-
Notifications
You must be signed in to change notification settings - Fork 925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is Windows 10 still blocking me from running malware? #442
Comments
Unfortunately for us, this is hard to properly disable in newer Windows versions. We share our current best experience in the installation section https://github.com/mandiant/flare-vm#installation. However, this may take several attempts and reboots (it's good to test with the EICAR test virus). I've had the best results with the GPO modifications. |
What worked for me several times is the following workflow:
|
Defender Control by Sordum Team can disable the Defender even on latest Windows 10 22H2. But the problem is #461 |
The following walks you through disabling defender permanently for Windows 10. Quick Steps: Open Regedit (as user) -->go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Right click and add a DWORD (32 bit) Value - name it "DisableAntiSpyware" Right click new entry select modify; change hexidecimal from 0 to 1. Close regedit Defender is permanently disabled. Video Walkthrough below; Found on YouTube. This is not my video and all credit goes to the author. I have successfully integrated this process into the Windows 10 ISO provided by this repo |
I'm not sure if this has been documented anywhere here yet (I did not see it). I recently ran into this issue myself and was looking for a solution too. I did find one. Note: Once this is configured this way, it cannot be undone because you will lose permission to modify the directory permissions I found that disabling Windows Defender by adjusting the owner of the I found this tip from @OALabs on YouTube here: https://youtu.be/0eR8yrDLV5M?si=PgD8DhsbF6H6QN2O&t=675 Written instructions:
Note: I tried this on a Windows 11 and 10 VM. It works on both, but installing FlareVM on Win11 with the current version of the script has a lot of bugs. Hope this helps! |
I am analyzing some malware on Windows 10. I installed FLARE VM, disabled tamper protection and disabled the virus scanner in the registry. However when I attempt to run a malware, Windows is still preventing me from running it. What am I missing to get this to work?
I disabled it by adding
DisableAntiSpyware
toHKLM/Software/Policies/Microsoft/Windows Defender
and setting it to1
.The text was updated successfully, but these errors were encountered: