If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Debian 10 "buster" released
Jeff-Relf.Me @.@ wrote:
Some services in windows, if you stop them from task manager, will restart automatically. If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. I'm not too worried about it, I don't think it's necessary. I did kill Cortana, however, using a wooden stake. You could try this. You use GPEDIT on Pro. https://i.postimg.cc/MG2nYPdQ/Windows-Defender-Off.gif Then check for MsMpEng in Task Manager. You either have to push out the policy without rebooting the computer, or, just reboot the computer. Then, check. Some kind of ceremony is required, after enabling that policy. Paul |
Ads |
#2
|
|||
|
|||
Kill "Antimalware Service Executable".
Jeff-Relf.Me @.@ wrote:
Paul replied ( to me ): If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. I'm not too worried about it, I don't think it's necessary. use GPEDIT on Pro. I'm using The Home Edition; no GPEDIT; besides, I don't think that would actually remove the process. I bet you can't do it. https://www.tenforums.com/tutorials/...dows-10-a.html HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows Defender DisableAntiSpyware DWORD 1 https://i.postimg.cc/VvnXcKzy/Task-Manager.gif Paul |
#3
|
|||
|
|||
Debian 10 "buster" released
Some services in windows, if you stop them from task manager, will restart automatically. If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. I'm not too worried about it, I don't think it's necessary. I did kill Cortana, however, using a wooden stake. That won't work. It takes a silver bullet. |
#4
|
|||
|
|||
Remove the "Antimalware Service Executable".
Jeff-Relf.Me @.@ wrote:
Paul replied ( to me ): Remove the "Antimalware Service Executable". I'm using The Home Edition; no GPEDIT; besides, I don't think that would actually remove the process. I bet you can't do it. DisableAntiSpyware DWORD 1 I set that variable many years ago. https://i.postimg.cc/VvnXcKzy/Task-Manager.gif That's not "Antimalware Service Executable"; see: http://Jeff-Relf.Me/Antimalware.Service.Executable.PNG https://i.postimg.cc/wB7L0qyb/differ...ame-result.gif I don't think you're tuned into the comedy of Microsoft naming conventions. No two tabs ever use the exact same string, to start with. You're constantly "attempting to map" from one screen to the next, trying to figure out what they are. You can use Sysinternals Process Explorer (Run As Administrator) as an additional tool for tracking what process each entry is based on. The reason the key is called "DisableAntiSpyware" , is the key was invented in Windows 7 or earlier, when the provided AV solution was "AntiSpyware Only". Along came Microsoft Security Essentials, and suddenly they were in the AntiVirus business. but the name of the key controlling the real-time protection, did not change. The best correlation comes from "what is eating my processor". There are many sporadic processes that come and go. But Search Indexer and MsMpEng are "forever". And MsMpEng is what ties up boot and the early presentation of the Desktop. It "must scan" the essential parts of the OS, before "liftoff". Paul |
#5
|
|||
|
|||
Debian 10 "buster" released
On 7/8/2019 12:29 PM, "Jeff-Relf.Me@."@ wrote:
Some services in windows, if you stop them from task manager, will restart automatically. If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. I'm not too worried about it, I don't think it's necessary. I did kill Cortana, however, using a wooden stake. LOL!! Some services are needed, and the vendor knows it. Otherwise, the system could very well be borked. I don't use Cortana, so I just used the settings to shut it off. |
#6
|
|||
|
|||
Remove the "Antimalware Service Executable".
On 7/8/2019 2:35 PM, Paul wrote:
Jeff-Relf.Me @.@ wrote: Paul replied ( to me ): Remove the "Antimalware Service Executable". I'm using The Home Edition; no GPEDIT; besides, I don't think that would actually remove the process. I bet you can't do it. DisableAntiSpyware DWORDÂ* 1 I set that variable many years ago. https://i.postimg.cc/VvnXcKzy/Task-Manager.gif That's not "Antimalware Service Executable"; see: Â* http://Jeff-Relf.Me/Antimalware.Service.Executable.PNG https://i.postimg.cc/wB7L0qyb/differ...ame-result.gif I don't think you're tuned into the comedy of Microsoft naming conventions. No two tabs ever use the exact same string, to start with. You're constantly "attempting to map" from one screen to the next, trying to figure out what they are. You can use Sysinternals Process Explorer (Run As Administrator) as an additional tool for tracking what process each entry is based on. The reason the key is called "DisableAntiSpyware" , is the key was invented in Windows 7 or earlier, when the provided AV solution was "AntiSpyware Only". Along came Microsoft Security Essentials, and suddenly they were in the AntiVirus business. but the name of the key controlling the real-time protection, did not change. The best correlation comes from "what is eating my processor". There are many sporadic processes that come and go. But Search Indexer and MsMpEng are "forever". And MsMpEng is what ties up boot and the early presentation of the Desktop. It "must scan" the essential parts of the OS, before "liftoff". Â*Â* Paul I'd say that from what I've seen of Defender, it does a better job than others when it comes to ransomware. It isn't perfect, but better than the others. |
#7
|
|||
|
|||
Debian 10 "buster" released
In article Jeff-Relf.Me @.@ wrote: Some services in windows, if you stop them from task manager, will restart automatically. If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. I'm not too worried about it, I don't think it's necessary. I did kill Cortana, however, using a wooden stake. Find the exe file and delete it? |
#8
|
|||
|
|||
"Antimalware Service Executable"
Someone replied ( to me ): If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. Find the exe file and delete it ? Can't delete it, can't rename it, can't "unlock" it, not even with a reboot. If you have knowledge of Linux, you could run systemrescue on a USB with systemrescuecd-x86-4.6.1.iso and delete it from the disk with that. |
#9
|
|||
|
|||
Debian 10 "buster" released
Anonymous Remailer (austria) wrote:
In article Jeff-Relf.Me @.@ wrote: Some services in windows, if you stop them from task manager, will restart automatically. If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. I'm not too worried about it, I don't think it's necessary. I did kill Cortana, however, using a wooden stake. Find the exe file and delete it? In 1903, the Search box and the Pizza Ordering Cortana, are separate items. A useless donut circle sits in your Task Bar, as a memorial to Cortana. You can turn it on if you like. With the Search and Cortana separated like that, the Search is as bland as vanilla extract. You might as well ask a Hobo in the street your question, as enter it in the Search box now. You'll probably get some useless Bing result. I haven't messed around with it, as I was never all that interested in the Pizza Ordering habits of my computer. But what I've got running now, ain't got pizza toppings any more, and the search rectangle "takes me back to Win7" kinda. I like to think of these as "random feature sets". Imagine an elevator in your apartment building. One day, it doesn't go "UP". The next day, it doesn't go "DOWN". Next day, the door has fallen off the front, but it does go UP and DOWN ok. These are great ideas, if only you could see an objective or a plan... Like, why take the door off the elevator ? Faster egress ? Doubles as a melon slicer ? You have to make up your own rationale on these things. Paul |
#10
|
|||
|
|||
Remove the "Antimalware Service Executable".
Jeff-Relf.Me @.@ wrote:
Paul, I already did the "DisableAntiSpyware" thing, long ago; still, "Antimalware Service Executable" is running; see: http://Jeff-Relf.Me/Antimalware.Service.Executable.PNG I don't know what you're doing different. Are you not running Windows 10, v1903, all updates ? I tested on 1903, and the GPEDIT works just like in the older OS I showed you earlier. I used the older OS, because it's a VM I can run without getting out of my chair. It's also "surplus", meaning I can wreck it if I want. I fired up the production 1903 drive on the Test Machine, and the GPEDIT setting still works. https://i.postimg.cc/rshNVMmB/1903.gif I have to go out now, but later I'll install a registry recorder and see if I can figure out what it is setting. Another way to do it, is to use Process Monitor from Sysinternals and try and log registry writes that way. I *do* have the "Tamper Prevention" turned off in the Security Panel - I don't know if that helps or not. One thing I noticed, is around when 1903 showed up, I recorded a failure of the Security Panel. You could use it to turn off Real Time protection, and it would turn itself back on again. (MsMpEng would show in Task Manager). If you try to use the slider again (turn off or turn on or alternate), nothing happens. So something did change in the last release. But the test I did just now, did work. I rebooted and no Antimalware service was running (MsMpEng). I even did a GPUpdate before the reboot, and "pushing" the setting worked as expected. So it can be switched off. The trick is figuring out why yours does not work. It can't possibly be that yours is Home and mine is Pro, because those SKUs are really both intended to be "uncontrollable rubbish". Microsoft wants it that way, so more people will buy the Enterprise version, instead of using Pro as a crutch. (Some Soho customers were using Pro, and Microsoft doesn't want their differentiation eroded by smart customers.) Paul |
#11
|
|||
|
|||
"Antimalware Service Executable"
Of course, if I was using linux, I wouldn't be using Windows at all.
|
#12
|
|||
|
|||
"Antimalware Service Executable"
In article
Jeff-Relf.Me @.@ wrote: Someone replied ( to me ): If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. Find the exe file and delete it ? Can't delete it, can't rename it, can't "unlock" it, not even with a reboot. Boot your system from a Windows CD/DVD. If you don't have one, create one. Control Panel / Backup and Restore / Create a system repair disc. |
#13
|
|||
|
|||
Remove the "Antimalware Service Executable".
On 7/8/2019 4:17 PM, "Jeff-Relf.Me@."@ wrote:
Paul, I already did the "DisableAntiSpyware" thing, long ago; still, "Antimalware Service Executable" is running; see: http://Jeff-Relf.Me/Antimalware.Service.Executable.PNG I don't know what you're doing different. Are you not running Windows 10, v1903, all updates ? I'm curious if you just uninstalled Windows Defender? |
#14
|
|||
|
|||
"Antimalware Service Executable"
Snowden wrote:
Someone replied ( to me ): If anyone knows how to kill "Antimalware Service Executable", Windows 10, v1903, I'm all ears. Find the exe file and delete it ? Can't delete it, can't rename it, can't "unlock" it, not even with a reboot. If you have knowledge of Linux, you could run systemrescue on a USB with systemrescuecd-x86-4.6.1.iso and delete it from the disk with that. Before switching from Windows to Linux. 1) As Admin "compact /compactOS:never" to remove compression reparse points. Doesn't free all files, but gives access to System32. 2) Turn off Fast Boot in Windows 10 (rides piggyback on hibernation, and you can't mount NTFS C: if any hibernation has occurred). 3) Be prepared to use "ntfsfix" in Linux, when the inevitable "$MFTMIRR damage" seen by Linux, prevents mount. After ntfsfix, you should be ready to go. 4) Now, do whatever you were going do to... Of course you can delete MsMpEng, but remember it's hard linked from WinSXS. Deleting the handle in System32 is not the final handle and ref count to the clusters representing the file. In Linux, using "ls" with the "inode" option, two files with the same Linux inode, are hardlinks in Windows. And MsMpEng is going to be linked to a file version in WinSXS with the same string as part of its name. WinSXS is the "maintenance folder" and is where version control is done. The "right" version is then hard-linked into System32. I've done one of these for wuauserv (Windows Update). Paul |
#15
|
|||
|
|||
Win10 is a random, ever changing, grab bag of features (Was: [inexplicably] Debian 10 "buster" released)
In article , Paul wrote:
.... I like to think of these as "random feature sets". Imagine an elevator in your apartment building. One day, it doesn't go "UP". The next day, it doesn't go "DOWN". Next day, the door has fallen off the front, but it does go UP and DOWN ok. These are great ideas, if only you could see an objective or a plan... Like, why take the door off the elevator ? Faster egress ? Doubles as a melon slicer ? You have to make up your own rationale on these things. Exactly! Glad to hear someone else making this observation. This is what I have been saying all along - that Win10 is this ever-changing random grab bag of features. The elevator analogy is apt. It (W10) is quite suitable for the cell-phone generation. They like things constantly changing for no good reason. -- The difference between communism and capitalism? In capitalism, man exploits man. In communism, it's the other way around. - Daniel Bell, The End of Ideology (1960) - |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|