start">1</Tweak>
1776,1777d1773
<                               <Tweak name="Microsoft-Windows-WDAG-PolicyEvaluator-CSP\Operational\Enabled">1</Tweak>
<                               <Tweak name="Microsoft-Windows-WDAG-PolicyEvaluator-GP\Operational\Enabled">1</Tweak>
1803,1804d1798
<                               <Tweak name="Microsoft-Windows-Windows Defender\Operational\Enabled">1</Tweak>
<                               <Tweak name="Microsoft-Windows-Windows Defender\WHC\Enabled">1</Tweak>
1897d1890
<                               <Tweak name="NIS-Driver-WFP\Diagnostic\Enabled">0</Tweak>
2345d2337
<                               <Tweak name="WdNisSvc\WdNisSvc">3</Tweak>
2349d2340
<                               <Tweak name="WinDefend\WinDefend">2</Tweak>
2736,2737d2726
<                               <Tweak name="WdBoot\WdBoot">0</Tweak>
<                               <Tweak name="WdFilter\WdFilter">0</Tweak>
2740d2728
<                               <Tweak name="WdNisDrv\WdNisDrv">3</Tweak>
3130,3135d3117
<                       </TweakGroup>
<                       <TweakGroup name="Tree\Microsoft\Windows\Windows Defender">
<                               <Tweak name="Windows Defender Cache Maintenance\Windows Defender Cache Maintenance"></Tweak>
<                               <Tweak name="Windows Defender Cleanup\Windows Defender Cleanup"></Tweak>
<                               <Tweak name="Windows Defender Scheduled Scan\Windows Defender Scheduled Scan"></Tweak>
<                               <Tweak name="Windows Defender Verification\Windows Defender Verification"></Tweak>

This "diff" reconfirms which services are required to disable Defender: WdNisSvc, WinDefend, WdFilter, WdNisDrv, WdBoot

I skipped WdBoot in my recommendation, because it only runs once (boot-time).
 
Did you do a dism cleanup? If yes repeat but without a cleanup, rerun ntlite.
 
Last edited:
Clanger said:
cbsenum is a good alternative to install_wim_tweak for live testing, but it doesnt work on mounted images as far as i know.
Click to expand...
Actually it works quite well on mounted NTL image from 8 to 11.
Just change your mountpad from this cmd in same dir as install_wim_tweak or install_wim_tweak_NET4.6 as you please and run as ADMIN (ie. for default definitions):
@echo off
cd /d "%~dp0"
CLS
install_wim_tweak_NET4.6.exe /p D:\NTLite\Temp\NLTmpMnt01\ /c Windows-Defender-AM-Default-Definitions-OptionalWrapper-Package /r
install_wim_tweak_NET4.6.exe /p D:\NTLite\Temp\NLTmpMnt01\ /c Windows-Defender-AM-Default-Definitions-Package /r
Exit
 
And same for listing Packages whatever MS put in their installs and close again in wim_tweak(NET4.6) - so nothing is open when finishing NTL:

@echo off
cd /d "%~dp0"
echo Uninstalling ...
CLS
install_wim_tweak_NET4.6.exe /p D:\NTLite\Temp\NLTmpMnt01\ /l
echo Finished
pause

install_wim_tweak.exe(_NET4.6.exe) /p <MountPath>
This will list all the packages available in the selected image and write them to a text file in the same directory.
 
Last edited:
Just to add a WARNING using wim_tweak as Garlin try to point out:
wim_tweak(NET46) only remove the actual package(s) without considering dependecies as NTL does.
So unless you know what to remove without dependency - don't use it - NTL is the reliable tool for slimming down Windows.
Thanks.
 
I wouldnt dism out anything major, on w7 it would be daft stuff like gadgets localisation packs, things of that sort that shouldnt be in a Pro edition. 8.1 would be similar but with those naff vpns, trimming the fat but leaving the meat. Anything more advanced would be lited out.
 
Clanger said:
I wouldnt dism out anything major, on w7 it would be daft stuff like gadgets localisation packs, things of that sort that shouldnt be in a Pro edition. 8.1 would be similar but with those naff vpns, trimming the fat but leaving the meat. Anything more advanced would be lited out.
Click to expand...
Sure you already tested your hee-haws out to make 7 work the way you like
 
I prefer live tesing with cbsenum, you find all the pluses and minuses except what breaks setup.
 
Can't argue about what you prefer.
But with install_wim_tweak(_NET4.6)? you can Open/ List/ Close again in a cmd regarding W7/ 8-11 packages.
From a NTL image mounted (my path - change to suit):
@echo off
cd /d "%~dp0"
echo Uninstalling ...
CLS
install_wim_tweak_NET4.6.exe /p D:\NTLite\Temp\NLTmpMnt01\ /l
echo Finished
pause

install_wim_tweak.exe /p <MountPath>
This will list all the packages available in the selected image and write them to a text file in the same directory
Click to expand...
And on a live install:
@echo off
cd /d "%~dp0"
echo Uninstalling ...
CLS
install_wim_tweak_NET4.6.exe /o /d /l
install_wim_tweak_NET4.6.exe /h /o /d /l
echo Finished
pause
Click to expand...
Open - list and close - we'll prefer different - but as long it's working who cares?
 
You must log in or register to reply here.
Back
Top