[Ciantic]

That is the weird part. My explorer.exe patch to disable flashing taskbar buttons was functioning with Microsoft Defender turned on for the whole lifetime of Windows 10 I used it. I didn't even need a UAC prompt to patch the memory. Nothing detects it, even though it goes and adds assembly instructions to three locations in the memory with WriteProcessMemory etc. It's not working by injecting DLL, it just modifies the running explorer.exe process memory so it will not modify files.

You can see the code here: https://github.com/Ciantic/DisableFlashingTaskbarButtons/tre... (there was also C version but I changed it to AHK)

[hiatus]

Just curious, why AHK over C? Easier for users to run themselves?

[iforgotpassword]

I guess the C version was flagged by defender eventually? Seems to happen at some point with unsigned programs that aren't super popular these days. Using VB6 seems to be a safe bet to end up in defender quarantine. I guess because it was still used for malware a decade ago.