If they want to do research they probably prefer no AV. That said there are some no-op AV's that are specifically for tricking defender to shut off and not actually do anything
I was just wondering if a no-op AV might work! But I thought perhaps not, as I thought Microsoft insisted on AVs running as PP/PPL (Protected Process / Protected Process Light), which isn't realistic for OSS.
Are you able to point to one please? Would love to try it and see if it works!
Are you able to point to one please? Would love to try it and see if it works!