jessienab

bontchev , 1 month ago to random

Oh, cool somebody finally figured it out...

As you probably know, the Microsoft Security Center has an API that lets you query which AV is installed and whether it is up-to-date.

What is less well-known, is that it also has another, not publicly known API, that lets you tell it "I'm installing another AV now, please disable Defender". This is what all other AV products use. Microsoft has provided to them documentation of this API but under NDA.

Many years ago, I made a proof-of-concept - a small VBScript script that would use this API via WMI to "install" an imaginary AV, thus turning off Defender - but since it was based on information learned under NDA, I obviously couldn't make it public.

Now somebody has reverse-engineered the API from AVAST and has done pretty much the same (albeit a bit over-complicated) in C++:

https://github.com/es3n1n/no-defender

jessienab , 1 month ago

@bontchev and they've hosted it on GitHub, a Microsoft owned git service... :blobcatfacepalm:

vampiress , 2 months ago to random

It’s “play DOS games at the cafe” day. Are you joining in?

jessienab , 2 months ago

@vampiress Smol computer :neofox_cute_reach: :neofox_aww: