You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
2.3 KiB
48 lines
2.3 KiB
# Description:
|
|
# This script disables Windows Defender. Run it once (will throw errors), then
|
|
# reboot, run it again (this time no errors should occur) followed by another
|
|
# reboot.
|
|
|
|
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\force-mkdir.psm1
|
|
Import-Module -DisableNameChecking $PSScriptRoot\..\lib\take-own.psm1
|
|
|
|
echo "Elevating priviledges for this process"
|
|
do {} until (Elevate-Privileges SeTakeOwnershipPrivilege)
|
|
|
|
$tasks = @(
|
|
"\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
|
|
"\Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
|
|
"\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
|
|
"\Microsoft\Windows\Windows Defender\Windows Defender Verification"
|
|
)
|
|
|
|
foreach ($task in $tasks) {
|
|
$parts = $task.split('\')
|
|
$name = $parts[-1]
|
|
$path = $parts[0..($parts.length-2)] -join '\'
|
|
|
|
echo "Trying to disable scheduled task $name"
|
|
Disable-ScheduledTask -TaskName "$name" -TaskPath "$path"
|
|
}
|
|
|
|
echo "Disabling Windows Defender via Group Policies"
|
|
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender"
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender" "DisableRoutinelyTakingAction" 1
|
|
force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection"
|
|
sp "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection" "DisableRealtimeMonitoring" 1
|
|
|
|
echo "Disabling Windows Defender Services"
|
|
Takeown-Registry("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend")
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "Start" 4
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WinDefend" "AutorunsDisabled" 3
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "Start" 4
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\WdNisSvc" "AutorunsDisabled" 3
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "Start" 4
|
|
sp "HKLM:\SYSTEM\CurrentControlSet\Services\Sense" "AutorunsDisabled" 3
|
|
|
|
echo "Removing Windows Defender context menu item"
|
|
si "HKLM:\SOFTWARE\Classes\CLSID\{09A47860-11B0-4DA5-AFA5-26D86198A780}\InprocServer32" ""
|
|
|
|
echo "Removing Windows Defender GUI / tray from autorun"
|
|
rp "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "WindowsDefender" -ea 0
|
|
|