{"id":13544,"date":"2025-07-23T16:07:31","date_gmt":"2025-07-23T13:07:31","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=13544"},"modified":"2025-07-24T05:05:33","modified_gmt":"2025-07-24T02:05:33","slug":"defendnot-disables-microsoft-defender-on-windows","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/defendnot-disables-microsoft-defender-on-windows\/13544\/","title":{"rendered":"Schr\u00f6dinger’in antivir\u00fcs\u00fc: Koruma \u00f6l\u00fc m\u00fc yoksa canl\u0131 m\u0131?"},"content":{"rendered":"

G\u00fcn\u00fcm\u00fczde bir\u00e7ok \u015firket, \u00e7al\u0131\u015fanlar\u0131n kendi cihazlar\u0131n\u0131 i\u015f ama\u00e7l\u0131 kullanmalar\u0131na izin veren Kendi Cihaz\u0131n\u0131 Getir (BYOD)<\/a> ilkesini uygulamaktad\u0131r. Bu uygulama \u00f6zellikle uzaktan \u00e7al\u0131\u015fmay\u0131 benimseyen kurulu\u015flarda yayg\u0131nd\u0131r. BYOD bir\u00e7ok bariz avantaj\u0131 beraberinde getirmektedir, ancak bu uygulama \u015firketler i\u00e7in siber g\u00fcvenlik a\u00e7\u0131s\u0131ndan yeni riskler yaratmaktad\u0131r.<\/p>\n

Sistemleri tehditlerden korumak i\u00e7in, bilgi g\u00fcvenli\u011fi departmanlar\u0131 genellikle i\u015f i\u00e7in kullan\u0131lan t\u00fcm cihazlara g\u00fcvenlik yaz\u0131l\u0131m\u0131 y\u00fcklenmesini \u015fart ko\u015far. Ayn\u0131 zamanda, baz\u0131 \u00e7al\u0131\u015fanlar \u2013 \u00f6zellikle de teknoloji merakl\u0131lar\u0131 \u2013 antivir\u00fcs yaz\u0131l\u0131m\u0131n\u0131 bir yard\u0131mdan \u00e7ok bir engel olarak g\u00f6rebilir.<\/p>\n

Elbette en mant\u0131kl\u0131 tutum bu de\u011fildir, ancak onlar\u0131 aksine ikna etmek zor olabilir. As\u0131l sorun, her \u015feyi daha iyi bildiklerine inanan \u00e7al\u0131\u015fanlar\u0131n sistemi kand\u0131rman\u0131n bir yolunu bulabilmeleridir. Bug\u00fcn bu y\u00f6ntemlerden birini; Defendnot<\/a> olarak bilinen ve sahte antivir\u00fcs yaz\u0131l\u0131mlar\u0131 kaydederek Windows cihazlarda Microsoft Defender\u2019\u0131 devre d\u0131\u015f\u0131 b\u0131rakan yeni bir ara\u015ft\u0131rma arac\u0131n\u0131, inceliyoruz.<\/p>\n

no-defender<\/em>, Microsoft Defender\u2019\u0131 devre d\u0131\u015f\u0131 b\u0131rakmak i\u00e7in sahte antivir\u00fcs kullanarak nas\u0131l \u00e7\u0131\u011f\u0131r a\u00e7t\u0131?<\/h2>\n

Defendnot\u2019un Microsoft Defender\u2019\u0131 nas\u0131l devre d\u0131\u015f\u0131 b\u0131rakt\u0131\u011f\u0131n\u0131 tam olarak anlamak i\u00e7in bir y\u0131l geriye gitmemiz gerekiyor. O zamanlar, es3n1n<\/a> X tan\u0131t\u0131c\u0131s\u0131na sahip bir ara\u015ft\u0131rmac\u0131 arac\u0131n ilk s\u00fcr\u00fcm\u00fcn\u00fc olu\u015fturdu ve GitHub\u2019da yay\u0131nlad\u0131. no-defender<\/a> ad\u0131 verilen bu program, yerle\u015fik Windows Defender antivir\u00fcs\u00fcn\u00fc devre d\u0131\u015f\u0131 b\u0131rakmakla g\u00f6revlendirilmi\u015fti.<\/p>\n

es3n1n bu g\u00f6revi ger\u00e7ekle\u015ftirmek i\u00e7in, Windows G\u00fcvenlik Merkezi (WSC) API\u2019sindeki bir zay\u0131fl\u0131ktan yararlanm\u0131\u015ft\u0131r. Bu sayede, antivir\u00fcs yaz\u0131l\u0131m\u0131 sisteme y\u00fcklendi\u011fini ve cihaz\u0131 ger\u00e7ek zamanl\u0131 olarak korumaya ba\u015flamaya haz\u0131r oldu\u011funu bildirir. B\u00f6yle bir mesaj al\u0131nd\u0131\u011f\u0131nda Windows, ayn\u0131 cihazda \u00e7al\u0131\u015fan farkl\u0131 g\u00fcvenlik \u00e7\u00f6z\u00fcmleri aras\u0131ndaki \u00e7ak\u0131\u015fmalar\u0131 \u00f6nlemek i\u00e7in Microsoft Defender\u2019\u0131 otomatik olarak devre d\u0131\u015f\u0131 b\u0131rak\u0131r.<\/p>\n

Ara\u015ft\u0131rmac\u0131, mevcut bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcn kodunu kullanarak, sisteme kaydolan ve t\u00fcm Windows kontrollerini ge\u00e7en kendi sahte antivir\u00fcslerini olu\u015fturdu. Microsoft Defender devre d\u0131\u015f\u0131 b\u0131rak\u0131ld\u0131\u011f\u0131nda, cihaz korumas\u0131z kal\u0131yordu, \u00e7\u00fcnk\u00fc no-defender kendi ba\u015f\u0131na hi\u00e7bir koruma sa\u011flam\u0131yordu.<\/p>\n

no-defender projesi GitHub\u2019da h\u0131zla takip\u00e7i kazanm\u0131\u015f ve iki binden fazla kez y\u0131ld\u0131zlanm\u0131\u015ft\u0131r. Ancak kodu yeniden kullan\u0131lan antivir\u00fcs geli\u015ftiricisi \u015firket, Dijital Biny\u0131l Telif Hakk\u0131 Yasas\u0131n\u0131 (DMCA)<\/a> ihlal etti\u011fi gerek\u00e7esiyle \u015fikayette bulundu. Bu y\u00fczden es3n1n proje kodunu GitHub\u2019dan kald\u0131rmak zorunda kald\u0131 ve sadece bir a\u00e7\u0131klama sayfas\u0131 b\u0131rakt\u0131.<\/p>\n

Defendnot, nas\u0131l no-defender oldu?<\/h2>\n

Ama hikaye burada bitmiyor. Neredeyse bir y\u0131l sonra, Yeni Zelandal\u0131 programc\u0131 MrBruh<\/a> es3n1n\u2019yi no-defender\u2019\u0131n \u00fc\u00e7\u00fcnc\u00fc parti kodlara dayanmayan bir versiyonunu geli\u015ftirmeye te\u015fvik etti. Bu zorlu g\u00f6revden ve uykusuzluktan etkilenen es3n1n, d\u00f6rt g\u00fcn i\u00e7inde Defendnot ad\u0131n\u0131 verdi\u011fi yeni bir ara\u00e7 yazd\u0131<\/a>.<\/p>\n

Defendnot\u2019un merkezinde, me\u015fru bir antivir\u00fcs gibi davranan sahte bir DLL dosyas\u0131 (stub DLL) vard\u0131. Defendnot; Protected Process Light (PPL), dijital imzalar ve di\u011fer mekanizmalar dahil olmak \u00fczere t\u00fcm WSC API kontrollerini atlamak i\u00e7in DLL\u2019sini imzal\u0131 ve Microsoft taraf\u0131ndan zaten g\u00fcvenilir olarak kabul edilen Taskmgr.exe\u2019ye enjekte eder. Ara\u00e7 daha sonra sahte antivir\u00fcs\u00fc kaydederek Microsoft Defender\u2019\u0131n derhal kapanmas\u0131n\u0131 ve cihaz\u0131 aktif korumas\u0131z b\u0131rakmas\u0131n\u0131 sa\u011flar.<\/p>\n

Bunun da \u00f6tesinde, Defendnot kullan\u0131c\u0131n\u0131n \u201cantivir\u00fcs \u201ce herhangi bir isim atamas\u0131na izin verir. Selefine benzer \u015fekilde, bu proje de GitHub\u2019da hit oldu ve yaz\u0131m s\u0131ras\u0131nda 2100 kez y\u0131ld\u0131zland\u0131. Defendnot\u2019u y\u00fcklemek i\u00e7in kullan\u0131c\u0131n\u0131n (\u00e7al\u0131\u015fanlar\u0131n ki\u015fisel cihazlar\u0131nda b\u00fcy\u00fck olas\u0131l\u0131kla sahip olduklar\u0131) y\u00f6netici haklar\u0131na sahip olmas\u0131 gerekir.<\/p>\n

Kurumsal altyap\u0131 BYOD k\u00f6t\u00fcye kullan\u0131m\u0131ndan nas\u0131l korunur?<\/h2>\n

Defendnot ve no-defender ara\u015ft\u0131rma projeleri olarak konumland\u0131r\u0131lm\u0131\u015f olup, her iki ara\u00e7 da g\u00fcvenilir sistem mekanizmalar\u0131n\u0131n koruyucu i\u015flevleri devre d\u0131\u015f\u0131 b\u0131rakmak i\u00e7in nas\u0131l manip\u00fcle edilebilece\u011fini g\u00f6stermektedir. Sonu\u00e7 a\u00e7\u0131kt\u0131r: Windows\u2019un s\u00f6ylediklerine her zaman g\u00fcvenemezsiniz.<\/p>\n

Dolay\u0131s\u0131yla, \u015firketinizin dijital altyap\u0131s\u0131n\u0131 tehlikeye atmamak i\u00e7in BYOD ilkesini bir dizi ek g\u00fcvenlik \u00f6nlemiyle g\u00fc\u00e7lendirmenizi \u00f6neririz:<\/p>\n