From 41e7129da720e162ad7190f428dd1c9797092beb Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 8 Nov 2025 18:53:18 +0000
Subject: [PATCH 1/2] Initial plan


From 7486fa50465b18885b6d6cb7b94409231bf4fa3f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 8 Nov 2025 18:56:19 +0000
Subject: [PATCH 2/2] Add images to README and fix registry file with version
 placeholder

Co-authored-by: Bravee9 <147709380+Bravee9@users.noreply.github.com>
---
 DisableAntimalwareExecutable.reg | 12 +++++++++++-
 README.md                        | 28 ++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/DisableAntimalwareExecutable.reg b/DisableAntimalwareExecutable.reg
index 5a85436..2404f8f 100644
--- a/DisableAntimalwareExecutable.reg
+++ b/DisableAntimalwareExecutable.reg
@@ -3,9 +3,19 @@ Windows Registry Editor Version 5.00
 ; Disable Windows Defender Antimalware Service Executable
 ; WARNING: This disables real-time malware protection
 ; Ensure you have alternative antivirus software installed and active
+;
+; IMPORTANT: Before using this file, you MUST replace [YOUR_VERSION] below
+; with your actual Windows Defender version folder name.
+;
+; To find your version:
+; 1. Open File Explorer
+; 2. Navigate to: C:\ProgramData\Microsoft\Windows Defender\Platform\
+; 3. Find your version folder (e.g., 4.18.24090.1-0)
+; 4. Replace [YOUR_VERSION] below with that folder name
+; 5. Save this file before double-clicking to apply
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
 "Start"=dword:00000003
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
-"ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\disabled\\mpextms.exe"
\ No newline at end of file
+"ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\[YOUR_VERSION]\\mpextms.exe"
\ No newline at end of file
diff --git a/README.md b/README.md
index 966252f..b4e8765 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,8 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
    - Press `Windows + R`, type `rstrui.exe`, and press Enter
    - Click "Create a restore point"
    - Name it "Before disabling Windows Defender" and create it
+   
+   ![Create System Restore Point](pictures/Picture1.png)
 
 2. **Install Alternative Security Software:**
    - Ensure you have a reputable third-party antivirus installed and active
@@ -43,12 +45,30 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
 
 2. **Download the registry file:**
    - [DisableAntimalwareExecutable.reg](./DisableAntimalwareExecutable.reg)
+   
+   ⚠️ **IMPORTANT**: Before using the registry file, you MUST update the Windows Defender version path:
+   - Open File Explorer and navigate to: `C:\ProgramData\Microsoft\Windows Defender\Platform\`
+   - Find your Windows Defender version folder (e.g., `4.18.24090.1-0`)
+   - Open `DisableAntimalwareExecutable.reg` with a text editor (Notepad)
+   - Replace `[YOUR_VERSION]` in the ImagePath line with your actual version folder name
+   - Save the file
+   
+   Example: If your version folder is `4.18.24090.1-0`, change:
+   ```
+   "ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\[YOUR_VERSION]\\mpextms.exe"
+   ```
+   to:
+   ```
+   "ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.24090.1-0\\mpextms.exe"
+   ```
 
 3. **Enable Safe Mode:**
    - Press `Windows + R`, type `msconfig`, and press Enter
    - Navigate to the **Boot** tab
    - Check **Safe boot** and select **Minimal**
    - Click **OK** and restart your computer
+   
+   ![Enable Safe Mode in System Configuration](pictures/Picture2.png)
 
 4. **Apply Registry Changes:**
    - Once in Safe Mode, double-click the downloaded `.reg` file
@@ -80,12 +100,16 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
    - Navigate to the **Boot** tab
    - Check the box for **Safe boot** and select **Minimal**
    - Click **OK** and restart your computer
+   
+   ![Enable Safe Mode in System Configuration](pictures/Picture2.png)
 
 ### Step 2: Access Registry Editor in Safe Mode
 1. **Open Registry Editor:**
    - Once in Windows Safe Mode, press `Windows + R`
    - Type `regedit` and press Enter to open **Registry Editor**
    - Click **Yes** if prompted by User Account Control
+   
+   ![Open Registry Editor](pictures/Picture3.png)
 
 ### Step 3: Navigate to Windows Defender Service
 1. **Find the Service Key:**
@@ -101,6 +125,8 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
    - Note the current value (typically `2` for Automatic)
    - Double-click and change to `3` (Manual) or `4` (Disabled)
    - **Recommended**: Use `3` (Manual) instead of `4` (Disabled) for easier recovery
+   
+   ![Modify Start Value to 4](pictures/Picture4.png)
 
 2. **Modify ImagePath (Optional but Recommended):**
    - Locate the `ImagePath` key (String value)
@@ -110,6 +136,8 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
      C:\ProgramData\Microsoft\Windows Defender\Platform\[version]\mpextms.exe
      ```
    - This prevents the service from starting even if re-enabled
+   
+   ![Modify ImagePath Value](pictures/Picture5.png)
 
 ### Step 5: Exit Safe Mode
 1. **Disable Safe Mode:**