Disable windows defender antivirus [2024]

Recently, Windows defender antivirus has become very hard to disable in Windows 10 (And probably 11), previously, you would disable tamper protection, then open gpedit.msc, navigate to the setting and voila, recently, doing this o longer works, now, as soon as you close group policy editor (gpedit.msc) and open it again, the setting to disable windows defender antivirus pops up again ! You were also abe to do this from the registry, which does not work now.

So, it turns out that you need the following extra steps now, So here are the complete instructions

1- Start as you would by disabling tamper protection, you can do that by going to “Windows security”, then Virus and threat protection, then click on the “Manage settings” button, and finally disable tamper protection

2- Create a file with the .REG extension containing the following and execute it !

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004

Now execute the above, if it does not work because “binary values can only be edited manually”, then you will need to visit the locations above in regedit (Run as administrator) and switch the values of both to (4) which means disabled

Now before proceeding to the following procedure (The same OLD procedure), You will need to restart your computer for the settings above to take effect

  • Run gpedit.msc as administrator
  • Computer configuration => Administrative templates => Windows Components => Microsoft defender antivirus
  • Now, you should find the entry “Turn off Microsoft defender antivirus”, double click it, and select Enable then okay
  • Restart your computer again

A message still appears urging me to enable it, Click the three dots at the top of that message and disable this notification so that you won’t accidentally re-enable antivirus by clicking the message

Sunshine and moonlight

VNC and RDP are great and all, and for so many purposes, they are the goto solution for remoting into a machine.

Now, another solution which is great (And much better if you have the bandwidth) is to broadcast your screen video and do all the work on the server rather than the client

The solution used to be nvidia’s game stream, which was abandoned by nvidia, the new solution based on nvidia would be the sunshine (Server) and moonlight client

The sunshine+moonlight duo work on almost every platform I need, Windows, Mac, Android, iOS, Even LG TVs running web OS… in short, it is a more universal solution. You can even create a virtual non existent monitor under linux and stream that to a different device !

So, let us start with the server (Sunshine)

Installing sunshine on debian is very easy as a .deb installation file is provided, sunshine is not yet in the debian repositories, but if i understand the license correctly, it can be some time in the future

Now, go to the sunshine website, and download the deb file., in my case, I visit this webpage, and download the sunshine-debian-bookworm-amd64.deb file

Now, from the command prompt, su (to run as root), then cd to the directory where your deb file resides, then “sudo apt install ./sunshine-debian-bookworm-amd64.deb”, We should now have the server running and waiting to be opened in the web browser, Now, on the command line , type “sunshine”

Point a web browser to https://localhost:47990/, ignore the problem with self signed certificates, and set your username and password

Now, your debian computer is running a sunshine server, go to any other machine where you want to install the client (moonlight) from here , and connect to your server by its IP address.

You are done !

Mounting unclean NTFS windows drive in Linux

Whenever i get the following message

mount /dev/sdd1 /hds/sgt2tb
The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
Falling back to read-only mount because the NTFS partition is in an
unsafe state. Please resume and shutdown Windows fully (no hibernation
or fast restarting.)
Could not mount read-write, trying read-only

The command

ntfsfix /dev/sdd1

resolves the issue, and produces the following message

Mounting volume... The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
FAILED
Attempting to correct errors...
Processing $MFT and $MFTMirr...
Reading $MFT... OK
Reading $MFTMirr... OK
Comparing $MFTMirr to $MFT... OK
Processing of $MFT and $MFTMirr completed successfully.
Setting required flags on partition... OK
Going to empty the journal ($LogFile)... OK
Checking the alternate boot sector... OK
NTFS volume version is 3.1.
NTFS partition /dev/sdd1 was processed successfully

The same mount command you see here will now work flawlessly

mount /dev/sdd1 /hds/sgt2tb

I am still unsure what process from the mentioned above is responsible, as this oftentimes pops up on drives that were never system drives, so there is no hibernation file problem

Mounting a remote Linux file system as a Windows drive

You can do this in many ways, the most popular of which is SAMBA, but this is not the software we are using, here we are using SSHFS

The software this post is about is SSHFS, if you are reading this, you probably know what SSH is (Secure shell), and FS stands for File System

Ironically, you will only need to have SFTP and not SSH with shell access, so here is the first surprise, Now, to continue with this tutorial, you might want to visit the page I have posted here to create that user and give him/her access to the directory to be mounted, don’t worry, there is a link back here at the bottom of that page !

So, now that you have created that user account on the remote system, let’s get down to business

You will need 2 peices of software, or 3 if you would like to use private/public key authentication

For the following software, look on their websites for the latest installers for your version of Windows (Usually you are looking for the msi of the 64bit version of windows)

1- WinFsp, short for Windows File System Proxy, What this basically does is enabled the developer of SSHFS-Win to make it look like a windows drive, not some separate SFTP application where you have to move the files manually, when you present it as a drive, you can modify files directly on it, which is the main advantage, and it will do the work in the background, it is a driver that presents itself on/to windows as a disk, while cheating the disk contents from another application, the github page for it is at https://github.com/winfsp/winfsp, or to save you time, Just go directly to the download page here https://github.com/winfsp/winfsp/releases/tag/v1.11 , When presented with optional components, if you are not a developer, you will only ever need the Core package, which is the installer’s default

Once WinFsp is installed, we are done with the part that allows us to display file systems that are not really filesystems, the next step is to have something feed that with data from an actual filesystem somewhere else ! via SFTP, and that software would be

2- SSHFS-Win, which is the system that sits in the middle, between the SFTP server, and WinFsp which is an illusion of a hard drive on your windows machine ! it’s home on github is at https://github.com/winfsp/sshfs-win, To get the latest from this one, go here https://github.com/winfsp/sshfs-win/releases and look for the one that says latest (Not pre-release), download and install it

There is no software to install on the remote side, as most Linux systems already have the functionality ! and you have already setup a user in the previous post that I pointed you to a minute ago, So let us mount !

Now, you can (But don’t do it just yet) open file explorer in Windows, right click “This PC”, and click on Map Network Drive, A dialogue appears, enter your connection string, which should be something like

\\sshfs\username@serverhostname\

You should then be prompted with a password dialogue box, you enter the SFTP password, and you should now be all set, but why are we not doing this right now ? we are not doing this because when you create files in that drive, they will remotely have rwx permissions for owner, and no permissions for group or others, wo work around this, you need to pass the following arguments to the mount

webdev@10.10.20.41:/

create_file_umask=0000,create_dir_umask=0000,umask=0000,idmap=user,StrictHostKeyChecking=no

which is only available via command line and does not survive reboots, a better alternative is to use sshfs-win-manager, which seamlessly mounts those remote file systems using SFTP , the long and short of it is that it just works


Another program that has a different set of permission issues (I can write files, but can’t write to them again even though i own the files on the remote system and the permissions should allow) is SiriKali (https://github.com/mhogomchungu/sirikali), you should be able to find the line to download for your platform here (https://mhogomchungu.github.io/sirikali/)

SiriKali also allows you to use other types of authentication which are beyond the scope of this post

So in SiriKali, you need to fill the above information, luckily that information is loaded by default.

Remember to select the checkboxes you need,

Static IP on Hyper-v (Debian Guests)

One problem i face when developing using Hyper-v is that I need static addresses, and the default switch keeps changing the ip range

The simplest solution to this is to create a new switch of type internal ! this only connects the virtual machines to each other (Static IP etc…), and can not access the internet

Right after creating an INTERNAL switch in the switch manager, you go to “Manage network adapter settings” on the host computer, and assign an IP such as 10.10.20.1 to the adapter and a subnet of 255.255.255.0, no gateway, and nothing but those IPs.

Once that is done, you add a second adapter to all the virtual machines, and in the /etc/network/interfaces file, you leave eth0 the way it was (For internet) and add a metric 10 under the last line for eth0, then add the following stanza for the new adapter (Assuming eth1), eth 1 has a higher cost in it’s metric, so unless the remote is on the eth1 subnet, it will go through the eth0

auto eth1
iface eth1 inet static
 address 10.10.20.41/24
 metric 100

And you are done, those virtual machines can address each other with their 10.10.20.x addresses, and access the outside world via the other network interface.

Installing Hyper-v on a windows 11 Home edition

To install Hyper-v, you typically open the add features menu in windows and add Hyper-v, this works in Windows Pro, but does not work in windows Home

In Windows Home, it is a very simple process

Create a file and name it (hv.bat), mind you, this is the whole name, where bet is the new file extension, make sure you don’t have an hv.bat.txt undreneath (Make sure windows is showing you the extensions)

Now, All you need to do is put the following text in the batch file (hv.bat), then Run it as administrator

     pushd "%~dp0"
     dir /b %SystemRoot%\servicing\Packages\*Hyper-V*.mum >hv.txt
     for /f %%i in ('findstr /i . hv.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"
     del hv.txt
     Dism /online /enable-feature /featurename:Microsoft-Hyper-V -All /LimitAccess /ALL
     pause

Once done, the command prompt will ask you whether you would like to restart your computer to apply changes, I would suggest you respond with N (For no) and take your time closing all your applications etc… then restart manually

Right after the restart, hit the windows key on your computer, and type hyper-v, the application should appear and you can run it, it works just like it does on the pro version

Happy computing 😉

Lock PC after 20 minutes

I am not that great with windows, a look at all the posts on this blog will tell you that, Now with that said, I need to lock my laptop (Windows !) after a few minutes of inactivity.

Step 1/3: Check if you have Security policy installed

Windows 11 HOME shipped without this tool, as it came in the pro and the enterprise. to figure out if you have the tool, Hit start and start typing secpol.msc, if all you see is a suggestion to do a web search instead of an Application, you do not have it, the next step will explain how to install it, If it is indeed there, you can skip step 2 and go to step 3 right away

Step 1/2: Installing GroupPolicy

You only need to do this if in the step above it turned out that Group Policy is not installed on your system.

To Install/Enable Local Security Policy (secpol.msc), you will need to install Group Policy, to get that directly from Microsoft, you can run the following script as administrator (Download link also provided gpedit-enabler.bat), this is courtesy of Major Geeks

@echo off 
@echo "This batch file from MajorGeeks.Com will enable Group Policy Editor (Gpedit.msc) on Windows 10 Home."
@echo "If this method fails, there are other methods to try at https://tinyurl.com/majorgeeksgpedit"
pushd "%~dp0" 

dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt 
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt 

for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i" 
pause

Step 3/3: Modify security policy to lock screen after 20 minutes

To do that, you run secpol.msc, then look for 

Local Policies > Security Options “Interactive Logon: Machine inactivity limit” and set that to 1200 (20 minutes), 

then restart the computer

and there you have it, the windows login screen will appear after 20 minutes of inactivity, you don’t need to set a screensaver or even connect this to your screen timeout (which is 10 minutes in my case)

Notes about the installation

Running the above batch file as administrator should result in the following being printed.

"This batch file from MajorGeeks.Com will enable Group Policy Editor (Gpedit.msc) on Windows 10 Home."
"If this method fails, there are other methods to try at https://tinyurl.com/majorgeeksgpedit"

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.1
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.521
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.608
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.608
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.457
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.608
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.457
[==========================100.0%==========================]
The operation completed successfully.

Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.608

Processing 1 of 1 - Adding package Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.608
[==========================100.0%==========================]
The operation completed successfully.
Press any key to continue . . .


In addition to the above, A file should be produced in the same folder as the batch file named List.txt, in my case, the file had the following contents

Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1.mum
Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.1.mum
Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.521.mum
Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~10.0.22621.608.mum
Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.1.mum
Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~ar-SA~10.0.22621.608.mum
Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.457.mum
Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~10.0.22621.608.mum
Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.457.mum
Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~10.0.22621.608.mum

Windows 10 slow shutdown on SSD (Solved)

SSDs are the best thing that happened to computer boot time (and many other things) since the invention of the abacus

But for some reason, booting up is faster than shutting down, much faster, Shut downs are taking a long time (Or reboots)

So let me see what i can do about this

1- Windows ClearPageFileAtShutdown is something that happens before shut down, and is my first guess to why this is happening
So let us set the following key to zero (0) and see if this speeds up shutdown time.

HKEY_LOCAL_MACHINE\CurrentControlSet\Control\SessionManager\Memory Management then ClearPageFileAtShutdown set to (0)

This session should shut down slowly, the next time you boot, shutdown will be much faster.

The other thing that i am thinking is relevant is changing the location of the indexing service index files to my spinning disk, this is because the spinning disk has thousands of files, and i would like to keep my SSD fast for certain other applications.

athurx.sys causes blue screen of death (BSOD) [SOLVED]

athurx is the atheros wireless driver, i have 2 atheros adapters on the same computer, one is 300Mb/s and the other is 150Mb/s

The reason for the blue screen is that the wireless interface driver(S) on my 64bit windows 7 (could be on any other platform too) is outdated, and it seems the old version of the driver has a problem in using 2 different atheros adapters on the same computer, the solution seems to lie in updating the drivers.

1- The Wireless N 150Mb/s (TP-LINK TL-WN722N, atheros AR9271 chip, should also apply to TL-WN721N that uses the same chip)
So, my atheros based TP-LINK TL-WN722N uses the Qualcomm atheros AR9271 chip, Windows installs driver version 2.0.0.32 dated 1/4/2010, and since Qualcomm atheros does not provide their drivers directly on there website, i downloaded the driver from TP-LINK, the new driver had version 2.0.0.62 and was dated more than a year later 4/20/2011, the problem with this driver is that it is NOT SIGNED, and therefore you have to manually install the driver then agree to install a non signed driver, simply asking windows to update from a directory will not update your driver, also check the driver versions before you update to see if your drivers have been updated.

2- The Wireless N 300Mb/s (tp-link TL-WN821N, Atheros AR7015)
This one also has an outdated driver that can be updated from the TP-LINK website, just like the one above.

Make sure you unplug the other driver as you update the software for the first, and once both have drivers installed, reboot and plug in both adapters, works like a dream up to now.