# Description: # This script disables Windows Defender. Run it once (will throw errors), then # reboot, run it again (this time no errors should occur) followed by another # reboot. Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1 Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1 echo "Elevating priviledges for this process" do {} until (Elevate-Privileges SeTakeOwnershipPrivilege) $tasks = @( "\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" "\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" "\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" "\Microsoft\Windows\Windows Defender\Windows Defender Verification" ) foreach ($task in $tasks) { $parts = $task.split('\') $name = $parts[-1] $path = $parts[0..($parts.length-2)] -join '\' echo "Trying to disable scheduled task $name" Disable-ScheduledTask -TaskName "$name" -TaskPath "$path" } echo "Disabling Windows Defender via Group Policies" force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1 sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1 force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1 echo "Disabling Windows Defender Services" Takeown-Registry("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend") sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "Start" 4 sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "AutorunsDisabled" 3 sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "Start" 4 sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "AutorunsDisabled" 3 sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "Start" 4 sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "AutorunsDisabled" 3 echo "Removing Windows Defender context menu item" si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""