Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 954124" data-attributes="member: 32260"><p><strong>Post updated.</strong></p><p></p><p>If one wants to clear the Defender History or solve the problem with crashing Defender History there is a simple solution.</p><ol> <li data-xf-list-type="ol">Download the AdvancedRun:<br /> for Windows 32-bit: <a href="https://www.nirsoft.net/utils/advancedrun.zip" target="_blank">https://www.nirsoft.net/utils/advancedrun.zip</a><br /> for Windows 64-bit: <a href="https://www.nirsoft.net/utils/advancedrun-x64.zip" target="_blank">https://www.nirsoft.net/utils/advancedrun-x64.zip</a></li> <li data-xf-list-type="ol">Run AdvancedRun.exe once and close it - the file AdvancedRun.cfg will be created</li> <li data-xf-list-type="ol">Edit the config file AdvancedRun.cfg as it is shown below</li> <li data-xf-list-type="ol">Disable Defender Tamper protection >> Run AdvancedRun.exe to clear the Defender History >> <strong><span style="color: rgb(184, 49, 47)">Enable Tamper Protection.</span></strong></li> </ol><p>After running AdvancedRun it will automatically apply the settings and command lines from the AdvancedRun.cfg and the Defender History will be cleared.</p><p></p><p>The modified content of AdvancedRun.cfg is as follows:</p><p></p><p>[CODE]...</p><p>EXEFilename=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</p><p>CommandLine=net stop windefend; $path = 'c:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db'; if (Test-Path -Path $path) {Remove-Item $path}; $path = 'c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory'; if (Test-Path -Path $path) {Remove-Item $path -Recurse}; net start windefend</p><p>AutoRun=1</p><p>...</p><p>RunAs=8</p><p>...[/CODE]</p><p></p><p>The PowerShell is executed with CommandLine.</p><p>AutoRun=1 means that AdvancedRun does not show the application window and automatically applies the AdvancedRun.cfg</p><p>RunAs=8 means that the process will be run with TrustedInstaller privileges.</p><p></p><p>The CommandLine simply stops Windefend service, checks if the file/folder exists and deletes it, starts Windefend service again.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 954124, member: 32260"] [B]Post updated.[/B] If one wants to clear the Defender History or solve the problem with crashing Defender History there is a simple solution. [LIST=1] [*]Download the AdvancedRun: for Windows 32-bit: [URL]https://www.nirsoft.net/utils/advancedrun.zip[/URL] for Windows 64-bit: [URL]https://www.nirsoft.net/utils/advancedrun-x64.zip[/URL] [*]Run AdvancedRun.exe once and close it - the file AdvancedRun.cfg will be created [*]Edit the config file AdvancedRun.cfg as it is shown below [*]Disable Defender Tamper protection >> Run AdvancedRun.exe to clear the Defender History >> [B][COLOR=rgb(184, 49, 47)]Enable Tamper Protection.[/COLOR][/B] [/LIST] After running AdvancedRun it will automatically apply the settings and command lines from the AdvancedRun.cfg and the Defender History will be cleared. The modified content of AdvancedRun.cfg is as follows: [CODE]... EXEFilename=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe CommandLine=net stop windefend; $path = 'c:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db'; if (Test-Path -Path $path) {Remove-Item $path}; $path = 'c:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory'; if (Test-Path -Path $path) {Remove-Item $path -Recurse}; net start windefend AutoRun=1 ... RunAs=8 ...[/CODE] The PowerShell is executed with CommandLine. AutoRun=1 means that AdvancedRun does not show the application window and automatically applies the AdvancedRun.cfg RunAs=8 means that the process will be run with TrustedInstaller privileges. The CommandLine simply stops Windefend service, checks if the file/folder exists and deletes it, starts Windefend service again. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
