Skip to content

Add illustrative images to README and fix registry file version path #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Bravee9 merged 2 commits into from
Nov 8, 2025
Merged

Add illustrative images to README and fix registry file version path #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
41e7129
Initial plan
Copilot Nov 8, 2025
7486fa5
Add images to README and fix registry file with version placeholder
Copilot Nov 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion DisableAntimalwareExecutable.reg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,19 @@ Windows Registry Editor Version 5.00
; Disable Windows Defender Antimalware Service Executable
; WARNING: This disables real-time malware protection
; Ensure you have alternative antivirus software installed and active
;
; IMPORTANT: Before using this file, you MUST replace [YOUR_VERSION] below
; with your actual Windows Defender version folder name.
;
; To find your version:
; 1. Open File Explorer
; 2. Navigate to: C:\ProgramData\Microsoft\Windows Defender\Platform\
; 3. Find your version folder (e.g., 4.18.24090.1-0)
; 4. Replace [YOUR_VERSION] below with that folder name
; 5. Save this file before double-clicking to apply

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\disabled\\mpextms.exe"
"ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\[YOUR_VERSION]\\mpextms.exe"
28 changes: 28 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
- Press `Windows + R`, type `rstrui.exe`, and press Enter
- Click "Create a restore point"
- Name it "Before disabling Windows Defender" and create it

![Create System Restore Point](pictures/Picture1.png)

2. **Install Alternative Security Software:**
- Ensure you have a reputable third-party antivirus installed and active
Expand All @@ -43,12 +45,30 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv

2. **Download the registry file:**
- [DisableAntimalwareExecutable.reg](./DisableAntimalwareExecutable.reg)

⚠️ **IMPORTANT**: Before using the registry file, you MUST update the Windows Defender version path:
- Open File Explorer and navigate to: `C:\ProgramData\Microsoft\Windows Defender\Platform\`
- Find your Windows Defender version folder (e.g., `4.18.24090.1-0`)
- Open `DisableAntimalwareExecutable.reg` with a text editor (Notepad)
- Replace `[YOUR_VERSION]` in the ImagePath line with your actual version folder name
- Save the file

Example: If your version folder is `4.18.24090.1-0`, change:
```
"ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\[YOUR_VERSION]\\mpextms.exe"
```
to:
```
"ImagePath"="C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.24090.1-0\\mpextms.exe"
```

3. **Enable Safe Mode:**
- Press `Windows + R`, type `msconfig`, and press Enter
- Navigate to the **Boot** tab
- Check **Safe boot** and select **Minimal**
- Click **OK** and restart your computer

![Enable Safe Mode in System Configuration](pictures/Picture2.png)

4. **Apply Registry Changes:**
- Once in Safe Mode, double-click the downloaded `.reg` file
Expand Down Expand Up @@ -80,12 +100,16 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
- Navigate to the **Boot** tab
- Check the box for **Safe boot** and select **Minimal**
- Click **OK** and restart your computer

![Enable Safe Mode in System Configuration](pictures/Picture2.png)

### Step 2: Access Registry Editor in Safe Mode
1. **Open Registry Editor:**
- Once in Windows Safe Mode, press `Windows + R`
- Type `regedit` and press Enter to open **Registry Editor**
- Click **Yes** if prompted by User Account Control

![Open Registry Editor](pictures/Picture3.png)

### Step 3: Navigate to Windows Defender Service
1. **Find the Service Key:**
Expand All @@ -101,6 +125,8 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
- Note the current value (typically `2` for Automatic)
- Double-click and change to `3` (Manual) or `4` (Disabled)
- **Recommended**: Use `3` (Manual) instead of `4` (Disabled) for easier recovery

![Modify Start Value to 4](pictures/Picture4.png)

2. **Modify ImagePath (Optional but Recommended):**
- Locate the `ImagePath` key (String value)
Expand All @@ -110,6 +136,8 @@ This guide provides step-by-step instructions for disabling the Antimalware Serv
C:\ProgramData\Microsoft\Windows Defender\Platform\[version]\mpextms.exe
```
- This prevents the service from starting even if re-enabled

![Modify ImagePath Value](pictures/Picture5.png)

### Step 5: Exit Safe Mode
1. **Disable Safe Mode:**
Expand Down
Loading