4

(Please read before marking this as a duplicate, thanks.)

Description

I am developing my own Win32 x86_64 application which interferes heavily with the system, is able to communicate with drivers through Win32 APIs and needs administrator access. Still it's a valid Win32 application (not a driver!) that I want to test on my local machine like every other application I'm developing. Nothing extraordinary I'm doing here.

This specific application can't be started because of this error message:

Your organization used Windows Defender Application Control to block this app.
<path to exe file>
Contact your support person for more info.

As this is a local development machine not being part of any domain I'm wondering why it even says "organization" but well... just Windows 10 things I guess.

What I did to get it running is (and none of it helped):

  • Disabling Secure Boot
  • Disabling Windows Defender Application Guard
  • Disabling Windows Defender
  • Disabling anything related to Windows Defender in the Settings app
  • Disabling anything related to Windows Defender via gpedit
  • Making sure that App & browser control is disabled
  • Adding the application as an exception in Windows Defender (even though it's turned off)
  • Disabling signed driver enforcement via gpedit
  • Disabling policies according to this MSDN documentation
  • Validated that I never ran and am not running a Windows 10 S variant
  • Enabling test signing
  • Following a bazillion tutorials: 1, 2, 3, 4, 5, 6
  • Trying to start the same application on a different notebook
  • Trying to start the same application on a freshly installed Windows 10 Pro 21H1 VM (to validate the problem)
  • Sending the application to a friend to test it on his machine

None of the above worked. The only configuration I could get the application started with is enabling test signing AND signing my application with a test certificate. Just signing it without test signing enabled gives the same error.

This is plainly unacceptable. I'm not dealing with a driver here but a normal Win32 application so test signing shouldn't need to be enabled. I don't feel comfortable having test signing enabled (and thus Secure Boot disabled) on my daily-used development machine.

I'd be fine with just signing it and getting it started. What even baffles me more is that I am not able to disable this Windows Defender Application Control even though it doesn't even seem to be installed.

Question

How can I get rid of Windows Defender Application Control once and for all?

Environment

  • Fully activated, legal Windows 10 Pro 21H1 x64 (latest updates applied)
  • Visual Studio 2019 16.10
  • Application is compiled for x86_64
Improve this question
14
  • Try to disable the Windows Defender Security Center app by renaming C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy and reboot.
    – harrymc
    Commented May 27, 2021 at 20:40
  • @harrymc Nice idea, sadly no effect. Also moving that folder to somewhere else didn't work.
    – new_turtle
    Commented May 28, 2021 at 0:53
  • Try maybe to install another antivirus, so Windows Defender might fully disable itself.
    – harrymc
    Commented May 28, 2021 at 7:38
  • @harrymc Tried two different AVs now, no effect.
    – new_turtle
    Commented May 28, 2021 at 8:24
  • (1) This article might have a few methods that you haven't tried. (2) Did you set in Services to disabled Windows Defender Advanced Threat Protection Service. (3) Disable also Windows Defender Firewall. (4) Nuke folder C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0 and reboot. (5) It might be better to disconnect the internet while testing all this.
    – harrymc
    Commented May 28, 2021 at 8:58

1 Answer 1

Reset to default
1

Please check your linker options and make sure you are not specifying the /INTEGRITYCHECK linker option. That option sets the Dll Characteristic "Check Integrity" in your binary which will change the way Windows/Defender performs the code integrity check when it loads it. You can even see the errors in the CodeIntegrity eventlog when Defender Application Controls blocks it.

Improve this answer
2
  • 1
    Welcome to SU. While the answer might be correct, it's not very helpful for anyone who's not as familiar with Windows as you are. Adding clear step-by-step instructions on how to do this, with clarifying screenshots (you can upload them to Imgur or similar and paste the links here - someone will add them to the answer) would greatly improve it as even a dunce like me would be able to perform the task. Please see the guidelines for answers and edit your answer accordingly.
    – Peregrino69
    Commented Apr 4, 2023 at 5:50
  • 1
    This is the correct answer. @Peregrino69 I get the sentiment but everyone who is dealing with this issue when building their own application knows what is meant with the answer. imo there is no further clarification needed.
    – new_turtle
    Commented Apr 11, 2023 at 8:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .