Hi all,
So I downloaded Kontakt 7 but in order to make it work, you have to run a patch, but defender think it's a virus and deletes it immediately after I unzip it.

The thing is, since I did a complete reset on my PC, my Microsoft Defender app is broken and I cannot turn it off. I have tried everything and contacted Microsoft who confirmed it is a known issue and the only thing to do is wait for a fix to be released. However, its now been over a month and I gave up on fixing this, but I am wondering if any workaround exists.

Is there a way to make the file not detected as a threat? I have a laptop with no issues, could I remotely patch the file with Google drive or something? Could I manually do what the patch is supposed to and of so, how?

Any help is greatly appreciated. Thanks!

 

First, make sure this patch is from a reputable source. If you're not sure where it came from, don't trust it. Then, if all is well, you probably need to set the patch as an exclusion in your Defender settings:

In Windows 10 -> Windows Security --> Virus & Threat Protection --> Under Virus & threat protection settings, click on Manage Settings --> Scroll down near the bottom and look for Exclusions --> click Add or remove exclusions

 

#1. there should be no internet connections to a production machine running scene releases.
#2. win update and A/V, MS Store, Firewall etc... should ALL be disabled as in not able to function.

I use this method when the GUI controls either don't do what I want them to, or they are malfunctioning....
to remove defender and its firewall from the equation try the following;
- install the "take ownership" context menu item this will tell you how

- then take ownership of the following system protected files
Defender Advanced Threat Protection Service - %ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe
Defender Firewall Service - %SystemRoot%\system32\mpssvc.dll
Defender Firewall Authorization Driver - %SystemRoot%\System32\drivers\mpsdrv.sys
Defender Network Stream Filter Driver Service - %SystemRoot%\system32\drivers\wdnsfltr.sys

** rename each of the above files to their original names .BAK
EX. "MsSense.exe.BAK" - do this for all 4 files above. reboot.
defender and the firewall will be rendered inert. you can re-establish them by simply reversing everything back.

 

Last edited: Feb 21, 2024

Unfortunately the "Virus and threat protection" tab does not even appear on my defender and if I try to search it an error message pop up... its really broken I really tried everything

 

Ok i'll try that! Won't tamper protection block that though? Because I cannot turn that off either.
Also I'm not quite sure what you mean by production machine? You mean I should turn off wifi while I run the scene release?

 

you can disable tamper protection via the registry this way
production machine = a machine you're using scene releases on to produce audio/video/photo etc...
and yes, running warez on a machine connected to the internet is just asking for stuff to break...

 

Good i'll try that! Thanks for the advice

 

Your method seems to be the most sensible. I located the other three files but I don't see this one.
I do see a wdfilter.sys, but I'm definitely not going to say "close enough" even though a google search does say that this file is related to windows defender network security.
If anyone can advise I would appreciate it.

 

You probably need to set your view to allow for system files to be displayed.

 

Hidden items are shown. What are the chances this will work if I leave that one out of the four files as is?

 

how about you simply install another light AV so that it takes over Defender and then just disable it?

 

if it's not on the system then out of sight out of mind - apply the changes and check the service. if successful it should say something like "service unavailable" or be blank and disabled...

 

You don't need to futz with system or reg or even firewalls, all you need is admin. If you don't have admin, you don't own the machine anyway. You're not allowed to break shit you dont own, as a matter the 'dont be a dick' principle... so since you should have admin if your reading this thread... adding the exclusion folder is useful for the place files get downloaded to and the place you move the download to (if any). Ie your default torrent location and dl manager location. The keygen executable won't be removed. When you unpack it, do so in that folder to that folder (nesting is included). If you unpack it to temp or any other folder its gone. Windows realtime will intercept and quarantine. The archive is still in the download folder though, no need to bother getting windows to restore the unpacked file. Just unpack again, in place. The unpacked keygen and compressed keygen files are now in your folder. Now you go to execute the keygen and.... nothing happens... because realtime is intercepting it. The keygen is not running in the folder, the launched application is outside of the exclusion zone. Turn off realtime protection. It'll launch. Defender is still on and running. This would be an unideal time to perform a scan. Do whatever steps with the keygen, when done close keygen app first then turn realtime back on. The archieve and unpacked are still in the download folder, if you need them again just turn off realtime protection in order to launch. Be sure when deleting the keygen files. Defender will intercept from recycling too.

Foreseeable question-
What about viruses?::: malicious actors who know what they doing target industry, they dont care about your porn history or cc numbers. People who would want to launch such dinky things are too dumb to pull it off. This isn't 1990s Hackers era anymore. In current age it is stupidly difficult to silently pass a damaging file from machine to machine. Are you a in a healthcare corporate office? Trucking? Shipping? Maybe then don't try to touch the off knob (which again, hackers... while awesome and still relavent to how some people view tech, is also a weeee bit inaccurate.....)

Ransomeware works because they call Jeff in accounting and get him to give out login credentials. Not because they're launching trojans, getting jenny to open it, then somehow haxoring critical access to systems jenny doesnt have access to. Really, I promise you, almost all modern day malicious network activity that is successful (and isn't being done by nation states) is 99% social engineering. So if Ivan calls, don't tell him your windows login.

You're also not turning defender off, just the realtime super sensitive component. Malicious activies in System and Registry are still gonna trigger it. But that still isn't of concern because you downloaded from sister or the other well known sites that all have existed in some cases for over 20 years, have a comment thread for every file, are not open to public upload and only host from known providers... right?

Heres your security test: If you can't figure out how to add exclusion folders and how realtime is turned on and off, then don't do it. If you can, you'll be fine. Also, if you forget to turn it back on it will do so automagically at some point in the near future ( 30 minutes, maybe 2 hours).