Sysprep Executor Detecting Defender
I am currently preparing an image that I upgraded to 1903 and I have not had an issue with this image before upgrading to 1903. When I run the Sysprep Executor (v4.1.1.0) it says Windows Defender is still running. Under defender settings, real-time protection is switched off (and shows off by administrator).
Here are the things I have tried:
- Disabled via group policy "Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus\Turn off Windows Defender Antivirus"
- Disabled "Windows Security notification icon" from startup via Task Manager.
- Set registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
When Sysprep Executor runs, it says "disabling real-time protection" as it starts, but checklist screen, it says "*Antivirus Detected".
-
If you put your cursor of the Antivirus detected message you should see a tool tip indicating what AV is detected. It uses a WMI call to get this information. - cserrins 4 years ago
Answers (2)
Hi.
"I am currently preparing an image that I upgraded to 1903 "
Terrible mistake, never upgrade versions of Windows, if you wish to Deploy 1903, make sure the OS was installed with a 1903 ISO, not a 1809 (or older), and upgraded to 1903.
About your question, I don't recall seeing this preparing my 1903 images... I bet something in the registry changed during those upgrades.
Could you deploy a clean Win10 with an 1903 iso, and attempt to Sysprep again.
Upgraded versions, are famous for causing Chaos with Sysprep.
If you put your cursor of the Antivirus detected message you should see a tool tip indicating what AV is detected. It uses a WMI call to get this information.
