This message was deleted.
# _generals
Slackbot
01/22/2024, 11:19 AMThis message was deleted.
n
Nick Panaccio
01/22/2024, 11:38 AMI'm not sure if it'd be the same for LTSC, but this is what I used to do for W10 1909-22H2:
In my sealing script, run the following:
Copy code
# Disabling Windows Defender
New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\" -Name "DisableAntiSpyware" -Value 0x1 -PropertyType "DWORD" -Force
# Disabling the Windows Defender Security Center icon
Remove-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -Name "SecurityHealth" -ForceNick Panaccio
01/22/2024, 11:39 AMThat said, I seem to recall having to manually disable tampering in Defender in the master image via PS at one point. Trying to find my notes on that piece.
Nick Panaccio
01/22/2024, 11:40 AMFound them:
Required for 20H2 and above, and must be run whenever an OS layer is edited
· Click on Virus & threat protection
· Under Virus & threat protection settings, click on Manage settings
· Turn off Tamper Protection and close the two Settings dialog boxes
Nick Panaccio
01/22/2024, 11:40 AMWe were an App Layering shop, but this would apply to traditional master images, too.
d
Dennis Hirsch
01/22/2024, 11:43 AMThanks a lot Nick! Will try that. App Layering is indeed involved, see https://worldofeuc.slack.com/archives/CKBV38LD7/p1704798518008079
TM Support complained that msmpeng.exe is running in the Image.
Dennis Hirsch
01/26/2024, 11:59 AM@Nick Panaccio So the registry Part ist done in Sealing for the App Layer, the GPO is applied to the VDAs and the manual part is done in the OS Layer?
n
Nick Panaccio
01/26/2024, 12:02 PMYep, that's exactly how I handled it. Always gotta use the OS layer for Defender because of how it's integrated (IMO).