Hello everyone, here I am again, this time with a question about the Microsoft.Windows.SecHealthUI?

D

devilink

Member
When ticking Windows Defender all I see is removing Microsoft.Windows.SecHealthUI
Also removed Windows Defender,
Microsoft.Windows.SecHealthUI also contains other portals like: Account Protection, Firewall, Browser Control, Device Security, Family Options
I guess Windows Defender is not the same function as Microsoft.Windows.SecHealthUI.
So, where is the separate Windows Defender?
 
Microsoft.Windows.SecHealthUI is MS new fluent design App to open Defender aka Windows Security on W10/ 11.
All other is accessible through Settings though.
 
Microsoft.Windows.SecHealthUI is associated with Windows Defender as seen when you remove.
And the convenience issue is probably only essential in relation to how often the other functions (if not removed) are used i guess.
 
I think devilink is right, I've seen this discussed a few times in various threads, and I noticed it too when I made my image. Maybe Nuhi can look into splitting these out?

The problem is this:

Removing Defender from the components in NTLite also removes the "Security Center" app from the start menu. This app is separate from Defender in functionality, because like devilink said, it controls a heck of a lot of other settings that aren't accessible anymore once you remove this Security Center app. The only way to then change these very important settings is via direct RegEdit, which is more difficult since so much is undocumented.

I attached a registry file I created for my image, to show people just how many different settings are accessible from the Security Center. This isn't all of them either. You adjust Action Center settings here, Firewall settings, DEP and other non-Defender security settings, etcetera. By removing Defender (thereby removing Security Center too) you lose out on all of these settings and more.
 

Attachments

  • Reg_2_Security.reg
    21.4 KB
francis11 said:
Microsoft.Windows.SecHealthUI is associated with Windows Defender as seen when you remove.
And the convenience issue is probably only essential in relation to how often the other functions (if not removed) are used i guess.
Click to expand...
No, Windows Defender is just an option on Microsoft.Windows.SecHealthUI. Their relationship should be Windows Defender < Microsoft.Windows.SecHealthUI. Remove Windows Defender, just remove an option above Microsoft.Windows.SecHealthUI.
 
Hellbovine said:
I think devilink is right, I've seen this discussed a few times in various threads, and I noticed it too when I made my image. Maybe Nuhi can look into splitting these out?

The problem is this:

Removing Defender from the components in NTLite also removes the "Security Center" app from the start menu. This app is separate from Defender in functionality, because like devilink said, it controls a heck of a lot of other settings that aren't accessible anymore once you remove this Security Center app. The only way to then change these very important settings is via direct RegEdit, which is more difficult since so much is undocumented.

I attached a registry file I created for my image, to show people just how many different settings are accessible from the Security Center. This isn't all of them either. You adjust Action Center settings here, Firewall settings, DEP and other non-Defender security settings, etcetera. By removing Defender (thereby removing Security Center too) you lose out on all of these settings and more.
Click to expand...
Thank you for agreeing with my point of view.
 
Hellbovine said:
I think devilink is right, I've seen this discussed a few times in various threads, and I noticed it too when I made my image. Maybe Nuhi can look into splitting these out?
Click to expand...
SecHealthUI is Appx, which cannot be split like a Windows component. In theory, you could edit Appx contents but there's no automation for it.
According to MDL forum, SecHealthUI is updated by WU as an unlisted KB package.

The best you can do is disable Defender, and hide the UI from Security Center.
https://www.ntlite.com/community/index.php?threads/discussion-on-removing-defender.3052/post-28760
 
In w11 SecHealthUI for example, if you go to Account Protection, the only thing that appears on my installation (with Defender) is:
- if you do not have an MS account, but are logged in as a local user.
- Logon with Hello not possible as I removed it.
- Dynamic lock not available on my device.

But in reality it is probably a question of if you remove Defender, that it must be replaced by something else despite the slightly more complicated approach to the other functions?

And it will be a welcome old wish that if Nuhi chooses and spends time to separate Microsoft.Windows.SecHealthUI from Security Center and Defender, then he could perhaps list removal options for the approx. 100 mb. default definitions in for minimizing the finished Apllied iso in for installation.

Afaik, the "security center" is the cloud part of Defender (as Firewall is kept under Network) as it only depends on Defender (The gui part is in SecHealthUI.exe as it start when access Windows Security in StartMenu.
Security Center can be removed without removing Windows Defender.
 
Last edited:
garlin said:
SecHealthUI is Appx, which cannot be split like a Windows component. In theory, you could edit Appx contents but there's no automation for it.
According to MDL forum, SecHealthUI is updated by WU as an unlisted KB package.

The best you can do is disable Defender, and hide the UI from Security Center.
https://www.ntlite.com/community/index.php?threads/discussion-on-removing-defender.3052/post-28760
Click to expand...
U can open wim file via 7zip (without extracting) and make your edits in it. if u want to edit installed appx content, that is the easiest way to do without changing ownerships. but after first update all changes will reset. so don't ever bother.
 
garlin said:
SecHealthUI is Appx, which cannot be split like a Windows component...
Click to expand...
Dang, I was afraid of that. Well thanks everyone for looking into it. I guess we can just use reg compare tools to get all the settings we need out of the security center app on an unmodified install, then just remove it and defender and go about our business.

All of this appx stuff worries me for the future, come W12 or W13 it feels like nothing will be customizable anymore if they continue in this restrictive direction...
 
You're all are missing the whole point. Windows Defender is released into three parts:

SecHealthUI (Security Center) Appx

Defender Platform update installer (not a MSU)

Defender signature updates installer

If you extract them, the Security Center is a single UI app, and Defender Platform does all the work. WU is expected to pushed these out since they're not tied to the CU update cycle. Since SecHealthUI is a monolithic app (much like SystemSettings), you can't split it into pieces.
 
Just to clarify, because it kind of feels like things got misinterpreted a little between all the different replies--if Defender comes in 3 sections, can NTLite remove Defender Platform + Signatures, but leave the Appx behind? Or does this specific Appx only work when all 3 parts are combined?

OP and I aren't wanting to split the Security Center app itself, rather remove Defender and keep this settings page available to toggle in a UI. Just like how if you uninstall OneDrive then those relevant settings will disappear from the Windows "Settings" panel, but the "Settings" panel still exists.
 
Hellbovine said:
Just to clarify, because it kind of feels like things got misinterpreted a little between all the different replies--if Defender comes in 3 sections, can NTLite remove Defender Platform + Signatures, but leave the Appx behind? Or does this specific Appx only work when all 3 parts are combined?

OP and I aren't wanting to split the Security Center app itself, rather remove Defender and keep this settings page available to toggle in a UI. Just like how if you uninstall OneDrive then those relevant settings will disappear from the Windows "Settings" panel, but the "Settings" panel still exists.
Click to expand...
The third part is the signatures (witch get removed with defender) aka default definitions in wim packages and be.:
Windows-Defender-AM-Default-Definitions-OptionalWrapper-Package~31bf3856ad364e35~amd64~~10.0.22621.1
Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~amd64~~10.0.22621.1

Removing Defender automatically removes the interface too aka SecHealthUI.
If removing Defender why have to have a interface (UI) you can already access via Settings for other functions - if not removed?
 
francis11 said:
"you can already access via Settings for other functions"
Click to expand...
This is only partially true, and why I tried to illustrate the dilemma with my reg file I attached.

On W10 the Security Center has dozens of settings. Yes, most of them are Defender-only, and become irrelevant if Defender components are removed, however others aren't.

For example, DEP (Control\Session Manager\kernel) as well as other related options are easily accessed through this panel. As far as I know, DEP has nothing to do with Defender, unless Microsoft changed that over the years, because DEP goes all the way back to XP, long before Defender existed.

Are these keys handled by Defender directly?
\Microsoft\Windows Security Health\State
\Microsoft\Edge\

There's other settings I haven't toggled, and/or don't have access to so I don't know how many settings in total become orphaned without a user interface once Security Center is gone. Not all of these settings have a user interface elsewhere, or for the ones that do they aren't as easy or intuitive to toggle them on and off in the other places (DEP for example had to historically be edited in the boot.ini which is more dangerous compared to doing it in the Security Center).
 
Hellbovine said:
This is only partially true, and why I tried to illustrate the dilemma with my reg file I attached.

On W10 the Security Center has dozens of settings. Yes, most of them are Defender-only, and become irrelevant if Defender components are removed, however others aren't.

For example, DEP (Control\Session Manager\kernel) as well as other related options are easily accessed through this panel. As far as I know, DEP has nothing to do with Defender, unless Microsoft changed that over the years, because DEP goes all the way back to XP, long before Defender existed.

Are these keys handled by Defender directly?
\Microsoft\Windows Security Health\State
\Microsoft\Edge\

There's other settings I haven't toggled, and/or don't have access too so I don't know how many settings in total become "orphaned" without a user interface once Security Center is gone. Not all of these settings have a user interface elsewhere, or for the ones that do they aren't as easy or intuitive to toggle them on and off in the other places (DEP for example had to historically be edited in the boot.ini which is more dangerous compared to doing it in the Security Center).
Click to expand...
I don't care about security center at all so it has never been a big issue for me. I don't need it telling me I messed up when I already know I did and I get enough of that from the wife

I did a DEP on and off post on another forum before and yes it doesn't need defender. In the post it showed the difference it was on ram and if it does anything additional. It was actually very interesting results. DDR3 and under got the most benefit with it off having less going across the board then DDR4 and up. DDR4 and up saw extremely little to no affect at all.

This is all on a grain of salt though....my ram is tighter then a virgin and have the record(which isn't much to say for a am3 system and nobody really using AM3 systems anymore haha) for 24 hour running.
 
Necrosaro said:
...I did a DEP on and off post on another forum before and yes it doesn't need defender...
Click to expand...
Right, that's what I suspected. And on that note, there's all sorts of new contraptions added in the newer OS, which are also handled in the Security Center too, which is why this is important, because these following settings are among the most important performance settings there are in all of Windows:

; Start > Windows Security > App & browser control > Exploit protection settings > Control flow guard (CFG)
; Start > Windows Security > App & browser control > Exploit protection settings > Data Execution Prevention (DEP)
; Start > Windows Security > App & browser control > Exploit protection settings > Force randomization for images (Mandatory ASLR)
; Start > Windows Security > App & browser control > Exploit protection settings > Randomize memory allocations (Bottom-up ASLR)
; Start > Windows Security > App & browser control > Exploit protection settings > High-entropy ASLR
; Start > Windows Security > App & browser control > Exploit protection settings > Validate exception chains (SEHOP)
; Start > Windows Security > App & browser control > Exploit protection settings > Validate heap integrity

So, if DEP isn't handled by Defender, are these other 6 items not handled by Defender too? They must not be, because they are all kernel tweaks. That part of the equation is above my paygrade though, I don't know all the book learning aspects. I think there's at least 1-2 dozen settings held inside this App that aren't handled by Defender, and likely have no other way to access them apart from direct regedit.
 
Hellbovine said:
Right, that's what I suspected. And on that note, there's all sorts of new contraptions added in the newer OS, which are also handled in the Security Center too, which is why this is important, because these following settings are among the most important performance settings there are in all of Windows:

; Start > Windows Security > App & browser control > Exploit protection settings > Control flow guard (CFG)
; Start > Windows Security > App & browser control > Exploit protection settings > Data Execution Prevention (DEP)
; Start > Windows Security > App & browser control > Exploit protection settings > Force randomization for images (Mandatory ASLR)
; Start > Windows Security > App & browser control > Exploit protection settings > Randomize memory allocations (Bottom-up ASLR)
; Start > Windows Security > App & browser control > Exploit protection settings > High-entropy ASLR
; Start > Windows Security > App & browser control > Exploit protection settings > Validate exception chains (SEHOP)
; Start > Windows Security > App & browser control > Exploit protection settings > Validate heap integrity

So, if DEP isn't handled by Defender, are these other 6 items not handled by Defender too? They must not be, because they are all kernel tweaks. That part of the equation is above my paygrade though, I don't know all the book learning aspects. I think there's at least 1-2 dozen settings held inside this App that just aren't handled by Defender, and likely have no other way to acces them apart from direct regedit.
Click to expand...
I would say no, I do not have defender or security center on my system(those are usually the first I purge from my system)

Will see if I have any of these left and see if they do just in case for science
 
Hellbovine said:
So, if DEP isn't handled by Defender, are these other 6 items not handled by Defender too? They must not be, because they are all kernel tweaks. That part of the equation is above my paygrade though, I don't know all the book learning aspects. I think there's at least 1-2 dozen settings held inside this App that aren't handled by Defender, and likely have no other way to access them apart from direct regedit.
Click to expand...
These are all kernel tweaks for page memory randomization (to prevent buffer overflows from working, since the pages for a given process are in stored in random order instead of being consecutive).

While they can be addressed by reg tweaks, there is no other UI function for the user.
 
You must log in or register to reply here.
Back
Top