[atesti]

Windows also contains 3 drivers loaded during boot, all starting with wd*, especially wdboot.sys. If they are loaded, some paths to defender and registry keys are blocked. I always remove them from the custom ISO I use to install windows using dism.exe. You can also reboot into safe mode and rename them. After that, chipping away at defender using takeownership etc. works.

If you just rename the folders, those drivers are probably still active