(Please read before marking this as a duplicate, thanks.)
Description
I am developing my own Win32 x86_64 application which interferes heavily with the system, is able to communicate with drivers through Win32 APIs and needs administrator access. Still it's a valid Win32 application (not a driver!) that I want to test on my local machine like every other application I'm developing. Nothing extraordinary I'm doing here.
This specific application can't be started because of this error message:
Your organization used Windows Defender Application Control to block this app.
<path to exe file>
Contact your support person for more info.
As this is a local development machine not being part of any domain I'm wondering why it even says "organization" but well... just Windows 10 things I guess.
What I did to get it running is (and none of it helped):
- Disabling Secure Boot
- Disabling Windows Defender Application Guard
- Disabling Windows Defender
- Disabling anything related to Windows Defender in the Settings app
- Disabling anything related to Windows Defender via
gpedit
- Making sure that
App & browser control
is disabled - Adding the application as an exception in Windows Defender (even though it's turned off)
- Disabling signed driver enforcement via
gpedit
- Disabling policies according to this MSDN documentation
- Validated that I never ran and am not running a Windows 10 S variant
- Enabling test signing
- Following a bazillion tutorials: 1, 2, 3, 4, 5, 6
- Trying to start the same application on a different notebook
- Trying to start the same application on a freshly installed Windows 10 Pro 21H1 VM (to validate the problem)
- Sending the application to a friend to test it on his machine
None of the above worked. The only configuration I could get the application started with is enabling test signing AND signing my application with a test certificate. Just signing it without test signing enabled gives the same error.
This is plainly unacceptable. I'm not dealing with a driver here but a normal Win32 application so test signing shouldn't need to be enabled. I don't feel comfortable having test signing enabled (and thus Secure Boot disabled) on my daily-used development machine.
I'd be fine with just signing it and getting it started. What even baffles me more is that I am not able to disable this Windows Defender Application Control even though it doesn't even seem to be installed.
Question
How can I get rid of Windows Defender Application Control once and for all?
Environment
- Fully activated, legal Windows 10 Pro 21H1 x64 (latest updates applied)
- Visual Studio 2019 16.10
- Application is compiled for x86_64
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
and reboot.C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0
and reboot. (5) It might be better to disconnect the internet while testing all this.