Disable Windows Defender Completely.


Lance1

Well-known member
Member
VIP
Local time
12:40 AM
Posts
162
OS
Windows 11 22H2 in a VM. Windows 10 21H2 on my main system.
If you don't like or want Defender on your system and you want it Completely Gone, there is a way BUT! You have to add to the registry. Values and Keys and a lot of them. I disabled Defender and installed another AV for testing. Never liked Defender. To give you an idea of how in-depth this is I'll past the Values and Keys from Britec. Defender is so embedded into the Windows system that the average user will have no idea how to remove it. So My Post! Would you go this far? Or would you settle for what Microsoft says you need...

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"ForceUpdateFromMU"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001

 

My Computers

System One System Two

  • OS
    Windows 11 22H2 in a VM. Windows 10 21H2 on my main system.
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build By Me
    CPU
    AMD FX 9590 8 Core Black Edition
    Motherboard
    MSI 990FXA GAMING (MS-7893)
    Memory
    Corsair Vengeance 24GB DDR3
    Graphics Card(s)
    AMD Radeon (TM) R9 380 Gaming Series
    Sound Card
    AMD High Definition
    Monitor(s) Displays
    Samsung 32" 60Hz 4ms Curved PLS LED
    Screen Resolution
    1920 X 1080
    Hard Drives
    C: 1 TB SSD = H: 1 TB HDD = D: 500 GB HDD = F: 500 GB HDD
    PSU
    EVGA Supernova NEX750B 750W ATX EPS12V 80PLUS Bronze
    Case
    Cool Master
    Cooling
    Noctua NH-D15 Premium Cooler with 2x NF-A15 PWM 140mm Fans In A Push Pull Fan Configuration
    Internet Speed
    Fiber Optic: Download 332.7 Mbps / Upload 331.5 Mbps
    Browser
    Vivaldi (64bit)
    Antivirus
    Windows Defender
  • Operating System
    Window 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron N7110
    CPU
    Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    Motherboard
    Dell Inc. 0YH79Y
    Memory
    4 GB DDR3
    Graphics card(s)
    Intel(R) HD Graphics 3000
    Sound Card
    High Definition Audio
    Monitor(s) Displays
    17.3 Inch Display
    Screen Resolution
    1600 X 900
    Hard Drives
    Samsung SSD 860 EVO 500GB
    Internet Speed
    Fiber Optic: Download 332.7 Mbps / Upload 331.5 Mbps
    Browser
    Vivaldi 64 bit
    Antivirus
    Windows Defender

Wolfzz

Active member
Member
Local time
3:40 PM
Posts
40
OS
Windows 11
If you don't like or want Defender on your system and you want it Completely Gone, there is a way BUT! You have to add to the registry. Values and Keys and a lot of them. I disabled Defender and installed another AV for testing. Never liked Defender. To give you an idea of how in-depth this is I'll past the Values and Keys from Britec. Defender is so embedded into the Windows system that the average user will have no idea how to remove it. So My Post! Would you go this far? Or would you settle for what Microsoft says you need...

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"ForceUpdateFromMU"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001

What about these few extra's?

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000000
"ConfigureAppInstallControl"="Anywhere"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel Core i9 12900KF
    Motherboard
    ASUS ROG Maximus Z690 Hero
    Memory
    Corsair 64GB DDR5 Vengeance C40 5200Mhz
    Graphics Card(s)
    ASUS GeForce RTX 3090 ROG Strix OC 24GB
    Sound Card
    OnBoard
    Monitor(s) Displays
    Acer Predator XB323UGP 32" QHD G-SYNC-C 144Hz 1MS IPS LED
    Screen Resolution
    2560 x 1440
    Hard Drives
    1x Samsung 980 Pro Series Gen4 250GB M.2 NVMe
    1x Samsung 980 Pro Series Gen4 500GB M.2 NVMe
    2x Samsung 980 Pro Series Gen4 2TB M.2 NVMe
    PSU
    Corsair AX1200i 1200W 80PLUS Titanium Modular
    Case
    Corsair 4000D Black Case w/ Tempered Glass Side Panel
    Cooling
    Noctua NH-U12A Chromax Black CPU Cooler, 4x Noctua 120mm Fans
    Keyboard
    Logitech MK545
    Mouse
    Logitech MX Master 3
    Internet Speed
    Fixed Wireless 150mbps/75mbps
    Browser
    Firefox
    Antivirus
    Kaspersky
    Other Info
    Thrustmaster TS-PC RACER
    Fanatec CSL Elite Pedals with the Load Cell Kit
    Yamaha Amp with Bose Speakers

FreeBooter

Well-known member
Power User
VIP
Local time
10:40 AM
Posts
1,011
Location
Adana
OS
Windows 11

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1

Cromax

Active member
Local time
9:40 AM
Posts
135
OS
Windows 11
Sry but i never found better suite performance wise for the system.. every suite that i used hogs the pc
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    -
    CPU
    4770k
    Motherboard
    Asus Maximus Formula VI
    Memory
    16 gb Kingston
    Graphics Card(s)
    2070 super

TairikuOkami

Brony
Power User
VIP
Local time
9:40 AM
Posts
506
OS
Windows 11 Home
Sry but i never found better suite performance wise for the system.. every suite that i used hogs the pc
Have you tried Panda, WiseVector, 360 TSE or Adaware?
In this video, i will guide you on how to disable Windows Defender in Windows 11.
I know your voice now, beware. :smirk:
 

My Computer

System One

  • OS
    Windows 11 Home
    CPU
    AMD Ryzen 5 3600 (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz + FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm
    Keyboard
    HP Wired Desktop 320K Keyboard (04/22)
    Mouse
    HP Wireless Silent 280M Mouse (05/21)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) + TCP Optimizer
    Browser
    Edge with Neeva (No FB/Google) + Brave for YouTube + LibreWolf for FB
    Antivirus
    None + Binisoft WFC
    Other Info
    Headphones: Sennheiser RS170 (09/10)

FreeBooter

Well-known member
Power User
VIP
Local time
10:40 AM
Posts
1,011
Location
Adana
OS
Windows 11

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP Pavilion
    CPU
    AMD Ryzen 7 5700G
    Motherboard
    Erica6
    Memory
    Micron Technology DDR4-3200 16GB
    Graphics Card(s)
    NVIDIA GeForce RTX 3060
    Sound Card
    Realtek ALC671
    Monitor(s) Displays
    Samsung SyncMaster U28E590
    Screen Resolution
    3840 x 2160
    Hard Drives
    SAMSUNG MZVLQ1T0HALB-000H1

Cromax

Active member
Local time
9:40 AM
Posts
135
OS
Windows 11

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    -
    CPU
    4770k
    Motherboard
    Asus Maximus Formula VI
    Memory
    16 gb Kingston
    Graphics Card(s)
    2070 super

jimbo45

Well-known member
Power User
VIP
Local time
7:40 AM
Posts
2,068
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Panda yes 2 other no

Up to individuals so that's their choice - but WD is so good now and integrated with OS to use minimal resources I'm not sure what the problem is here or why the OP doesn't want it.

To me disabling WD seems a bit like saying I want a top of the range BMW but only want a Pinto engine in it.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

swerd

Member
Local time
6:40 PM
Posts
70
OS
Windows 11 Home
 

My Computer

System One

  • OS
    Windows 11 Home

Spartan

Well-known member
Member
VIP
Local time
11:40 AM
Posts
103
Location
Dubai
OS
Windows 11 Education
If you don't like or want Defender on your system and you want it Completely Gone, there is a way BUT! You have to add to the registry. Values and Keys and a lot of them. I disabled Defender and installed another AV for testing. Never liked Defender. To give you an idea of how in-depth this is I'll past the Values and Keys from Britec. Defender is so embedded into the Windows system that the average user will have no idea how to remove it. So My Post! Would you go this far? Or would you settle for what Microsoft says you need...

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001
"DisableAntiVirus"=dword:00000001
"DisableSpecialRunningModes"=dword:00000001
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableBehaviorMonitoring"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"DisableRealtimeMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
"ForceUpdateFromMU"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001

No need for all this. One simple batch file gets rid of Windows Defender completely from its roots. Running it again would restore it.

Download ToggleDefender

@(set "0=%~f0"^)#) & powershell -win 1 -nop -c iex([io.file]::ReadAllText($env:0)) & exit /b

## Toggle Defender, AveYo 2022.01.15
## changed: comment personal configuration tweaks

sp 'HKCU:\Volatile Environment' 'ToggleDefender' @'
if ($(sc.exe qc windefend) -like '*TOGGLE*') {$TOGGLE=7;$KEEP=6;$A='Enable';$S='OFF'}else{$TOGGLE=6;$KEEP=7;$A='Disable';$S='ON'}

## Comment to hide dialog prompt with Yes, No, Cancel (6,7,2)
if ($env:1 -ne 6 -and $env:1 -ne 7) {
$choice=(new-object -ComObject Wscript.Shell).Popup($A + ' Windows Defender?', 0, 'Defender is: ' + $S, 0x1033)
if ($choice -eq 2) {break} elseif ($choice -eq 6) {$env:1=$TOGGLE} else {$env:1=$KEEP}
}

## Without the dialog prompt above will toggle automatically
if ($env:1 -ne 6 -and $env:1 -ne 7) { $env:1=$TOGGLE }

## Cascade elevation
$u=0;$w=whoami /groups;if($w-like'*1-5-32-544*'){$u=1};if($w-like'*1-16-12288*'){$u=2};if($w-like'*1-16-16384*'){$u=3}

## Comment to not hide per-user toggle notifications
$notif='HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance'
ni $notif -ea 0|out-null; ri $notif.replace('Settings','Current') -Recurse -Force -ea 0
sp $notif Enabled 0 -Type Dword -Force -ea 0; if ($TOGGLE -eq 7) {rp $notif Enabled -Force -ea 0}

## Comment to not relaunch systray icon
$L="$env:programFiles\Windows Defender\MSASCuiL.exe"; if (!(test-path $L)) {$L='SecurityHealthSystray'}
if ($u -eq 2) {start $L -win 1}

## Reload from volatile registry as needed
$script='-win 1 -nop -c & {$AveYo='+"'`r`r"+' A LIMITED ACCOUNT PROTECTS YOU FROM UAC EXPLOITS '+"`r`r'"+';$env:1='+$env:1
$script+=';$k=@();$k+=gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0;iex($k[0].ToggleDefender)}'
$cmd='powershell '+$script; $env:__COMPAT_LAYER='Installer'

## 0: limited-user: must runas / 1: admin-user non-elevated: must runas [built-in lame uac bpass removed]
if ($u -lt 2) {
start powershell -args $script -verb runas -win 1; break
}

## 2: admin-user elevated: get ti/system via runasti lean and mean snippet [$window hide:0x0E080600 show:0x0E080610]
if ($u -eq 2) {
$A=[AppDomain]::CurrentDomain."DefineDynami`cAssembly"(1,1)."DefineDynami`cModule"(1);$D=@();0..5|%{$D+=$A."Defin`eType"('A'+$_,
1179913,[ValueType])} ;4,5|%{$D+=$D[$_]."MakeByR`efType"()} ;$I=[Int32];$J="Int`Ptr";$P=$I.module.GetType("System.$J"); $F=@(0)
$F+=($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$P,$P,$P,$I,$I,$I,$I,$I,$I,$I,$I,[Int16],[Int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
$S=[String]; $9=$D[0]."DefinePInvok`eMethod"('CreateProcess',"kernel`32",8214,1,$I,@($S,$S,$I,$I,$I,$I,$I,$S,$D[6],$D[7]),1,4)
1..5|%{$k=$_;$n=1;$F[$_]|%{$9=$D[$k]."DefineFie`ld"('f'+$n++,$_,6)}};$T=@();0..5|%{$T+=$D[$_]."CreateT`ype"();$Z=[uintptr]::size
nv ('T'+$_)([Activator]::CreateInstance($T[$_]))}; $H=$I.module.GetType("System.Runtime.Interop`Services.Mar`shal");
$WP=$H."GetMeth`od"("Write$J",[type[]]($J,$J)); $HG=$H."GetMeth`od"("AllocHG`lobal",[type[]]'int32'); $v=$HG.invoke($null,$Z)
'TrustedInstaller','lsass'|%{if(!$pn){net1 start $_ 2>&1 >$null;$pn=[Diagnostics.Process]::GetProcessesByName($_)[0];}}
$WP.invoke($null,@($v,$pn.Handle)); $SZ=$H."GetMeth`od"("SizeOf",[type[]]'type'); $T1.f1=131072; $T1.f2=$Z; $T1.f3=$v; $T2.f1=1
$T2.f2=1;$T2.f3=1;$T2.f4=1;$T2.f6=$T1;$T3.f1=$SZ.invoke($null,$T[4]);$T4.f1=$T3;$T4.f2=$HG.invoke($null,$SZ.invoke($null,$T[2]))
$H."GetMeth`od"("StructureTo`Ptr",[type[]]($D[2],$J,'boolean')).invoke($null,@(($T2-as $D[2]),$T4.f2,$false));$window=0x0E080600
$9=$T[0]."GetMeth`od"('CreateProcess').Invoke($null,@($null,$cmd,0,0,0,$window,0,$null,($T4-as $D[4]),($T5-as $D[5]))); break
}

## Cleanup
rp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0

## Create registry paths
$wdp='HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender'
' Security Center\Notifications','\UX Configuration','\MpEngine','\Spynet','\Real-Time Protection' |% {ni ($wdp+$_)-ea 0|out-null}

## Toggle Defender
if ($env:1 -eq 7) {
## enable notifications
rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications -Force -ea 0
rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' Notification_Suppress -Force -ea 0
rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' UILockdown -Force -ea 0
rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications -Force -ea 0
rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender\UX Configuration' Notification_Suppress -Force -ea 0
rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender\UX Configuration' UILockdown -Force -ea 0
## enable shell smartscreen and set to warn
rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' EnableSmartScreen -Force -ea 0
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' ShellSmartScreenLevel 'Warn' -Force -ea 0
## enable store smartscreen and set to warn
gp Registry::HKEY_Users\S-1-5-21*\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost -ea 0 |% {
sp $_.PSPath 'EnableWebContentEvaluation' 1 -Type Dword -Force -ea 0
sp $_.PSPath 'PreventOverride' 0 -Type Dword -Force -ea 0
}
## enable chredge smartscreen + pua
gp Registry::HKEY_Users\S-1-5-21*\SOFTWARE\Microsoft\Edge\SmartScreenEnabled -ea 0 |% {
sp $_.PSPath '(Default)' 1 -Type Dword -Force -ea 0
}
gp Registry::HKEY_Users\S-1-5-21*\SOFTWARE\Microsoft\Edge\SmartScreenPuaEnabled -ea 0 |% {
sp $_.PSPath '(Default)' 1 -Type Dword -Force -ea 0
}
## enable legacy edge smartscreen
ri 'HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter' -Force -ea 0
## enable av
rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' DisableRealtimeMonitoring -Force -ea 0
rp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' DisableAntiSpyware -Force -ea 0
rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender' DisableAntiSpyware -Force -ea 0
sc.exe config windefend depend= RpcSs
net1 start windefend
kill -Force -Name MpCmdRun -ea 0
start ($env:programFiles+'\Windows Defender\MpCmdRun.exe') -Arg '-EnableService' -win 1
} else {
## disable notifications
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications 1 -Type Dword -ea 0
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' Notification_Suppress 1 -Type Dword -Force -ea 0
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration' UILockdown 0 -Type Dword -Force -ea 0
sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' DisableNotifications 1 -Type Dword -ea 0
sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender\UX Configuration' Notification_Suppress 1 -Type Dword -Force -ea 0
sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender\UX Configuration' UILockdown 0 -Type Dword -Force -ea 0
## disable shell smartscreen and set to warn
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' EnableSmartScreen 0 -Type Dword -Force -ea 0
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' ShellSmartScreenLevel 'Warn' -Force -ea 0
## disable store smartscreen and set to warn
gp Registry::HKEY_Users\S-1-5-21*\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost -ea 0 |% {
sp $_.PSPath 'EnableWebContentEvaluation' 0 -Type Dword -Force -ea 0
sp $_.PSPath 'PreventOverride' 0 -Type Dword -Force -ea 0
}
## disable chredge smartscreen + pua
gp Registry::HKEY_Users\S-1-5-21*\SOFTWARE\Microsoft\Edge\SmartScreenEnabled -ea 0 |% {
sp $_.PSPath '(Default)' 0 -Type Dword -Force -ea 0
}
gp Registry::HKEY_Users\S-1-5-21*\SOFTWARE\Microsoft\Edge\SmartScreenPuaEnabled -ea 0 |% {
sp $_.PSPath '(Default)' 0 -Type Dword -Force -ea 0
}
## disable legacy edge smartscreen
sp 'HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter' EnabledV9 0 -Type Dword -Force -ea 0
## disable av
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' DisableRealtimeMonitoring 1 -Type Dword -Force
sp 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' DisableAntiSpyware 1 -Type Dword -Force -ea 0
sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender' DisableAntiSpyware 1 -Type Dword -Force -ea 0
net1 stop windefend
sc.exe config windefend depend= RpcSs-TOGGLE
kill -Name MpCmdRun -Force -ea 0
start ($env:programFiles+'\Windows Defender\MpCmdRun.exe') -Arg '-DisableService' -win 1
del ($env:programData+'\Microsoft\Windows Defender\Scans\mpenginedb.db') -Force -ea 0 ## Commented = keep scan history
del ($env:programData+'\Microsoft\Windows Defender\Scans\History\Service') -Recurse -Force -ea 0
}

## PERSONAL CONFIGURATION TWEAK - COMMENT OR UNCOMMENT ENTRIES TO TWEAK OR REVERT
#sp $wdp DisableRoutinelyTakingAction 1 -Type Dword -Force -ea 0 ## Auto Actions off
#rp $wdp DisableRoutinelyTakingAction -Force -ea 0 ## Auto Actions ON [default]

#sp ($wdp+'\MpEngine') MpCloudBlockLevel 2 -Type Dword -Force -ea 0 ## Cloud blocking level HIGH
#rp ($wdp+'\MpEngine') MpCloudBlockLevel -Force -ea 0 ## Cloud blocking level low [default]

#sp ($wdp+'\Spynet') SpyNetReporting 2 -Type Dword -Force -ea 0 ## Cloud protection ADVANCED
#rp ($wdp+'\Spynet') SpyNetReporting -Force -ea 0 ## Cloud protection basic [default]

#sp ($wdp+'\Spynet') SubmitSamplesConsent 0 -Type Dword -Force -ea 0 ## Sample Submission ALWAYS-PROMPT
#rp ($wdp+'\Spynet') SubmitSamplesConsent -Force -ea 0 ## Sample Submission automatic [default]

#sp ($wdp+'\Real-Time Protection') RealtimeScanDirection 1 -Type Dword -Force -ea 0 ## Scan incoming file only
#rp ($wdp+'\Real-Time Protection') RealtimeScanDirection -Force -ea 0 ## Scan INCOMING, OUTGOING file [default]

#sp $wdp PUAProtection 1 -Type Dword -Force -ea 0 ## Potential Unwanted Apps on [policy]
#rp $wdp PUAProtection -Force -ea 0 ## Potential Unwanted Apps off [default]
#sp 'HKLM:\SOFTWARE\Microsoft\Windows Defender' PUAProtection 1 -Type Dword -Force -ea 0 ## Potential Unwanted Apps ON [user]
#rp 'HKLM:\SOFTWARE\Microsoft\Windows Defender' PUAProtection -Force -ea 0 ## Potential Unwanted Apps off [default]

$env:1=$null
# done!
'@ -Force -ea 0; $k=@();$k+=gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0;iex($k[0].ToggleDefender)
#-_-# hybrid script, can be pasted directly into powershell console
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m15 R7
    CPU
    AMD Ryzen 9 6900HX
    Memory
    64 GB 4800 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 3080 Ti 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    15.6" QHD 240Hz 2ms 400-Nit Screen + Alienware 38 Curved Gaming Monitor AW3821DW
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Western Digital PC SN810 1TB SSD + Toshiba Kioxia KXG70PN84T094TB 4TB SSD
    PSU
    240W AC Power Adapter (supports 100-240V)
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware Low-Profile RGB Mechanical Gaming Keyboard AW510K
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 300 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Windows Defender
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 13 9310
    CPU
    i7-1185G7
    Motherboard
    Intel Tiger Lake-UP3 IMC Chipset
    Memory
    32 GB 4267MHz Quad LPDDR4 SDRAM
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    13.4" OLED 3.5K 400-Nit Screen + Alienware 38 Curved Gaming Monitor AW3821DW
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung PM9A1 2TB SSD
    PSU
    230W AC Power Adapter (supports 100-240V)
    Cooling
    Noctua NT-H1 + Fujipoly Extreme Thermal Pads
    Mouse
    Logitech MX Anywhere 3
    Keyboard
    Alienware Low-Profile RGB Mechanical Gaming Keyboard AW510K
    Internet Speed
    1 GBPS Down / 300 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Windows Defender

Sammy888

Member
Local time
12:40 AM
Posts
176
OS
Windows 11
It's not without it's bugs, but the only way to disable Defender (100%) completely is installing and running Defender Control.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20

Sammy888

Member
Local time
12:40 AM
Posts
176
OS
Windows 11
No need for all this. One simple batch file gets rid of Windows Defender completely from its roots. Running it again would restore it.

Download ToggleDefender

That batch feel needs updating. It's been reported early in the new year it stopped working after a Windows (11) update. That's why in March Defender Control was updated to 2.1.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    Graphics Card(s)
    NVIDA 1650 Ti
    Monitor(s) Displays
    Lenovo C32q-20

Lance1

Well-known member
Member
VIP
Thread Starter
Local time
12:40 AM
Posts
162
OS
Windows 11 22H2 in a VM. Windows 10 21H2 on my main system.
This is one you should look at, as it covers so much more of what Defender protection is and what it's all about... He covers so much more... It's worth a look! O!! Only if you're into Registry Changes! I'm In! ;-)

 

My Computers

System One System Two

  • OS
    Windows 11 22H2 in a VM. Windows 10 21H2 on my main system.
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build By Me
    CPU
    AMD FX 9590 8 Core Black Edition
    Motherboard
    MSI 990FXA GAMING (MS-7893)
    Memory
    Corsair Vengeance 24GB DDR3
    Graphics Card(s)
    AMD Radeon (TM) R9 380 Gaming Series
    Sound Card
    AMD High Definition
    Monitor(s) Displays
    Samsung 32" 60Hz 4ms Curved PLS LED
    Screen Resolution
    1920 X 1080
    Hard Drives
    C: 1 TB SSD = H: 1 TB HDD = D: 500 GB HDD = F: 500 GB HDD
    PSU
    EVGA Supernova NEX750B 750W ATX EPS12V 80PLUS Bronze
    Case
    Cool Master
    Cooling
    Noctua NH-D15 Premium Cooler with 2x NF-A15 PWM 140mm Fans In A Push Pull Fan Configuration
    Internet Speed
    Fiber Optic: Download 332.7 Mbps / Upload 331.5 Mbps
    Browser
    Vivaldi (64bit)
    Antivirus
    Windows Defender
  • Operating System
    Window 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    DELL Inspiron N7110
    CPU
    Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
    Motherboard
    Dell Inc. 0YH79Y
    Memory
    4 GB DDR3
    Graphics card(s)
    Intel(R) HD Graphics 3000
    Sound Card
    High Definition Audio
    Monitor(s) Displays
    17.3 Inch Display
    Screen Resolution
    1600 X 900
    Hard Drives
    Samsung SSD 860 EVO 500GB
    Internet Speed
    Fiber Optic: Download 332.7 Mbps / Upload 331.5 Mbps
    Browser
    Vivaldi 64 bit
    Antivirus
    Windows Defender

jimbo45

Well-known member
Power User
VIP
Local time
7:40 AM
Posts
2,068
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
It's not without it's bugs, but the only way to disable Defender (100%) completely is installing and running Defender Control.
That site has so many "Entrapment links" before you get to the real file download and it doesn't work anyway.

I've found absolutely no way to stop this wretched thing appearing on clean installs of W11 on latest builds whether using local account or not. You can even at first boot see there's a problem with WD as the store isn't even shown on the taskbar which it normally is when booting a new systyem ist time.

Screenshot_20220901_122106.png


Update installs work OK - just clean installs whether using ISO's from UUPDUMP or the ms site.

I've given up with W11 new installs on this computer for the moment - it fails whether as a VM or a real machine, whether on real HDD's or vhdx files. None of the 10 zillion fixes on google work nor scannow or other commands to fix system files.


If this nonsense is going to happen when bog standard users finally do a mass switch -- I wouldn't like to be I.T admin !!!!

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

cereberus

Well-known member
Pro User
VIP
Local time
8:40 AM
Posts
2,591
OS
Windows 10 Pro + others in VHDs
The issue is not so much disabling defender - that is easy i.e. install another AV package. When people go out of their way to ask about deleting Defender, they never say why. It always seems to be gamers in pursuit of a tiny fps increase.

I have Defender full enabled on my laptop with nvme drives and it idles at 1% cpu and very occasionally blips to a few % when it does a background scan after an update.

In the end running without an AV package is just dumb (It's like peole saying I have never had an accident, so I never wear a seatbelt).

People can try and justify to the end of time why they feel they are more knowledgeable than hackers but in the end it is bullcrap. There is always some toerag out to get you - why make it easy?


I would not let any user attach a pc to my network if they have disabled all AVs.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

jimbo45

Well-known member
Power User
VIP
Local time
7:40 AM
Posts
2,068
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
The issue is not so much disabling defender - that is easy i.e. install another AV package. When people go out of their way to ask about deleting Defender, they never say why. It always seems to be gamers in pursuit of a tiny fps increase.

I have Defender full enabled on my laptop with nvme drives and it idles at 1% cpu and very occasionally blips to a few % when it does a background scan after an update.

In the end running without an AV package is just dumb (It's like peole saying I have never had an accident, so I never wear a seatbelt).

People can try and justify to the end of time why they feel they are more knowledgeable than hackers but in the end it is bullcrap. There is always some toerag out to get you - why make it easy?


I would not let any user attach a pc to my network if they have disabled all AVs.
The problem here is that I can't get into the application to run anything on it at all -- even a scan for malware !!!!!!!!

When it's working WD is excellent - but an OS where the security package fails to open so you can't even scan or change some settings is just plain useless.

I'm not sure why this app is such a problem --using 100% legal software and this is just after a clean install from an official W11 iso.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

Master

Member
Local time
9:40 AM
Posts
4
OS
Windows 11 22622 & Fedora
Disable Temper Protection in defender and use this save as remove defnder.cmd and run as administrator

@cls
@echo off
>nul chcp 437
setlocal enabledelayedexpansion
title Group Policy Addins

>nul 2>&1 where powershell || (
echo.
echo Missing Critical files [powershell.exe]
echo.
pause
exit /b
)

rem == Destroy Defender Called from End OF Script
whoami|>nul findstr /i /c:"nt authority\system" && (
echo.
call :RunAtSystemLevel
timeout 6
exit
)

rem Credit ..
rem Bau For Run As TI Script
rem freddie-o, geepnozeex, St1ckys For Defender Script

cd /d "%~dp0"

:::: Run as administrator, AveYo: ps\vbs version
1>nul 2>nul fltmc || (
set "_=call "%~f0" %*" & powershell -nop -c start cmd -args'/d/x/r',$env:_ -verb runas || (
>"%temp%\Elevate.vbs" echo CreateObject^("Shell.Application"^).ShellExecute "%~dpf0", "%*" , "", "runas", 1
>nul "%temp%\Elevate.vbs" & del /q "%temp%\Elevate.vbs" )
exit)

echo.
set Policies=HKEY_LOCAL_MACHINE\SOFTWARE\Policies

set Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore"
>nul 2>&1 REG ADD !Key! /f /v DisableSR /t REG_DWORD /d 1
>nul 2>&1 REG ADD !Key! /f /v DisableConfig /t REG_DWORD /d 1

set Key="%Policies%\Microsoft\Windows NT\SystemRestore"
>nul 2>&1 REG ADD !Key! /f /v DisableSR /t REG_DWORD /d 1
>nul 2>&1 REG ADD !Key! /f /v DisableConfig /t REG_DWORD /d 1

echo == Disable Malicious Software Reporting Tool
set Key="%Policies%\Microsoft\MRT"
>nul 2>&1 REG ADD !Key! /f /v DontReportInfectionInformation /t REG_DWORD /d "1"
>nul 2>&1 REG ADD !Key! /f /v DontOfferThroughWUAU /t REG_DWORD /d "1"

echo == Disable Windows Defender Security Center Notifications
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender Security Center\Notifications" /f /v DisableNotifications /t REG_DWORD /d "1"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender Security Center\Notifications" /f /v DisableEnhancedNotifications /t REG_DWORD /d "1"

echo == Hide Windows Security Systray
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender Security Center\Systray" /f /v HideSystray /t REG_DWORD /d "1"

echo == Turn off Windows Defender
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender" /f /v DisableAntiSpyware /t REG_DWORD /d "1"

echo == Disable smartscreen
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControlEnabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v Enabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV8 /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV9 /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /f /v 2301 /t REG_DWORD /d "3"
>nul 2>&1 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /f /v value /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /f /v SmartScreenEnabled /t REG_SZ /d "Off"

echo == Disable smartscreen for store and apps
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v EnableWebContentEvaluation /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v PreventOverride /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_StoreAppsSmartScreenOff /t REG_DWORD /d "0"

echo == Disable smartscreen for microsoft edge
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenEnabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenPuaEnabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_EdgeSmartScreenOff /t REG_DWORD /d "0"

call :RunAsTI "%~dpf0"

timeout 10
exit

:RunAtSystemLevel
:RunAtSystemLevel
:RunAtSystemLevel

echo == Delete Windows Defender Services
for %%A IN (WinDefend, WdBoot, WdFilter, Sense, WdNisDrv, WdNisSvc) do (
>nul 2>&1 sc config %%A start=disabled
>nul 2>&1 sc stop %%A
>nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%%A" /f
)

echo == Close Windows Defender Application
for %%A IN (SecurityHealthService.exe, SecurityHealthSystray.exe, smartscreen.exe, MpCmdRun.exe) do >nul 2>&1 taskkill /im %%A

echo == Delete Windows Defender scheduled tasks
>nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f

echo == Disable Malicious Software Reporting Tool
>nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f

echo == Remove Defender Components
call :export cson > "%temp%\Windows.10.Defender_Uninstall.ps1"
>nul 2>&1 powershell -noprofile -executionpolicy bypass -file "%temp%\Windows.10.Defender_Uninstall.ps1"

echo == Remove Temper Protection
set Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features"
>nul 2>&1 call :reg_own !key! "" S-1-5-114 "" Allow FullControl
>nul 2>&1 call :reg_own !key! "" S-1-5-32-544 "" Allow FullControl
>nul 2>&1 REG ADD !Key! /f /v DisableAntiSpyware /t REG_DWORD /d 1
>nul 2>&1 REG ADD !Key! /f /v TamperProtection /t REG_DWORD /d 0

echo == Remove Windows Defender Folder
>nul 2>&1 call :DestryFolder "%ProgramFiles%\Windows Defender"
>nul 2>&1 call :DestryFolder "%ProgramFiles(x86)%\Windows Defender"
>nul 2>&1 call :DestryFolder "%ALLUSERSPROFILE%\Windows Defender"
>nul 2>&1 call :DestryFolder "%ProgramFiles%\Windows Defender Advanced Threat Protection"
>nul 2>&1 call :DestryFolder "%ProgramFiles(x86)%\Windows Defender Advanced Threat Protection"
>nul 2>&1 call :DestryFolder "%ALLUSERSPROFILE%\Microsoft\Windows Defender Advanced Threat Protection"

goto :eof

:DestryFolder
set targetFolder=%*
if exist %targetFolder% (
rd /s /q %targetFolder%
if exist %targetFolder% (
for /f "tokens=*" %%g in ('dir /b/s /a-d %targetFolder%') do move /y "%%g" "%temp%"
rd /s /q %targetFolder%
)
)
goto :eof

:export
rem AveYo's :export text attachments snippet
setlocal enabledelayedexpansion || Prints all text between lines starting with :NAME:[ and :NAME:] - A pure batch snippet by AveYo
set [=&for /f "delims=:" %%s in ('findstr/nbrc:":%~1:\[" /c:":%~1:\]" "%~f0"') do if defined [ (set/a ]=%%s-3) else set/a [=%%s-1
<"%~fs0" ((for /l %%i in (0 1 %[%) do set /p =)&for /l %%i in (%[% 1 %]%) do (set txt=&set /p txt=&echo(!txt!)) &endlocal &exit/b

:cson:[

#---------------------------------------------------------------
# Windows.10.Defender_Uninstall.ps1
# IMPORTANT: Run as Administrator or for the better as TrustedInstaller
# Stuff/Windows.10.Defender_Uninstall.ps1 at main · St1ckys/Stuff
#---------------------------------------------------------------


Set-ItemProperty -Path "REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*" -Name Visibility -Value "1"
Remove-Item -Path "REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*" -Include *Owner* -Recurse -Force | Out-Null
Get-ChildItem -Path "REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*" -Name | ForEach-Object {dism /online /remove-package /PackageName:$_ /NoRestart}

:cson:]

#:RunAsTI: #1 snippet to run as TI/System, with /high priority, /priv ownership, explorer and HKCU load
set ^ #=& set "0=%~f0"& set 1=%*& powershell -nop -c iex(([io.file]::ReadAllText($env:0)-split':RunAsTI\:.*')[1])& exit/b
$_CAN_PASTE_DIRECTLY_IN_POWERSHELL='^,^'; function RunAsTI ($cmd) { $id='RunAsTI'; $sid=((whoami /user)-split' ')[-1]; $code=@'
$ti=(whoami /groups)-like"*1-16-16384*"; $DM=[AppDomain]::CurrentDomain."DefineDynamicAss`embly"(1,1)."DefineDynamicMod`ule"(1)
$D=@(); 0..5|% {$D+=$DM."DefineT`ype"("M$_",1179913,[ValueType])}; $I=[int32];$P=$I.module.gettype("System.Int`Ptr"); $U=[uintptr]
$D+=$U; 4..6|% {$D+=$D[$_]."MakeB`yRefType"()};$M=$I.module.gettype("System.Runtime.Interop`Services.Mar`shal");$Z=[uintptr]::size
$S=[string]; $F="kernel","advapi","advapi",($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]),($U,$S,$I,$I,$D[9]),($U,$S,$I,$I,[byte[]],$I)
0..2|% {$9=$D[0]."DefinePInvokeMeth`od"(("CreateProcess","RegOpenKeyEx","RegSetValueEx")[$_],$F[$_]+'32',8214,1,$S,$F[$_+3],1,4)}
$DF=0,($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
1..5|% {$k=$_;$n=1;$AveYo=1; $DF[$_]|% {$9=$D[$k]."DefineFie`ld"('f'+$n++,$_,6)}}; $T=@(); 0..5|% {$T+=$D[$_]."CreateT`ype"()}
0..5|% {nv "A$_" ([Activator]::CreateInstance($T[$_])) -force}; function F ($1,$2) {$T[0]."GetMeth`od"($1).invoke(0,$2)};
if (!$ti) { $g=0; "TrustedInstaller","lsass"|% {if (!$g) {net1 start $_ 2>&1 >$null; $g=@(get-process -name $_ -ea 0|% {$_})[0]}}
function M($1,$2,$3){$M."GetMeth`od"($1,[type[]]$2).invoke(0,$3)}; $H=@(); $Z,(4*$Z+16)|% {$H+=M "AllocHG`lobal" $I $_};
M "WriteInt`Ptr" ($P,$P) ($H[0],$g.Handle); $A1.f1=131072;$A1.f2=$Z;$A1.f3=$H[0];$A2.f1=1;$A2.f2=1;$A2.f3=1;$A2.f4=1;$A2.f6=$A1
$A3.f1=10*$Z+32;$A4.f1=$A3;$A4.f2=$H[1]; M "StructureTo`Ptr" ($D[2],$P,[boolean]) (($A2 -as $D[2]),$A4.f2,$false); $w=0x0E080600
$out=@($null,"powershell -win 1 -nop -c iex `$env:A",0,0,0,$w,0,$null,($A4 -as $T[4]),($A5 -as $T[5])); F "CreateProcess" $out
} else { $env:A=''; $PRIV=[uri].module.gettype("System.Diagnostics.Process")."GetMeth`ods"(42) |? {$_.Name -eq "SetPrivilege"}
"SeSecurityPrivilege","SeTakeOwnershipPrivilege","SeBackupPrivilege","SeRestorePrivilege" |% {$PRIV.Invoke(0, @("$_",2))}
$HKU=[uintptr][uint32]2147483651; $LNK=$HKU; $reg=@($HKU,"S-1-5-18",8,2,($LNK -as $D[9])); F "RegOpenKeyEx" $reg; $LNK=$reg[4]
function SYM($1,$2){$b=[Text.Encoding]::Unicode.GetBytes("\Registry\User\$1");@($2,"SymbolicLinkValue",0,6,[byte[]]$b,$b.Length)}
F "RegSetValueEx" (SYM $(($key-split'\\')[1]) $LNK); $EXP="HKLM:\Software\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}"
$r="explorer"; if (!$cmd) {$cmd='C:\'}; $dir=test-path -lit ((($cmd -split '^("[^"]+")|^([^\s]+)') -ne'')[0].trim('"')) -type 1
if (!$dir) {$r="start `"$id`" /high /w"}; sp $EXP RunAs '' -force; start cmd -args ("/q/x/d/r title $id && $r",$cmd) -wait -win 1
do {sleep 7} while ((gwmi win32_process -filter 'name="explorer.exe"'|? {$_.getownersid().sid -eq "S-1-5-18"}))
F "RegSetValueEx" (SYM ".Default" $LNK); sp $EXP RunAs "Interactive User" -force } # lean and mean snippet by AveYo, 2018-2021
'@; $key="Registry::HKEY_USERS\$sid\Volatile Environment"; $a1="`$id='$id';`$key='$key';";$a2="`$cmd='$($cmd-replace"'","''")';`n"
sp $key $id $($a1,$a2,$code) -type 7 -force; $arg="$a1 `$env:A=(gi `$key).getvalue(`$id)-join'';rp `$key `$id -force; iex `$env:A"
$_PRESS_ENTER='^,^'; start powershell -args "-win 1 -nop -c $arg" -verb runas }; <#,#> RunAsTI $env:1; #:RunAsTI:

:reg_own #key [optional] all user owner access permission : call :reg_own "HKCU\My" "" S-1-5-32-544 "" Allow FullControl
powershell -nop -c $A='%~1','%~2','%~3','%~4','%~5','%~6';iex(([io.file]::ReadAllText('%~f0')-split':Own1\:.*')[1])&exit/b:Own1:
$D1=[uri].module.gettype('System.Diagnostics.Process')."GetM`ethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
$path=$A[0]; $rk=$path-split'\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier]
$u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all'
$rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] )
$x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0}
};if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions')
$p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)}
$c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames()
foreach($n in $subkeys){Own1 "$k\$n"}}}};Own1 $rk[1];if($env:VO){get-acl Registry::$path|fl} #:Own1: lean & mean snippet by AveYo
::-_-::
 

My Computer

System One

  • OS
    Windows 11 22622 & Fedora
    Computer type
    PC/Desktop
    CPU
    Intel I5 11600 k
    Motherboard
    Asrock Z590 Pro4
    Memory
    32GB
    Graphics Card(s)
    Intel UHD 750
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung SyncMaster LCD 32"
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 980 PRO 1TB
    ADATA SSD SX8200PNP 1TB
    ST1000DM010-2EP102 1TB
    WDC WD10EZEX-08WN4A0 1TB
    TOSHIBA HDWD130 3TB
    Internet Speed
    300/100
    Antivirus
    Kaspersky Standard

jimbo45

Well-known member
Power User
VIP
Local time
7:40 AM
Posts
2,068
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Disable Temper Protection in defender and use this save as remove defnder.cmd

@cls
@echo off
>nul chcp 437
setlocal enabledelayedexpansion
title Group Policy Addins

>nul 2>&1 where powershell || (
echo.
echo Missing Critical files [powershell.exe]
echo.
pause
exit /b
)

rem == Destroy Defender Called from End OF Script
whoami|>nul findstr /i /c:"nt authority\system" && (
echo.
call :RunAtSystemLevel
timeout 6
exit
)

rem Credit ..
rem Bau For Run As TI Script
rem freddie-o, geepnozeex, St1ckys For Defender Script

cd /d "%~dp0"

:::: Run as administrator, AveYo: ps\vbs version
1>nul 2>nul fltmc || (
set "_=call "%~f0" %*" & powershell -nop -c start cmd -args'/d/x/r',$env:_ -verb runas || (
>"%temp%\Elevate.vbs" echo CreateObject^("Shell.Application"^).ShellExecute "%~dpf0", "%*" , "", "runas", 1
>nul "%temp%\Elevate.vbs" & del /q "%temp%\Elevate.vbs" )
exit)

echo.
set Policies=HKEY_LOCAL_MACHINE\SOFTWARE\Policies

set Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore"
>nul 2>&1 REG ADD !Key! /f /v DisableSR /t REG_DWORD /d 1
>nul 2>&1 REG ADD !Key! /f /v DisableConfig /t REG_DWORD /d 1

set Key="%Policies%\Microsoft\Windows NT\SystemRestore"
>nul 2>&1 REG ADD !Key! /f /v DisableSR /t REG_DWORD /d 1
>nul 2>&1 REG ADD !Key! /f /v DisableConfig /t REG_DWORD /d 1

echo == Disable Malicious Software Reporting Tool
set Key="%Policies%\Microsoft\MRT"
>nul 2>&1 REG ADD !Key! /f /v DontReportInfectionInformation /t REG_DWORD /d "1"
>nul 2>&1 REG ADD !Key! /f /v DontOfferThroughWUAU /t REG_DWORD /d "1"

echo == Disable Windows Defender Security Center Notifications
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender Security Center\Notifications" /f /v DisableNotifications /t REG_DWORD /d "1"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender Security Center\Notifications" /f /v DisableEnhancedNotifications /t REG_DWORD /d "1"

echo == Hide Windows Security Systray
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender Security Center\Systray" /f /v HideSystray /t REG_DWORD /d "1"

echo == Turn off Windows Defender
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender" /f /v DisableAntiSpyware /t REG_DWORD /d "1"

echo == Disable smartscreen
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControlEnabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v Enabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV8 /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV9 /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "%Policies%\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /f /v 2301 /t REG_DWORD /d "3"
>nul 2>&1 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /f /v value /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /f /v SmartScreenEnabled /t REG_SZ /d "Off"

echo == Disable smartscreen for store and apps
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v EnableWebContentEvaluation /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v PreventOverride /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_StoreAppsSmartScreenOff /t REG_DWORD /d "0"

echo == Disable smartscreen for microsoft edge
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenEnabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenPuaEnabled /t REG_DWORD /d "0"
>nul 2>&1 REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_EdgeSmartScreenOff /t REG_DWORD /d "0"

call :RunAsTI "%~dpf0"

timeout 10
exit

:RunAtSystemLevel
:RunAtSystemLevel
:RunAtSystemLevel

echo == Delete Windows Defender Services
for %%A IN (WinDefend, WdBoot, WdFilter, Sense, WdNisDrv, WdNisSvc) do (
>nul 2>&1 sc config %%A start=disabled
>nul 2>&1 sc stop %%A
>nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\%%A" /f
)

echo == Close Windows Defender Application
for %%A IN (SecurityHealthService.exe, SecurityHealthSystray.exe, smartscreen.exe, MpCmdRun.exe) do >nul 2>&1 taskkill /im %%A

echo == Delete Windows Defender scheduled tasks
>nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f

echo == Disable Malicious Software Reporting Tool
>nul 2>&1 reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f

echo == Remove Defender Components
call :export cson > "%temp%\Windows.10.Defender_Uninstall.ps1"
>nul 2>&1 powershell -noprofile -executionpolicy bypass -file "%temp%\Windows.10.Defender_Uninstall.ps1"

echo == Remove Temper Protection
set Key="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features"
>nul 2>&1 call :reg_own !key! "" S-1-5-114 "" Allow FullControl
>nul 2>&1 call :reg_own !key! "" S-1-5-32-544 "" Allow FullControl
>nul 2>&1 REG ADD !Key! /f /v DisableAntiSpyware /t REG_DWORD /d 1
>nul 2>&1 REG ADD !Key! /f /v TamperProtection /t REG_DWORD /d 0

echo == Remove Windows Defender Folder
>nul 2>&1 call :DestryFolder "%ProgramFiles%\Windows Defender"
>nul 2>&1 call :DestryFolder "%ProgramFiles(x86)%\Windows Defender"
>nul 2>&1 call :DestryFolder "%ALLUSERSPROFILE%\Windows Defender"
>nul 2>&1 call :DestryFolder "%ProgramFiles%\Windows Defender Advanced Threat Protection"
>nul 2>&1 call :DestryFolder "%ProgramFiles(x86)%\Windows Defender Advanced Threat Protection"
>nul 2>&1 call :DestryFolder "%ALLUSERSPROFILE%\Microsoft\Windows Defender Advanced Threat Protection"

goto :eof

:DestryFolder
set targetFolder=%*
if exist %targetFolder% (
rd /s /q %targetFolder%
if exist %targetFolder% (
for /f "tokens=*" %%g in ('dir /b/s /a-d %targetFolder%') do move /y "%%g" "%temp%"
rd /s /q %targetFolder%
)
)
goto :eof

:export
rem AveYo's :export text attachments snippet
setlocal enabledelayedexpansion || Prints all text between lines starting with :NAME:[ and :NAME:] - A pure batch snippet by AveYo
set [=&for /f "delims=:" %%s in ('findstr/nbrc:":%~1:\[" /c:":%~1:\]" "%~f0"') do if defined [ (set/a ]=%%s-3) else set/a [=%%s-1
<"%~fs0" ((for /l %%i in (0 1 %[%) do set /p =)&for /l %%i in (%[% 1 %]%) do (set txt=&set /p txt=&echo(!txt!)) &endlocal &exit/b

:cson:[

#---------------------------------------------------------------
# Windows.10.Defender_Uninstall.ps1
# IMPORTANT: Run as Administrator or for the better as TrustedInstaller
# Stuff/Windows.10.Defender_Uninstall.ps1 at main · St1ckys/Stuff
#---------------------------------------------------------------


Set-ItemProperty -Path "REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*" -Name Visibility -Value "1"
Remove-Item -Path "REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*" -Include *Owner* -Recurse -Force | Out-Null
Get-ChildItem -Path "REGISTRY::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\*Windows-Defender*" -Name | ForEach-Object {dism /online /remove-package /PackageName:$_ /NoRestart}

:cson:]

#:RunAsTI: #1 snippet to run as TI/System, with /high priority, /priv ownership, explorer and HKCU load
set ^ #=& set "0=%~f0"& set 1=%*& powershell -nop -c iex(([io.file]::ReadAllText($env:0)-split':RunAsTI\:.*')[1])& exit/b
$_CAN_PASTE_DIRECTLY_IN_POWERSHELL='^,^'; function RunAsTI ($cmd) { $id='RunAsTI'; $sid=((whoami /user)-split' ')[-1]; $code=@'
$ti=(whoami /groups)-like"*1-16-16384*"; $DM=[AppDomain]::CurrentDomain."DefineDynamicAss`embly"(1,1)."DefineDynamicMod`ule"(1)
$D=@(); 0..5|% {$D+=$DM."DefineT`ype"("M$_",1179913,[ValueType])}; $I=[int32];$P=$I.module.gettype("System.Int`Ptr"); $U=[uintptr]
$D+=$U; 4..6|% {$D+=$D[$_]."MakeB`yRefType"()};$M=$I.module.gettype("System.Runtime.Interop`Services.Mar`shal");$Z=[uintptr]::size
$S=[string]; $F="kernel","advapi","advapi",($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]),($U,$S,$I,$I,$D[9]),($U,$S,$I,$I,[byte[]],$I)
0..2|% {$9=$D[0]."DefinePInvokeMeth`od"(("CreateProcess","RegOpenKeyEx","RegSetValueEx")[$_],$F[$_]+'32',8214,1,$S,$F[$_+3],1,4)}
$DF=0,($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I)
1..5|% {$k=$_;$n=1;$AveYo=1; $DF[$_]|% {$9=$D[$k]."DefineFie`ld"('f'+$n++,$_,6)}}; $T=@(); 0..5|% {$T+=$D[$_]."CreateT`ype"()}
0..5|% {nv "A$_" ([Activator]::CreateInstance($T[$_])) -force}; function F ($1,$2) {$T[0]."GetMeth`od"($1).invoke(0,$2)};
if (!$ti) { $g=0; "TrustedInstaller","lsass"|% {if (!$g) {net1 start $_ 2>&1 >$null; $g=@(get-process -name $_ -ea 0|% {$_})[0]}}
function M($1,$2,$3){$M."GetMeth`od"($1,[type[]]$2).invoke(0,$3)}; $H=@(); $Z,(4*$Z+16)|% {$H+=M "AllocHG`lobal" $I $_};
M "WriteInt`Ptr" ($P,$P) ($H[0],$g.Handle); $A1.f1=131072;$A1.f2=$Z;$A1.f3=$H[0];$A2.f1=1;$A2.f2=1;$A2.f3=1;$A2.f4=1;$A2.f6=$A1
$A3.f1=10*$Z+32;$A4.f1=$A3;$A4.f2=$H[1]; M "StructureTo`Ptr" ($D[2],$P,[boolean]) (($A2 -as $D[2]),$A4.f2,$false); $w=0x0E080600
$out=@($null,"powershell -win 1 -nop -c iex `$env:A",0,0,0,$w,0,$null,($A4 -as $T[4]),($A5 -as $T[5])); F "CreateProcess" $out
} else { $env:A=''; $PRIV=[uri].module.gettype("System.Diagnostics.Process")."GetMeth`ods"(42) |? {$_.Name -eq "SetPrivilege"}
"SeSecurityPrivilege","SeTakeOwnershipPrivilege","SeBackupPrivilege","SeRestorePrivilege" |% {$PRIV.Invoke(0, @("$_",2))}
$HKU=[uintptr][uint32]2147483651; $LNK=$HKU; $reg=@($HKU,"S-1-5-18",8,2,($LNK -as $D[9])); F "RegOpenKeyEx" $reg; $LNK=$reg[4]
function SYM($1,$2){$b=[Text.Encoding]::Unicode.GetBytes("\Registry\User\$1");@($2,"SymbolicLinkValue",0,6,[byte[]]$b,$b.Length)}
F "RegSetValueEx" (SYM $(($key-split'\\')[1]) $LNK); $EXP="HKLM:\Software\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}"
$r="explorer"; if (!$cmd) {$cmd='C:\'}; $dir=test-path -lit ((($cmd -split '^("[^"]+")|^([^\s]+)') -ne'')[0].trim('"')) -type 1
if (!$dir) {$r="start `"$id`" /high /w"}; sp $EXP RunAs '' -force; start cmd -args ("/q/x/d/r title $id && $r",$cmd) -wait -win 1
do {sleep 7} while ((gwmi win32_process -filter 'name="explorer.exe"'|? {$_.getownersid().sid -eq "S-1-5-18"}))
F "RegSetValueEx" (SYM ".Default" $LNK); sp $EXP RunAs "Interactive User" -force } # lean and mean snippet by AveYo, 2018-2021
'@; $key="Registry::HKEY_USERS\$sid\Volatile Environment"; $a1="`$id='$id';`$key='$key';";$a2="`$cmd='$($cmd-replace"'","''")';`n"
sp $key $id $($a1,$a2,$code) -type 7 -force; $arg="$a1 `$env:A=(gi `$key).getvalue(`$id)-join'';rp `$key `$id -force; iex `$env:A"
$_PRESS_ENTER='^,^'; start powershell -args "-win 1 -nop -c $arg" -verb runas }; <#,#> RunAsTI $env:1; #:RunAsTI:

:reg_own #key [optional] all user owner access permission : call :reg_own "HKCU\My" "" S-1-5-32-544 "" Allow FullControl
powershell -nop -c $A='%~1','%~2','%~3','%~4','%~5','%~6';iex(([io.file]::ReadAllText('%~f0')-split':Own1\:.*')[1])&exit/b:Own1:
$D1=[uri].module.gettype('System.Diagnostics.Process')."GetM`ethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
$path=$A[0]; $rk=$path-split'\\',2; $HK=gi -lit Registry::$($rk[0]) -fo; $s=$A[1]; $sps=[Security.Principal.SecurityIdentifier]
$u=($A[2],'S-1-5-32-544')[!$A[2]];$o=($A[3],$u)[!$A[3]];$w=$u,$o |% {new-object $sps($_)}; $old=!$A[3];$own=!$old; $y=$s-eq'all'
$rar=new-object Security.AccessControl.RegistryAccessRule( $w[0], ($A[5],'FullControl')[!$A[5]], 1, 0, ($A[4],'Allow')[!$A[4]] )
$x=$s-eq'none';function Own1($k){$t=$HK.OpenSubKey($k,2,'TakeOwnership');if($t){0,4|%{try{$o=$t.GetAccessControl($_)}catch{$old=0}
};if($old){$own=1;$w[1]=$o.GetOwner($sps)};$o.SetOwner($w[0]);$t.SetAccessControl($o); $c=$HK.OpenSubKey($k,2,'ChangePermissions')
$p=$c.GetAccessControl(2);if($y){$p.SetAccessRuleProtection(1,1)};$p.ResetAccessRule($rar);if($x){$p.RemoveAccessRuleAll($rar)}
$c.SetAccessControl($p);if($own){$o.SetOwner($w[1]);$t.SetAccessControl($o)};if($s){$subkeys=$HK.OpenSubKey($k).GetSubKeyNames()
foreach($n in $subkeys){Own1 "$k\$n"}}}};Own1 $rk[1];if($env:VO){get-acl Registry::$path|fl} #:Own1: lean & mean snippet by AveYo
::-_-::
There's some mis-understanding here -- I DON'T WANT WD to be gone, I just want it to WORK - don't people understand SIMPLE PLAIN ENGLISH here any more.

This is the problem : WD won't open and says it needs another app !!! Surely people can understand what I posted. !!! It's not in 12th century Faroese or pre historic Sanscrit --surely.

Please @Master --tell me EXACTLY how I can turn off WD tamper protection if I can't get into WD in the first place !!!!!.

You might have all the skills on the planet in coding / obscure reg hacks or whatever --but please look at what the original problem actually consists of before providing answers.

Not wanting to be nasty -- there's enough of that around at the moment anyway - but I suggest a lot of failing problems that beset the world in general currently is that people are trying to give answers out before they've even understood the problem. Help is always appreciated but it needs to address the actual problem.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

Master

Member
Local time
9:40 AM
Posts
4
OS
Windows 11 22622 & Fedora
Thread:

Disable Windows Defender Completely.​

 

My Computer

System One

  • OS
    Windows 11 22622 & Fedora
    Computer type
    PC/Desktop
    CPU
    Intel I5 11600 k
    Motherboard
    Asrock Z590 Pro4
    Memory
    32GB
    Graphics Card(s)
    Intel UHD 750
    Sound Card
    Realtek
    Monitor(s) Displays
    Samsung SyncMaster LCD 32"
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 980 PRO 1TB
    ADATA SSD SX8200PNP 1TB
    ST1000DM010-2EP102 1TB
    WDC WD10EZEX-08WN4A0 1TB
    TOSHIBA HDWD130 3TB
    Internet Speed
    300/100
    Antivirus
    Kaspersky Standard

Latest Tutorials

Top Bottom