It has been deleted by Windows defender, is there any way to let Windows defenders, such as confusion?

Question

It has been deleted by Windows defender, is there any way to let Windows defenders, such as confusion?

lian666666 opened this issue a year ago · comments

V2 · Answer 1 · Sat Apr 01 2023 04:51:17 GMT+0800 (China Standard Time)

Yes, it was deleted by the antivirus because it was uploaded. So, you have to disable it before testing it. Also, please use a virtual machine because the rootkit can be unstable for the system at some point.

lian666666 · Answer 2 · Sat Apr 01 2023 16:57:59 GMT+0800 (China Standard Time)

It's okay, I don't have administrator privileges, I plan to use it to elevate privileges,
And I can't turn off the antivirus

V2 · Answer 3 · Sun Apr 02 2023 03:20:03 GMT+0800 (China Standard Time)

It's just a research project. To do this, you would need a certificate or a vulnerable driver, or an exploit to disable PatchGuard. Once you have done this, you can load it

lian666666 · Answer 4 · Sun Apr 02 2023 20:44:12 GMT+0800 (China Standard Time)

How to craft a certificate or a vulnerable driver, or a bug that disables PatchGuard to let software bypass windows defenders. At present, I only know obfuscation software to bypass windows defenders, and I don't know how to do it