Fix disabling VBS and update the malware notice

Also trigger a release while at it.

CHANGELOG.mkdn

@@ -1,3 +1,30 @@
+Version 1.1.1-24H2
+https://github.com/kurtbahartr/windows-configs/releases/tag/v1.1.1-24H2
+-----------------------------------------------------------------------
+> [!WARNING]
+> Windows Defender no longer detects the ISOs in the releases as a trojan, `Trojan:Script/Wacatac.B!ml`. I assume it has to do with a minor update to Defender, but we may never know for sure.
+> 
+> Read [the main repo readme](https://github.com/kurtbahartr/windows-configs/tree/master?tab=readme-ov-file#windows-configs) for more info.
+
+**Fixes**
+- Add `HVCIMATRequired` in Device Guard policies as done by the "Turn On Virtualization Based Security" group policy.
+- Add `EnableVirtualizationBasedSecurity` key in `CurrentControlSet` also.
+
+> [!NOTE]
+> Let's talk about the version string while I've got you here for a bit.
+> 
+> The version string basically identifies which iteration of this project you're running, and uses [the Semantic Versioning standard](https://semver.org/) to determine which is which.
+> 
+> For instance, this release is 1.1.1, where this is the 1st patch release of the 1st minor release of the 1st major release.
+> 
+> What this means is that there was an update released after 1.0.0 that adds functionality (or even rewrites the whole thing for that matter) while keeping backwards compatibility, meaning you can add the new features and fixes on your system without a reinstall.
+> 
+> And this is the first patch version over 1.1.0, whcih fixes bugs in a backwards-compatible manner, meaning that you can apply the said patch on your system without going for a reinstall.
+> 
+> On top of the Semantic Versioning standard is what I'd like to call "based-on string". This one basically indicates which build of Windows it was built upon and you're recommended to use this on.
+> 
+> This release has the string "24H2", which means you have to use a Windows version on build "24H2". It's Windows 11 that has a 24H2 build. Had there been a build of Windows 11 named "25H2", I would put "25H2" instead.
+
 Version 1.1.0-24H2
 https://github.com/kurtbahartr/windows-configs/releases/tag/v1.1.0-24H2
 -----------------------------------------------------------------------

README.mkdn

@@ -1,22 +1,25 @@
 # Windows Configs
 
 > [!WARNING]
-> Starting 1.1.0-24H2, Windows Defender WILL detect the ISOs in the releases as a trojan, `Trojan:Script/Wacatac.B!ml`.
 > 
-> **THIS IS A FALSE POSITIVE AND IT HAS TO DO WITH THE FACT THAT THE ISO CONTAINS THE `sources` FOLDER TO MIMIC WINDOWS ISO LAYOUT!**
+> Update (December 23, 2024): Windows Defender no longer detects the ISOs as a malware with a possible update on cloud-delivered protection. Thanks for the update, Microsoft! The cautionary steps here are kept for historical reasons and as an advice for any piece of software under the same condition.
 > 
-> I know it doesn't have to do with anything else because I also scanned a faulty package of the same ISO where the `$OEM$` folder is on the root instead of its parent, the `sources` folder, and no detections were raised.
+> ~~Starting 1.1.0-24H2, Windows Defender WILL detect the ISOs in the releases as a trojan, `Trojan:Script/Wacatac.B!ml`.~~
 > 
-> Should you have any concerns, I STRONGLY advice you to;
+> ~~**THIS IS A FALSE POSITIVE AND IT HAS TO DO WITH THE FACT THAT THE ISO CONTAINS THE `sources` FOLDER TO MIMIC WINDOWS ISO LAYOUT!**~~
+> 
+> ~~I know it doesn't have to do with anything else because I also scanned a faulty package of the same ISO where the `$OEM$` folder is on the root instead of its parent, the `sources` folder, and no detections were raised.~~
+> 
+> Should you have any concerns about an alleged malware, I STRONGLY advice you to;
 > 1. Do some research about the specific detection: `Trojan:Script/Wacatac.B!ml`
-> 2. Check the contents of the ISO,
-> 3. Check the code of this repo, INCLUDING THE CODE FOR THE GITHUB WORKFLOW,
-> 4. Upload the ISO to VirusTotal,
-> 5. Stop using releases further than 1.0 and just take what you need in general.
+> 2. Check the contents of the detected file,
+> 3. Check the code of the repo if available, INCLUDING THE CODE FOR THE GITHUB WORKFLOW,
+> 4. Upload the detected file to VirusTotal,
+> 5. Stop using the detected file and just take what you need in general.
 > 
-> If you're too limited on data for an upload a file this big to VrsTtl, [I did the work for you.](https://www.virustotal.com/gui/file/ab723f94a2c639e3fdb4b7613f5eba77ad9464512efb1defdac2c2693179dd73)
+> ~~If you're too limited on data for an upload a file this big to VrsTtl, [I did the work for you.](https://www.virustotal.com/gui/file/ab723f94a2c639e3fdb4b7613f5eba77ad9464512efb1defdac2c2693179dd73)~~
 > 
-> Any demands to fix this without clear help on how will be ignored/frowned upon. PRs are always welcome if YOU happen to have a way to get rid of this.
+> ~~Any demands to fix this without clear help on how will be ignored/frowned upon. PRs are always welcome if YOU happen to have a way to get rid of this.~~
 
 This right here is my configuration for Windows, made for myself, documented for everyone.
 

VERSION

@@ -1 +1 @@
-v1.1.0-24H2
+v1.1.1-24H2

autounattend.xml

@@ -297,6 +297,10 @@ bcdedit /set hypervisorlaunchtype off
 Windows Registry Editor Version 5.00
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard]
+"EnableVirtualizationBasedSecurity"=dword:00000000
+"HVCIMATRequired"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
 "EnableVirtualizationBasedSecurity"=dword:00000000
 		</File>
         <File path="C:\Windows\Setup\Scripts\unattend-04.reg" transformation="Text">