From 3cd112442c126d70c685f6bfb30e4ae0c5b47f67 Mon Sep 17 00:00:00 2001
From: sequencerr <45060278+sequencerr@users.noreply.github.com>
Date: Thu, 6 Mar 2025 18:01:25 +0100
Subject: [PATCH 1/5] Refactor RemoveSecHealthApp.ps1

---
 RemoveSecHealthApp.ps1 | 36 ++++++++++++++++--------------------
 1 file changed, 16 insertions(+), 20 deletions(-)

diff --git a/RemoveSecHealthApp.ps1 b/RemoveSecHealthApp.ps1
index 96e6829..fc8cba6 100644
--- a/RemoveSecHealthApp.ps1
+++ b/RemoveSecHealthApp.ps1
@@ -1,21 +1,17 @@
-$remove_appx = @("SecHealthUI"); $provisioned = get-appxprovisionedpackage -online; $appxpackage = get-appxpackage -allusers; $eol = @()
 $store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore'
-$users = @('S-1-5-18'); if (test-path $store) {$users += $((dir $store -ea 0 |where {$_ -like '*S-1-5-21*'}).PSChildName)}
-foreach ($choice in $remove_appx) { if ('' -eq $choice.Trim()) {continue}
-  foreach ($appx in $($provisioned |where {$_.PackageName -like "*$choice*"})) {
-    $next = !1; foreach ($no in $skip) {if ($appx.PackageName -like "*$no*") {$next = !0}} ; if ($next) {continue}
-    $PackageName = $appx.PackageName; $PackageFamilyName = ($appxpackage |where {$_.Name -eq $appx.DisplayName}).PackageFamilyName 
-    ni "$store\Deprovisioned\$PackageFamilyName" -force >''; $PackageFamilyName  
-    foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$PackageName" -force >''} ; $eol += $PackageName
-    dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >''
-    remove-appxprovisionedpackage -packagename $PackageName -online -allusers >''
-  }
-  foreach ($appx in $($appxpackage |where {$_.PackageFullName -like "*$choice*"})) {
-    $next = !1; foreach ($no in $skip) {if ($appx.PackageFullName -like "*$no*") {$next = !0}} ; if ($next) {continue}
-    $PackageFullName = $appx.PackageFullName; 
-    ni "$store\Deprovisioned\$appx.PackageFamilyName" -force >''; $PackageFullName
-    foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$PackageFullName" -force >''} ; $eol += $PackageFullName
-    dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >''
-    remove-appxpackage -package $PackageFullName -allusers >''
-  }
-}
\ No newline at end of file
+$sids = @('S-1-5-18') # https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
+if (Test-Path $store) { $sids += Get-ChildItem $store -ea 0 | %{ $_.PSChildName } | ?{ $_.StartsWith('S-1-5-21') } }
+
+$appx = Get-AppxPackage -AllUsers -Name "Microsoft.Windows.SecHealthUI"
+if ($null -eq $appx) { return }
+$packageFullName = $appx.PackageFullName
+$packageFamilyName = $appx.PackageFamilyName
+New-Item "$store\Deprovisioned\$packageFamilyName" -Force | Out-Null
+foreach ($sid in $sids) {
+    New-Item "$store\EndOfLife\$sid\$packageName" -Force | Out-Null
+    New-Item "$store\EndOfLife\$sid\$packageFullName" -Force | Out-Null
+}
+
+DISM /Online /Set-NonRemovableAppPolicy /PackageFamily:$packageFamilyName /NonRemovable:0 | Out-Null
+Remove-AppxPackage -AllUsers -Package $packageFullName
+Remove-AppxProvisionedPackage -Online -PackageName $packageFullName -AllUsers

From 1d752e4f0c4d4cd6d90f03094369b2bd86aa4101 Mon Sep 17 00:00:00 2001
From: sequencerr <45060278+sequencerr@users.noreply.github.com>
Date: Thu, 6 Mar 2025 18:05:19 +0100
Subject: [PATCH 2/5] Update RemoveSecHealthApp.ps1

---
 RemoveSecHealthApp.ps1 | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/RemoveSecHealthApp.ps1 b/RemoveSecHealthApp.ps1
index fc8cba6..8724cad 100644
--- a/RemoveSecHealthApp.ps1
+++ b/RemoveSecHealthApp.ps1
@@ -4,14 +4,12 @@ if (Test-Path $store) { $sids += Get-ChildItem $store -ea 0 | %{ $_.PSChildName
 
 $appx = Get-AppxPackage -AllUsers -Name "Microsoft.Windows.SecHealthUI"
 if ($null -eq $appx) { return }
-$packageFullName = $appx.PackageFullName
-$packageFamilyName = $appx.PackageFamilyName
-New-Item "$store\Deprovisioned\$packageFamilyName" -Force | Out-Null
+New-Item "$store\Deprovisioned\$appx.PackageFamilyName" -Force | Out-Null
 foreach ($sid in $sids) {
     New-Item "$store\EndOfLife\$sid\$packageName" -Force | Out-Null
-    New-Item "$store\EndOfLife\$sid\$packageFullName" -Force | Out-Null
+    New-Item "$store\EndOfLife\$sid\$appx.PackageFullName" -Force | Out-Null
 }
 
-DISM /Online /Set-NonRemovableAppPolicy /PackageFamily:$packageFamilyName /NonRemovable:0 | Out-Null
-Remove-AppxPackage -AllUsers -Package $packageFullName
-Remove-AppxProvisionedPackage -Online -PackageName $packageFullName -AllUsers
+DISM /Online /Set-NonRemovableAppPolicy /PackageFamily:$appx.PackageFamilyName /NonRemovable:0 | Out-Null
+Remove-AppxPackage -AllUsers -Package $appx.PackageFullName
+Remove-AppxProvisionedPackage -Online -PackageName $appx.PackageFullName -AllUsers

From d2fcff25af8e830a7a75bbfaba32ecf191ff74f1 Mon Sep 17 00:00:00 2001
From: sequencerr <45060278+sequencerr@users.noreply.github.com>
Date: Thu, 6 Mar 2025 18:22:46 +0100
Subject: [PATCH 3/5] Update RemoveSecHealthApp.ps1

---
 RemoveSecHealthApp.ps1 | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/RemoveSecHealthApp.ps1 b/RemoveSecHealthApp.ps1
index 8724cad..36d8f9f 100644
--- a/RemoveSecHealthApp.ps1
+++ b/RemoveSecHealthApp.ps1
@@ -5,11 +5,8 @@ if (Test-Path $store) { $sids += Get-ChildItem $store -ea 0 | %{ $_.PSChildName
 $appx = Get-AppxPackage -AllUsers -Name "Microsoft.Windows.SecHealthUI"
 if ($null -eq $appx) { return }
 New-Item "$store\Deprovisioned\$appx.PackageFamilyName" -Force | Out-Null
-foreach ($sid in $sids) {
-    New-Item "$store\EndOfLife\$sid\$packageName" -Force | Out-Null
-    New-Item "$store\EndOfLife\$sid\$appx.PackageFullName" -Force | Out-Null
-}
+foreach ($sid in $sids) { New-Item "$store\EndOfLife\$sid\$appx.PackageFullName" -Force | Out-Null }
 
 DISM /Online /Set-NonRemovableAppPolicy /PackageFamily:$appx.PackageFamilyName /NonRemovable:0 | Out-Null
-Remove-AppxPackage -AllUsers -Package $appx.PackageFullName
-Remove-AppxProvisionedPackage -Online -PackageName $appx.PackageFullName -AllUsers
+Remove-AppxPackage -AllUsers -Package $appx.PackageFullName | Out-Null
+Remove-AppxProvisionedPackage -Online -PackageName $appx.PackageFullName -AllUsers | Out-Null

From 6e9f12d79c6b76e3709172ddbe3f69b3dacb2e97 Mon Sep 17 00:00:00 2001
From: sequencerr <45060278+sequencerr@users.noreply.github.com>
Date: Thu, 6 Mar 2025 18:32:23 +0100
Subject: [PATCH 4/5] Update RemoveSecHealthApp.ps1

---
 RemoveSecHealthApp.ps1 | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/RemoveSecHealthApp.ps1 b/RemoveSecHealthApp.ps1
index 36d8f9f..160fddf 100644
--- a/RemoveSecHealthApp.ps1
+++ b/RemoveSecHealthApp.ps1
@@ -4,9 +4,8 @@ if (Test-Path $store) { $sids += Get-ChildItem $store -ea 0 | %{ $_.PSChildName
 
 $appx = Get-AppxPackage -AllUsers -Name "Microsoft.Windows.SecHealthUI"
 if ($null -eq $appx) { return }
-New-Item "$store\Deprovisioned\$appx.PackageFamilyName" -Force | Out-Null
-foreach ($sid in $sids) { New-Item "$store\EndOfLife\$sid\$appx.PackageFullName" -Force | Out-Null }
+New-Item "$store\Deprovisioned\$($appx.PackageFamilyName)" -Force | Out-Null
+foreach ($sid in $sids) { New-Item "$store\EndOfLife\$sid\$($appx.PackageFullName)" -Force | Out-Null }
 
 DISM /Online /Set-NonRemovableAppPolicy /PackageFamily:$appx.PackageFamilyName /NonRemovable:0 | Out-Null
 Remove-AppxPackage -AllUsers -Package $appx.PackageFullName | Out-Null
-Remove-AppxProvisionedPackage -Online -PackageName $appx.PackageFullName -AllUsers | Out-Null

From c5b3132b58b6a7dc056c9684b9d1fb88fa35de7e Mon Sep 17 00:00:00 2001
From: sequencerr <45060278+sequencerr@users.noreply.github.com>
Date: Fri, 13 Jun 2025 14:13:58 +0200
Subject: [PATCH 5/5] Update RemoveSecHealthApp.ps1

---
 RemoveSecHealthApp.ps1 | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/RemoveSecHealthApp.ps1 b/RemoveSecHealthApp.ps1
index 160fddf..e3f9753 100644
--- a/RemoveSecHealthApp.ps1
+++ b/RemoveSecHealthApp.ps1
@@ -2,10 +2,15 @@ $store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore'
 $sids = @('S-1-5-18') # https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
 if (Test-Path $store) { $sids += Get-ChildItem $store -ea 0 | %{ $_.PSChildName } | ?{ $_.StartsWith('S-1-5-21') } }
 
-$appx = Get-AppxPackage -AllUsers -Name "Microsoft.Windows.SecHealthUI"
-if ($null -eq $appx) { return }
+if ((Get-CimInstance -Class Win32_OperatingSystem).Caption -Match "Windows 11") { 
+	$name = "Microsoft.SecHealthUI" 
+} else { 
+	$name = "Microsoft.Windows.SecHealthUI" 
+}
+$appx = Get-AppxPackage -AllUsers -Name $name
+if ($null -eq $appx) { return Write-Host "WindowsDefender Appx Package not found." -ForegroundColor Red }
 New-Item "$store\Deprovisioned\$($appx.PackageFamilyName)" -Force | Out-Null
 foreach ($sid in $sids) { New-Item "$store\EndOfLife\$sid\$($appx.PackageFullName)" -Force | Out-Null }
 
 DISM /Online /Set-NonRemovableAppPolicy /PackageFamily:$appx.PackageFamilyName /NonRemovable:0 | Out-Null
-Remove-AppxPackage -AllUsers -Package $appx.PackageFullName | Out-Null
+$appx | Remove-AppxPackage -AllUsers