Why is Windows 10 still blocking me from running malware?

[jcrosby10]

I am analyzing some malware on Windows 10. I installed FLARE VM, disabled tamper protection and disabled the virus scanner in the registry. However when I attempt to run a malware, Windows is still preventing me from running it. What am I missing to get this to work?

I disabled it by adding DisableAntiSpyware to HKLM/Software/Policies/Microsoft/Windows Defender and setting it to 1.

[mr-tz]

Unfortunately for us, this is hard to properly disable in newer Windows versions. We share our current best experience in the installation section https://github.com/mandiant/flare-vm#installation. However, this may take several attempts and reboots (it's good to test with the EICAR test virus). I've had the best results with the GPO modifications.

[keks411]

What worked for me several times is the following workflow:

1. Install Windows up to 21H2 (anything newer will result in malware still getting blocked, tried with mimikatz)
2. Run the script "Privacy over security > Disable Windows Defender" from https://privacy.sexy
3. Reboot and then upgrade to 22H2
4. Disable updates
5. Install flare

[chupocro]

Defender Control by Sordum Team can disable the Defender even on latest Windows 10 22H2. But the problem is #461

[R3P41RM4N]

The following walks you through disabling defender permanently for Windows 10.

Quick Steps:

Open Regedit (as user) -->go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Right click and add a DWORD (32 bit) Value - name it "DisableAntiSpyware"

Right click new entry select modify; change hexidecimal from 0 to 1. Close regedit

Defender is permanently disabled.

Video Walkthrough below; Found on YouTube. This is not my video and all credit goes to the author. I have successfully integrated this process into the Windows 10 ISO provided by this repo

https://www.youtube.com/watch?v=KhzSBwhqX_w&t=85s