Results 1 to 7 of 7

Thread: MS CoPilot

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,458

    MS CoPilot

    On Nov. 21, MS installed CoPilot on Win 11 without asking. So I gave it a shot, and the responses I got were accurate, but somewhat misleading. After playing briefly with it, I wanted to get it off the Task Bar, but the normal procedure using a right click did not work. A quick search revealed Settings > Personalization > Taskbar produced the option.

    That little bit of playing around produced nine new directories in the user's Temp directory called something like "edge_BITS_4356_1587259858". But that was not the main problem. Ever since CoPilot was added, when the system is woken up, the memory usage starts out at about 32%. After about a minute, the Defender kicks in and then several other background applications start up, that eventually push the memory usage to 48%. If I attempt to activate any program during that period such as a browser or email client, they just sit there blank for another minute or two. And the same thing happens several times a day, but to a lessor degree. My attempts to control that have so far been to no avail. I used to be able to turn off Real-Time Protection, but now I get: "You can turn off this setting for a short time before it turns back on automatically". In addition, I would set Defender to run once a day at a convenient time, but now there are 4 of them.
    Windows Defender Cache Maintenance
    Windows Defender Cleanup
    Windows Defender Scheduled Scan
    Windows Defender Verification

    I have no idea what all these things do, and any help would be appreciated.

    J.A. Coutts

  2. #2

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,458

    Re: MS CoPilot

    I have always used Defender as my anti-virus tool because it was less invasive than other anti-virus software, and I am reluctant to use nothing at all. That has suddenly changed with this latest addition. I found a good starting discussion here:
    https://www.elevenforum.com/t/enable...ndows-11.3989/

    In this discussion, they describe how the various defender tools are managed by "MsMpEng.exe", and how changes to Defender are reversed by this background app. It describes how you can suspend "MsMpEng.exe" in order to make changes to the Group Policy Editor. The trouble is that I do not know what apps "MsMpEng.exe" manages and what each one provides. I found these files in the "\Program Files\Windows Defender Advanced Threat Protection" directory:
    2023-11-14 10:16 PM 534,584 MsSense.exe
    2023-11-14 10:17 PM 4,398,592 SenseAadAuthenticator.exe
    2023-11-14 10:17 PM 4,597,760 SenseCM.exe
    2023-11-14 10:17 PM 438,272 SenseGPParser.exe
    2023-11-14 10:17 PM 868,352 SenseImdsCollector.exe
    2023-11-14 10:16 PM 5,703,608 SenseIR.exe
    2023-11-14 10:17 PM 13,919,728 SenseNdr.exe
    2023-11-14 10:16 PM 2,121,160 SenseSampleUploader.exe
    2023-11-14 10:17 PM 2,475,376 SenseTVM.exe

    J.A. Coutts

  4. #4

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,458

    Re: MS CoPilot

    Defender Real Time got to be so much a pain in the butt, that I finally had to turn it off using the Group Policy Editor. However it remains enabled as a scheduled task. If MS is able to get it under control, I will enable it again.

    J.A. Coutts

  5. #5
    PowerPoster
    Join Date
    Jul 2010
    Location
    NYC
    Posts
    5,552

    Re: MS CoPilot

    The anti-tamper feature will revert your group policy changes too.

    You need to run as TrustedInstaller and disable a few services in Registry editor.


    Sense
    WdBoot
    WdFilter
    WdNisDrv
    WdNisSvc
    WinDefend

    I've got a tool that can be used to run regedit as TI: https://github.com/fafalone/RunAsTrustedInstaller

    Or there's 3rd party tools specifically for killing Defender: https://github.com/APTortellini/unDefender

  6. #6

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,458

    Re: MS CoPilot

    Quote Originally Posted by fafalone View Post
    The anti-tamper feature will revert your group policy changes too.

    You need to run as TrustedInstaller and disable a few services in Registry editor.


    Sense
    WdBoot
    WdFilter
    WdNisDrv
    WdNisSvc
    WinDefend

    I've got a tool that can be used to run regedit as TI: https://github.com/fafalone/RunAsTrustedInstaller

    Or there's 3rd party tools specifically for killing Defender: https://github.com/APTortellini/unDefender
    According to the link in post #3, all I had to do was temporarily suspend "MsMpEng.exe" and Group Policy changes would remain. So far I can live with one scheduled scan per day. Defender still occasionally runs, but it is not nearly as invasive.

    Do you know what the services you have listed actually do?

    J.A. Coutts

  7. #7
    PowerPoster
    Join Date
    Jul 2010
    Location
    NYC
    Posts
    5,552

    Re: MS CoPilot

    WdBoot = Windows Defender boot service
    WdFilter = Windows Defender filter driver (I've made filter drivers)
    WdNisDrv = WD Network Inspection filter driver
    WdNisSrv = Service for above
    WinDefend = main process for it.
    Sense = WinDefend Advanced Threat Detection

    I may not know super specifically what they do, but they're a part of Windows Defender, which I wanted off.

    Also my group policy changes got reverted eventually even if I shut off tamper protection prior to changing. They've made it progressively worse and more aggressive in each build, so it may once have let it go, but not for me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width