Lately a new feature was shown in Mimikatz 2.1.1 that is able to remove process protection (usable in AV unload)
I have run the above test against fully patched Windows 10 x64 build 10.0.15063 , but unfortunately mimidrv.sys gets flagged immediately by AV (even if you get the mimikatz.exe bypassed) and you need a signed driver to load on x64 ..
I have obfuscated mimikatz via the following procedure ->
https://astr0baby.wordpress.com/2017/03/28/mimikatz-2-1-1-powershell-generator/
My old, ancient way still works. Here is a short demo of a successful unload of a protected process (MsMpEng.exe) Windows Defender ….
Here are the default mimikatz drivers builds and failures against MS Defender on Windows 10 x64 examples where I have failed to unload the protected process via mimikatz
Fail 1
Fail 2
P.S. !NO SAMPLES !
P.S.S Cheers to Chris, nice chat today about stuff over coffee in the Beta Geminorum ;)
Astr0baby's not so random thoughts _____ rand() % 100; 
Nice. Did you ever release Viktor as open source? I’m looking for a way to load mimidrv.sys undetected.
No, did not. Why don’t your recompile the mimidrv.sys (change the code a little) and get it signed https://docs.microsoft.com/en-us/windows-hardware/drivers/install/driver-signing ?
Thanks, I’ve been trying that but it won’t accept my cert (even though imported into the trust store). Does it need to be a DV cert?
You need to invest in a commercial signing certificate I believe https://docs.microsoft.com/en-us/windows-hardware/drivers/install/test-signing-a-driver-file