{"id":50663376,"url":"https://github.com/reg499/shadow-defender-windows11-bypass","last_synced_at":"2026-06-08T04:02:46.995Z","repository":{"id":360398552,"uuid":"1249972922","full_name":"reg499/Shadow-Defender-Windows11-Bypass","owner":"reg499","description":"PowerShell script to install Shadow Defender on Windows 11 24H2+","archived":false,"fork":false,"pushed_at":"2026-05-26T07:38:16.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T09:29:50.628Z","etag":null,"topics":["bypass","compatibility","powershell","shadow-defender","windows","windows-11-24h2","windows-11-25h2","windows11"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reg499.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-26T07:32:47.000Z","updated_at":"2026-05-26T07:36:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/reg499/Shadow-Defender-Windows11-Bypass","commit_stats":null,"previous_names":["reg499/shadow-defender-windows11-bypass"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/reg499/Shadow-Defender-Windows11-Bypass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reg499%2FShadow-Defender-Windows11-Bypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reg499%2FShadow-Defender-Windows11-Bypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reg499%2FShadow-Defender-Windows11-Bypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reg499%2FShadow-Defender-Windows11-Bypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reg499","download_url":"https://codeload.github.com/reg499/Shadow-Defender-Windows11-Bypass/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reg499%2FShadow-Defender-Windows11-Bypass/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34047267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass","compatibility","powershell","shadow-defender","windows","windows-11-24h2","windows-11-25h2","windows11"],"created_at":"2026-06-08T04:02:42.446Z","updated_at":"2026-06-08T04:02:46.985Z","avatar_url":"https://github.com/reg499.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Shadow Defender Bypass\n\n**A PowerShell script that bypasses the Windows 11 24H2 installation block for Shadow Defender.**\n\n---\n\n## Background\n\nShadow Defender is a lightweight \"shadow mode\" tool that virtualizes your system drive — every change made while shadow mode is active is discarded on reboot. It's popular for safe browsing, malware testing, and keeping lab machines clean between sessions.\n\nStarting with the **October 2024 Windows cumulative update**, Microsoft added Shadow Defender's official `Setup.exe` to the `apphelp.dll` application compatibility blocklist. This causes Windows to display:\n\n\u003e *\"This app can't run on this device — Shadow Defender causes security or performance issues on Windows.\"*\n\nThe block affects **all versions of Windows 10 and 11** patched after October 2024. Shadow Defender itself has not been updated to address this.\n\n---\n\n## How the bypass works\n\nThe official installer is a nested package:\n\n```\nSD_Setup.exe\n └── Setup_x64.exe   (inner package, also an archive)\n      └── setup.exe  (actual installer binary)\n```\n\nWindows blocks execution based on the **filename** matched by `apphelp.dll`. By:\n\n1. Extracting the outer package with 7-Zip\n2. Extracting the inner `Setup_x64.exe` with 7-Zip\n3. Copying the inner `setup.exe` under a different filename\n4. Running that renamed copy\n\n...the blocklist check never fires, and installation proceeds normally.\n\n\u003e **Note:** This script does **not** modify, rename, or disable `apphelp.dll` or any system file.\n\n---\n\n## Requirements\n\n| Requirement | Details |\n|---|---|\n| **OS** | Windows 10 or Windows 11 (any version, including 24H2 / 25H2) |\n| **PowerShell** | 5.1 or later (built into Windows) |\n| **Internet** | Needed only the first time (to fetch 7-Zip and the installer) |\n\n\u003e Everything else — 7-Zip, the Shadow Defender installer itself, and the Administrator elevation — is handled by the script. **As of v2.0 you do not need to install anything before running it.**\n\n---\n\n## Usage\n\n### Option A — One click (recommended)\n\n1. Download this repo (or just `Install-ShadowDefender.cmd` and `Install-ShadowDefender.ps1`).\n2. **Double-click `Install-ShadowDefender.cmd`**.\n3. Click **Yes** on the UAC prompt.\n4. Complete the Shadow Defender setup wizard when it appears.\n\nThat's it. The script will, in order:\n\n- Re-launch itself as Administrator.\n- Install 7-Zip silently if it isn't present (via `winget`, or by downloading the official MSI).\n- Download `SD1.5.0.726_Setup.exe` from `shadowdefender.com` if it isn't already next to the script.\n- Perform the double-extract + rename bypass and launch the installer.\n- Clean up every temporary file it created.\n\n### Option B — From PowerShell\n\n```powershell\npowershell -ExecutionPolicy Bypass -File .\\Install-ShadowDefender.ps1\n```\n\n### Option C — Use an installer you already have\n\nIf you've already downloaded the Shadow Defender installer, drop the `.exe` next to the script (it will be auto-detected) or pass the path explicitly:\n\n```powershell\n.\\Install-ShadowDefender.ps1 -InstallerPath \"C:\\Users\\You\\Downloads\\SD1.5.0.726_Setup.exe\"\n```\n\nAdd `-NoDownload` if you want to make sure the script never reaches the internet for the installer:\n\n```powershell\n.\\Install-ShadowDefender.ps1 -NoDownload\n```\n\n### After installation\n\nReboot your system. Shadow Defender should appear in your system tray and Start menu.\n\n---\n\n## What the script does — step by step\n\n```\n[0]   Self-elevates via UAC if not already Administrator\n[0]   Installs 7-Zip (winget or direct MSI) if it isn't present\n[0]   Downloads the official installer if no local copy is found\n[1/4] Extracts the outer installer  →  finds Setup_x64.exe\n[2/4] Extracts Setup_x64.exe        →  finds the real setup.exe inside\n[3/4] Copies setup.exe as sdcore_installer.exe  (bypasses the blocklist)\n[4/4] Runs sdcore_installer.exe     →  normal installation UI appears\n      Cleans up all temp files (and any auto-downloaded installer)\n```\n\n---\n\n## Tested on\n\n| Windows Version | Build | Status |\n|---|---|---|\n| Windows 11 25H2 | 26200.xxxx | Works |\n| Windows 11 24H2 | 26100.xxxx | Works |\n| Windows 11 23H2 | 22631.xxxx | Works |\n| Windows 10 22H2 | 19045.xxxx | Works |\n\n\u003e If you've tested on a version not listed here, please open an issue or PR to update the table.\n\n---\n\n## Known limitations\n\n- Shadow Defender is **abandonware** — it has not been updated since version 1.5.0.726. Use at your own risk on production machines.\n- This bypass installs the program, but future Windows updates may re-block it at the driver level.\n- Not tested with ARM64 Windows.\n\n---\n\n## Alternatives\n\nIf Shadow Defender no longer meets your needs, consider:\n\n| Tool | Description |\n|---|---|\n| [Sandboxie-Plus](https://github.com/sandboxie-plus/Sandboxie) | Free, open-source, actively maintained sandbox |\n| Windows Sandbox | Built into Windows 11 Pro — no install needed |\n| Hyper-V / VMware | Full VM for isolated testing |\n| Unified Write Filter (UWF) | Built into Windows 11 Enterprise |\n\n---\n\n## Contributing\n\nPull requests are welcome. If you find a version or build where this stops working, please open an issue with your Windows build number (`winver`) and the exact error message.\n\n---\n\n## Disclaimer\n\nThis project is provided for educational and research purposes. Shadow Defender is third-party software; this repository has no affiliation with its developers. You are responsible for complying with your organization's software policies. The bypass technique does not circumvent any security enforcement — it only avoids a compatibility metadata check.\n\n---\n\n## License\n\nMIT — see [LICENSE](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freg499%2Fshadow-defender-windows11-bypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freg499%2Fshadow-defender-windows11-bypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freg499%2Fshadow-defender-windows11-bypass/lists"}