If you can run as TrustedInstaller, it becomes feasible to rip all of this kind of bullshit out.
Just got my latest patched Win10 Pro copy running totally free of defender. Service is properly stopped. I was able to stop it like you would any other with TI privileges. Local admin just gets denied.
https://github.com/AveYo/LeanAndMean
If you can run as TrustedInstaller, it becomes feasible to rip all of this kind of bullshit out.
Just got my latest patched Win10 Pro copy running totally free of defender. Service is properly stopped. I was able to stop it like you would any other with TI privileges. Local admin just gets denied.