https://github.com/reg499/shadow-defender-windows11-bypass
PowerShell script to install Shadow Defender on Windows 11 24H2+
https://github.com/reg499/shadow-defender-windows11-bypass
bypass compatibility powershell shadow-defender windows windows-11-24h2 windows-11-25h2 windows11
Last synced: 25 days ago
JSON representation
PowerShell script to install Shadow Defender on Windows 11 24H2+
- Host: GitHub
- URL: https://github.com/reg499/shadow-defender-windows11-bypass
- Owner: reg499
- License: mit
- Created: 2026-05-26T07:32:47.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-05-26T07:38:16.000Z (about 1 month ago)
- Last Synced: 2026-05-26T09:29:50.628Z (about 1 month ago)
- Topics: bypass, compatibility, powershell, shadow-defender, windows, windows-11-24h2, windows-11-25h2, windows11
- Language: PowerShell
- Homepage:
- Size: 15.6 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Shadow Defender Bypass
**A PowerShell script that bypasses the Windows 11 24H2 installation block for Shadow Defender.**
---
## Background
Shadow Defender is a lightweight "shadow mode" tool that virtualizes your system drive — every change made while shadow mode is active is discarded on reboot. It's popular for safe browsing, malware testing, and keeping lab machines clean between sessions.
Starting with the **October 2024 Windows cumulative update**, Microsoft added Shadow Defender's official `Setup.exe` to the `apphelp.dll` application compatibility blocklist. This causes Windows to display:
> *"This app can't run on this device — Shadow Defender causes security or performance issues on Windows."*
The block affects **all versions of Windows 10 and 11** patched after October 2024. Shadow Defender itself has not been updated to address this.
---
## How the bypass works
The official installer is a nested package:
```
SD_Setup.exe
└── Setup_x64.exe (inner package, also an archive)
└── setup.exe (actual installer binary)
```
Windows blocks execution based on the **filename** matched by `apphelp.dll`. By:
1. Extracting the outer package with 7-Zip
2. Extracting the inner `Setup_x64.exe` with 7-Zip
3. Copying the inner `setup.exe` under a different filename
4. Running that renamed copy
...the blocklist check never fires, and installation proceeds normally.
> **Note:** This script does **not** modify, rename, or disable `apphelp.dll` or any system file.
---
## Requirements
| Requirement | Details |
|---|---|
| **OS** | Windows 10 or Windows 11 (any version, including 24H2 / 25H2) |
| **PowerShell** | 5.1 or later (built into Windows) |
| **Internet** | Needed only the first time (to fetch 7-Zip and the installer) |
> Everything else — 7-Zip, the Shadow Defender installer itself, and the Administrator elevation — is handled by the script. **As of v2.0 you do not need to install anything before running it.**
---
## Usage
### Option A — One click (recommended)
1. Download this repo (or just `Install-ShadowDefender.cmd` and `Install-ShadowDefender.ps1`).
2. **Double-click `Install-ShadowDefender.cmd`**.
3. Click **Yes** on the UAC prompt.
4. Complete the Shadow Defender setup wizard when it appears.
That's it. The script will, in order:
- Re-launch itself as Administrator.
- Install 7-Zip silently if it isn't present (via `winget`, or by downloading the official MSI).
- Download `SD1.5.0.726_Setup.exe` from `shadowdefender.com` if it isn't already next to the script.
- Perform the double-extract + rename bypass and launch the installer.
- Clean up every temporary file it created.
### Option B — From PowerShell
```powershell
powershell -ExecutionPolicy Bypass -File .\Install-ShadowDefender.ps1
```
### Option C — Use an installer you already have
If you've already downloaded the Shadow Defender installer, drop the `.exe` next to the script (it will be auto-detected) or pass the path explicitly:
```powershell
.\Install-ShadowDefender.ps1 -InstallerPath "C:\Users\You\Downloads\SD1.5.0.726_Setup.exe"
```
Add `-NoDownload` if you want to make sure the script never reaches the internet for the installer:
```powershell
.\Install-ShadowDefender.ps1 -NoDownload
```
### After installation
Reboot your system. Shadow Defender should appear in your system tray and Start menu.
---
## What the script does — step by step
```
[0] Self-elevates via UAC if not already Administrator
[0] Installs 7-Zip (winget or direct MSI) if it isn't present
[0] Downloads the official installer if no local copy is found
[1/4] Extracts the outer installer → finds Setup_x64.exe
[2/4] Extracts Setup_x64.exe → finds the real setup.exe inside
[3/4] Copies setup.exe as sdcore_installer.exe (bypasses the blocklist)
[4/4] Runs sdcore_installer.exe → normal installation UI appears
Cleans up all temp files (and any auto-downloaded installer)
```
---
## Tested on
| Windows Version | Build | Status |
|---|---|---|
| Windows 11 25H2 | 26200.xxxx | Works |
| Windows 11 24H2 | 26100.xxxx | Works |
| Windows 11 23H2 | 22631.xxxx | Works |
| Windows 10 22H2 | 19045.xxxx | Works |
> If you've tested on a version not listed here, please open an issue or PR to update the table.
---
## Known limitations
- Shadow Defender is **abandonware** — it has not been updated since version 1.5.0.726. Use at your own risk on production machines.
- This bypass installs the program, but future Windows updates may re-block it at the driver level.
- Not tested with ARM64 Windows.
---
## Alternatives
If Shadow Defender no longer meets your needs, consider:
| Tool | Description |
|---|---|
| [Sandboxie-Plus](https://github.com/sandboxie-plus/Sandboxie) | Free, open-source, actively maintained sandbox |
| Windows Sandbox | Built into Windows 11 Pro — no install needed |
| Hyper-V / VMware | Full VM for isolated testing |
| Unified Write Filter (UWF) | Built into Windows 11 Enterprise |
---
## Contributing
Pull requests are welcome. If you find a version or build where this stops working, please open an issue with your Windows build number (`winver`) and the exact error message.
---
## Disclaimer
This project is provided for educational and research purposes. Shadow Defender is third-party software; this repository has no affiliation with its developers. You are responsible for complying with your organization's software policies. The bypass technique does not circumvent any security enforcement — it only avoids a compatibility metadata check.
---
## License
MIT — see [LICENSE](LICENSE)