Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Group policies still work so effectively that I've set up a local domain using a controller in my homelab that does nothing but change the defender policies automatically for all users.


group policy no longer works on win11. updates will reverse it. additionally defender detects turning off realtime monitoring as malware.


Group policies and registry keys are gentle suggestions. Deleting or renaming files is "I wasn't asking, it's my computer not yours" kind of approach.


Oh, I thought the "I wasn't asking" option was to just reimage it with Linux.


…until Windows Update Repair or the like undo your changes.


You can do this to Windows Update too.


Which itself gets repaired by Windows Update Repair.


Either way, removing C:\windows\system32\wua* did it for me


I thought so too, but if you switch everything off (including Tamper Protection) in the UI, then turn it off via (local!) Group Policy, it sticks. I’ve set up a few Windows 10 22H2 & 11 24H2 test VMs this way and they still have Defender disabled.

(I think you need to disable Tamper Protection first, otherwise you later get a threat detected of “WinDefendDisable”, but if you allow/unquarantine it doesn’t auto-enable again)


And yet I have none of these issues on 11 LTSC 24H2? Sounds like you forgot to disable Tamper Protection


As someone who moved to Linux 10 years ago, this comment chain shows Windows became the real hacker distro


In a sense, it has been for a long time.

With Linux, there's often a good clean way to do a thing, and then there are weird hacks.

On Windows, it often starts with weird hacks, as Microsoft is further enclosing its ecosystem.

(I use Windows mostly for gaming and VR, and still have to constantly fiddle with the system to keep it working on a basic level, sad face emoji. Who would've thunk that merely playing a 8K European documentary in VR would require configuring DirectShow filters found on GitHub.)


> Who would've thunk that merely playing a 8K European documentary in VR would require configuring DirectShow filters found on GitHub.

Dios Mio, get mpv, enable gpu-hq


Thanks! How do I run it in VR though? Can't find it in the manual[1]

[1]: https://mpv.io/manual/master/


via Virtual Desktop I suppose. So mpv would do all of the video stuff and then would blit a SbS video onto VD, and VD would warp the two halves on a spherical surface?

Honestly I've never thought about that before.


By doing it slowly they enabling a hacker spirit to evolve, which I’m sure is unintentional.


The 'weird hack' is actually just a normal option left hanging in Defender options that clearly states it will prevent "other" stuff from changing Defender settings


To prepare Win11 Enterprise edition image for distribution, I run ~200 lines long powershell script, nuking every bloatware MS puts into Win. It's ridiculous.

Linux distro devs, working for free, pushing excellent product can't compare with these clowns in high-paying jobs at Microsoft, pretending they're working.


Care to share the powershell script with us?


https://github.com/Raphire/Win11Debloat

I start with Tiny11 first though these days, then run that to get rid of the last few bits.


I found that this script broke Win+R Run dialog history by setting Start_TrackProgs. This was undocumented, and I had to disable it manually. (Worse yet, it doesn't show up on GitHub search because the .reg files are UTF-16.)


its been disabled. defender group policy auto re-enabling is readily reproducible. i have a screenshot showing defender detecting the group policy change as a malware detection.

any control you think you have over windows is imaginary.


Once again: Tamper Protection




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: