Windows Server 2019 Need to Download and Run without AV Deleting Files
-
I made this script cause I dont rely on Windows AV , i rely on my judgement on how not to get Viruses
sc config "wuauserv" start= disabled sc config "Sense" start= disabled sc config "WdNisSvc" start= disabled sc config "WinDefend" start= disabled REG add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 4 /f @echo off echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender -> Turn Off" echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> File Explorer -> Configure Windows Defender SmartScreenTurn -> Off" echo "REGEDIT = Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUA=0" sc stop wuauserv sc stop Sense sc stop WdNisSvc sc stop WinDefend
You dont need all of it, i think you only need
@echo off
echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> Windows Defender -> Turn Off"
echo "Remember to gpedit.msc -> Computer Configurations -> Administrative Template -> Windows Component -> File Explorer -> Configure Windows Defender SmartScreenTurn -> Off"Try to do the 2 gpedit using command line, I am not sure how then reboot
-
So here is an interesting point. The sc commands appear to silently fail in PowerShell, and throw an Access Denied error in CMD.
-
@scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
I have a Windows Server 2019 pure command line machine and I need to download and run some stuff. But when I download a file I just get "Program failed to run: Operation did not complete successfully because teh file contains a virus or potentially unwanted software". And the OS instantly deletes the file.
I have used this command to turn on Windows Defender:
sc stop WinDefend
but this doesn't change the behaviour. It does the same thing regardless.I don't want to completely remove Defender, but I can't seem to get around it. It's overly aggressive and I can find no way to stop it so that I can install software.
If you use WAC, you can see what is happening and make an exception for that file.
There's a whole Defender area in there, it's pretty cool.
-
@Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
If you use WAC, you can see what is happening and make an exception for that file.
Can I even install that, given that downloads and installs are what is not working?
-
@scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
@Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
If you use WAC, you can see what is happening and make an exception for that file.
Can I even install that, given that downloads and installs are what is not working?
You would have it on something else and add this server to your list. But if you can't download anything, something is very off.
-
@Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
@scottalanmiller said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
@Obsolesce said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
If you use WAC, you can see what is happening and make an exception for that file.
Can I even install that, given that downloads and installs are what is not working?
You would have it on something else and add this server to your list. But if you can't download anything, something is very off.
Fresh install
-
What type of executable file keep getting deleted, exe or msi?
-
@black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
What type of executable file keep getting deleted, exe or msi?
It is a .exe in the case of my experiment.
-
For now, just temporary disable Real-Time Protection via PowerShell
Set-MpPreference -DisableRealtimeMonitoring $true
Download the executable and scan it manually before you install
Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan
Enable Real-Time Protection after the install
Set-MpPreference -DisableRealtimeMonitoring $false
-
@black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
For now, just temporary disable Real-Time Protection via PowerShell
Set-MpPreference -DisableRealtimeMonitoring $true
Download the executable and scan it manually before you install
Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan
Enable Real-Time Protection after the install
Set-MpPreference -DisableRealtimeMonitoring $false
Excellent, now THAT did it.