Trang chủ Khám phá Trợ giúp
Đăng nhập
mirrors
/
optimizer
mirror of https://github.com/hellzerg/optimizer
2
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: 11b54459b9
Branches Tags
optimizer
/
Optimizer
/
Resources
/
Scripts
/
DisableDefenderSafeMode1903Plus.bat

DisableDefenderSafeMode1903Plus.bat 4.6 KB
Lịch sử Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
    2. 

  2. 

  3. rem https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
    4. 

  4. rem "DisableAntiSpyware" is discontinued and will be ignored on client devices, as of the August 2020 (version 4.18.2007.8) update to Microsoft Defender Antivirus.
    5. 

  5. 

  6. rem Disable Tamper Protection First !!!!!
    7. 

  7. rem https://www.tenforums.com/tutorials/123792-turn-off-tamper-protection-windows-defender-antivirus.html
    8. 

  8. reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
    9. 

  9. 

  10. rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
    11. 

  11. rem https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290
    12. 

  12. 

  13. rem Exclusion in WD can be easily set with an elevated cmd, so that makes it super easy to damage any pc.
    14. 

  14. rem WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="xxxxxx
    15. 

  15. 

  16. rem To disable System Guard Runtime Monitor Broker
    17. 

  17. reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
    18. 

  18. 

  19. rem To disable Windows Defender Security Center include this
    20. 

  20. reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
    21. 

  21. 

  22. rem 1 - Disable Real-time protection
    23. 

  23. reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
    24. 

  24. reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    25. 

  25. reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
    26. 

  26. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
    27. 

  27. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
    28. 

  28. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
    29. 

  29. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
    30. 

  30. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    31. 

  31. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
    32. 

  32. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
    33. 

  33. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    34. 

  34. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
    35. 

  35. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
    36. 

  36. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
    37. 

  37. 

  38. rem 0 - Disable Logging
    39. 

  39. reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
    40. 

  40. reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
    41. 

  41. 

  42. rem Disable WD Tasks
    43. 

  43. schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
    44. 

  44. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
    45. 

  45. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
    46. 

  46. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
    47. 

  47. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
    48. 

  48. 

  49. rem Disable WD systray icon
    50. 

  50. reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
    51. 

  51. reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    52. 

  52. 

  53. rem Remove WD context menu
    54. 

  54. reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
    55. 

  55. reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
    56. 

  56. reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
    57. 

  57. 

  58. rem Disable WD services
    59. 

  59. rem reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
    60. 

  60. reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
    61. 

  61. reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
    62. 

  62. reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
    63. 

  63. reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
    64. 

  64. 

  65. rem Run twice to disable WD services !!!!!
    66.