diff --git a/README.md b/README.md index e59a782..e50138f 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ Unblock PowerShell scripts and modules within this directory: 2. Edit the scripts to fit your need. 3. Run the scripts 4. `PS > Restart-Computer` +5. Run `disable-windows-defender.ps1` one more time. +6. `PS > Restart-Computer` ## Startmenu diff --git a/scripts/disable-windows-defender.ps1 b/scripts/disable-windows-defender.ps1 index ac38d6b..004cb94 100644 --- a/scripts/disable-windows-defender.ps1 +++ b/scripts/disable-windows-defender.ps1 @@ -1,7 +1,13 @@ # Description: -# This script disables Windows Defender. +# This script disables Windows Defender. Run it once (will throw errors), then +# reboot, run it again (this time no errors should occur) followed by another +# reboot. Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1 +Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1 + +echo "Elevating priviledges for this process" +do {} until (Elevate-Privileges SeTakeOwnershipPrivilege) $tasks = @( "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" @@ -26,5 +32,14 @@ sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRout force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 +echo "Disabling Windows Defender Services" +Takeown-Registry("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend") +sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "Start" 4 +sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "AutorunsDisabled" 3 +sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "Start" 4 +sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "AutorunsDisabled" 3 +sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "Start" 4 +sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "AutorunsDisabled" 3 + echo "Removing Windows Defender context menu item" si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""