Jump to content

(Error)Add Exclusions for Windows Defender in Windows 10 with reg add.


Recommended Posts

Hi

Iam making an unattended istall for windows 10. (Autounattend.xml) And I need to exclude some files. With Win 7 could do it with  reg add  pointing to the key.

With Win 10 I get error "Not alowed to alter Key"

Using this;

REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /V "C:\Program Files\Rig\AutoPass.exe" /t REG_DWORD /d 0 /f

 

Is it possible to do this earlier during the install before Defender grab "hold" on the registry?

 

Link to comment
Share on other sites


Thanks for respons !

It appears as if you need to take ownership, and change permissions.

Well I have tried that. No go.

I have seen this:

"Windows Defender has a kernel-mode driver (wdfilter.sys) that registers a Registry callback filter which protects Defender’s registry keys.".

 

That's why I ask; "Is it possible to do this earlier during the install before Defender grab "hold" on the registry?"

Link to comment
Share on other sites

Possible, using unattend answer file
RunSynchronousCommand in specialize pass runs under system account and have full access to registry

    <settings pass="specialize">        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">            <RunSynchronous>                <RunSynchronousCommand wcm:action="add">                    <Path>REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /V "C:\Program Files\Rig\AutoPass.exe" /t REG_DWORD /d 0 /f</Path>                    <Order>1</Order>                    <Description>Registry</Description>                </RunSynchronousCommand>            </RunSynchronous>        </component>    </settings>
Link to comment
Share on other sites

  • 2 weeks later...

Thank's for answering abbodi1406 !

 

Can I do it like this:

<?xml version="1.0" encoding="utf-8"?>

 

<unattend xmlns="urn:schemas-microsoft-com:unattend">

 

    <settings pass="windowsPE">

 

        <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <SystemLocale>nb-NO</SystemLocale>

 

            <UserLocale>nb-NO</UserLocale>

 

            <UILanguage>nb-NO</UILanguage>

 

            <UILanguageFallback>nb-NO</UILanguageFallback>

 

            <InputLocale>0409:00000409</InputLocale>

 

        </component>

 

        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <UserData>

 

                <ProductKey>

 

                    <Key>xxxxxxxxxxxx</Key>

 

                    <WillShowUI>OnError</WillShowUI>

 

                </ProductKey>

 

                <Organization>Hjemme</Organization>

 

                <FullName>Kunde</FullName>

 

                <AcceptEula>true</AcceptEula>

 

            </UserData>

 

            <ImageInstall>

 

                <OSImage>

 

                    <InstallFrom>

 

                        <MetaData wcm:action="add">

 

                            <Key>/IMAGE/NAME</Key>

 

                            <Value>Windows 10 Pro</Value>

 

                        </MetaData>

 

                    </InstallFrom>

 

                </OSImage>

 

            </ImageInstall>

 

        </component>

 

    </settings>

 

    <settings pass="oobeSystem">

 

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <UserAccounts>

 

                <LocalAccounts>

 

                    <LocalAccount wcm:action="add">

 

                        <Name>Kunde</Name>

 

                        <Group>Administrators</Group>

 

                        <Password>

 

                            <PlainText>true</PlainText>

 

                            <Value></Value>

 

                        </Password>

 

                    </LocalAccount>

 

                </LocalAccounts>

 

            </UserAccounts>

 

            <OOBE>

 

                <HideEULAPage>true</HideEULAPage>

 

                <NetworkLocation>Home</NetworkLocation>

 

                <ProtectYourPC>1</ProtectYourPC>

 

                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>

 

            </OOBE>

 

        </component>

 

        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <UILanguage>nb-NO</UILanguage>

 

            <UserLocale>nn-NO</UserLocale>

 

            <InputLocale>0414:00000414</InputLocale>

 

        </component>

 

    </settings>

 

    <settings pass="specialize">

 

        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <AutoLogon>

 

                <Enabled>true</Enabled>

 

                <Username>Kunde</Username>

 

                <Password>

 

                    <Value />

 

                    <PlainText>true</PlainText>

 

                </Password>

 

                <LogonCount>9999999</LogonCount>

 

            </AutoLogon>

 

<RunSynchronous>

 

                <RunSynchronousCommand wcm:action="add">

 

                    <Path>REG ADD "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /V "C:\Program Files\Rig\AutoPass.exe" /t REG_DWORD /d 0 /f</Path>

 

                    <Order>1</Order>

 

                    <Description>Registry</Description>

 

                </RunSynchronousCommand>

 

            </RunSynchronous>

 

        </component>

 

 

            <TimeZone>W. Europe Standard Time</TimeZone>

 

            <ComputerName>Kundexx</ComputerName>

 

        </component>

 

        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <SearchScopes>

 

                <Scope wcm:action="add">

 

                    <ScopeDefault>true</ScopeDefault>

 

                    <ScopeDisplayName>Google</ScopeDisplayName>

 

                    <ScopeUrl>http://www.google.com/search?q={searchTerms}</ScopeUrl>

 

                    <ScopeKey>Google</ScopeKey>

 

                </Scope>

 

            </SearchScopes>

 

        </component>

 

        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

 

            <SearchScopes>

 

                <Scope wcm:action="add">

 

                    <ScopeDisplayName>Google</ScopeDisplayName>

 

                    <ScopeKey>Google</ScopeKey>

 

                    <ScopeUrl>http://www.google.com/search?q={searchTerms}</ScopeUrl>

 

                    <ScopeDefault>true</ScopeDefault>

 

                </Scope>

 

            </SearchScopes>

 

        </component>

 

    </settings>

 

    <cpi:offlineImage cpi:source="wim:g:/win_10/sources/install.wim#Windows 10 Pro" xmlns:cpi="urn:schemas-microsoft-com:cpi" />

 

</unattend>

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...