|
@ -1,7 +1,13 @@ |
|
|
# Description: |
|
|
# Description: |
|
|
# This script disables Windows Defender. |
|
|
# This script disables Windows Defender. Run it once (will throw errors), then |
|
|
|
|
|
# reboot, run it again (this time no errors should occur) followed by another |
|
|
|
|
|
# reboot. |
|
|
|
|
|
|
|
|
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1 |
|
|
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1 |
|
|
|
|
|
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1 |
|
|
|
|
|
|
|
|
|
|
|
echo "Elevating priviledges for this process" |
|
|
|
|
|
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege) |
|
|
|
|
|
|
|
|
$tasks = @( |
|
|
$tasks = @( |
|
|
"\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" |
|
|
"\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" |
|
@ -26,5 +32,14 @@ sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRout |
|
|
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" |
|
|
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" |
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 |
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 |
|
|
|
|
|
|
|
|
|
|
|
echo "Disabling Windows Defender Services" |
|
|
|
|
|
Takeown-Registry("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend") |
|
|
|
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "Start" 4 |
|
|
|
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "AutorunsDisabled" 3 |
|
|
|
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "Start" 4 |
|
|
|
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "AutorunsDisabled" 3 |
|
|
|
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "Start" 4 |
|
|
|
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "AutorunsDisabled" 3 |
|
|
|
|
|
|
|
|
echo "Removing Windows Defender context menu item" |
|
|
echo "Removing Windows Defender context menu item" |
|
|
si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" "" |
|
|
si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" "" |
|
|