Windows Defender disabled settings bug in W11

xbacox2010, image or deployed (c:\Windows)?
If image, preset please.
If deployed, then as Clanger said, to add just in case, see Apply page warning, disable Tamper protection, reboot, then do the disabling.
Windows requires reboot after Tamper disabling, and it doesn't state so.
 
It could be a bug or Tamper Protection, maybe ms has slipped a new protection for Defender as they are ramming it down our throats, like they did with One Drive and are now doing with Edge.
 
No, 4 disables both Tamper Protection & Cloud-delivered protection.
NTLite needs to be specific as possible, since users might want one setting but not the other.
 
I also need to disable defender on windows 11, but unfortunately I can't, has anyone found a way to permanently disable it on windows 11?
 
I also need to disable defender on windows 11, but unfortunately I can't, has anyone found a way to permanently disable it on windows 11?
Don't confuse things by cross posting. What I meant was to read this thread and try what they suggested. You also never posted your preset in your other thread like you were asked. If you are not going to listen to the things we are asking of you, then we cannot help you:
https://www.ntlite.com/community/index.php?threads/windows-defender-no-windows-11.3012/

Keep any future replies in that other post you created please.
 
That solution does work in taming tamper protection, but its odd.

If I have tamper protection on by default the registry value is 1.
If I toggle it manually it becomes 4.

So I used the 4 value as supplied by Hellbovine (I didnt use any of the other values in the security file).

Tamper protection finally tamed, but real time, cloud, and automatic samples were also disabled. More testing required. In addition tamper protection is locked off managed by administrator, (the only registry setting changed was the tamper flag to 4, no policy flags).

Build of windows is 21H2 LTSC.
 
Again, this has been discussed (do a forum search). Out of the box, Tamper Protection is 0 or 1. When you use Security Center to change the settings -- it's now 4 or 5. That's the same as 0 or 1, but Windows is enumerating "this has added meaning".

Other Defender settings also follow the "0 or 1", and "4 or 5" logic. Don't use 4 or 5, because you're missing whatever undocumented extra action Windows has taken while you're toggling the switch. The toggle doesn't limit itself to just Tamper Protection, there's some related cloud protection settings that get tweaked in the background. You may not notice a difference, but why risk adding an unknown factor?
 
I was here after searching, but have now read your other reply, thanks.

I have said I am not happy with the behaviour of 4, so do agree with you on your reasoning, sadly asking ntlite to disable it in the settings section doesnt work (it stays enabled) which is why I have resorted to looking for an alternative solution.

Of course I did notice, as I check everything to make sure something works as expected. :) I expect this will never get documented because the info would also help those trying to bypass it who are not the machine admin.
 
Last edited:
Back
Top