Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
141 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,141 @@ | ||
| @echo off | ||
| setlocal enabledelayedexpansion | ||
| title Windows Defender Control ^| github.com/dakotepc/windows-defender-control | ||
|
|
||
| IF "%PROCESSOR_ARCHITECTURE%" equ "amd64" ( | ||
| >nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system" | ||
| ) else ( | ||
| >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" | ||
| ) | ||
|
|
||
| if '%errorlevel%' neq '0' ( | ||
| echo ======= ERROR: ADMINISTRATOR PRIVILEGES REQUIRED ========= | ||
| echo This script must be run as administrator to work properly! | ||
| echo Click on the shortcut and select "Run As Administrator". | ||
| echo ========================================================== | ||
| goto GetUAC | ||
| ) else (goto gotAdmin) | ||
|
|
||
| :GetUAC | ||
| echo Getting administrator rights... | ||
| echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" | ||
| set params= %* | ||
| echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params:"=""%", "", "runas", 1 >> "%temp%\getadmin.vbs" | ||
| "%temp%\getadmin.vbs" | ||
| del "%temp%\getadmin.vbs" | ||
| exit /b 0 | ||
|
|
||
| :gotAdmin | ||
| pushd "%cd%" | ||
| cd /d "%~dp0" | ||
|
|
||
| goto Menu | ||
|
|
||
| :Menu | ||
| cls | ||
| for /f "tokens=2*" %%A in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v Start ^| find "Start"') do ( | ||
| set "value=%%B" | ||
| ) | ||
| if "%value%"=="0x0" ( | ||
| echo ======= STATUS: WINDOWS DEFENDER IS CURRENTLY DISABLED ========= | ||
| ) else ( | ||
| echo ======= STATUS: WINDOWS DEFENDER IS CURRENTLY ENABLED ========== | ||
| ) | ||
| echo. | ||
| echo [^>] Welcome to Windows Defender Control, %username%. | ||
| echo. | ||
| echo [1] Enable Windows Defender | ||
| echo. | ||
| echo [2] Disable Windows Defender | ||
| echo. | ||
| echo ================================================================ | ||
| echo. | ||
| set /p input= [X] Your option ^> | ||
| if /i %input% == 1 goto EnableWD | ||
| if /i %input% == 2 goto DisableWD | ||
| ) ELSE ( | ||
| goto Menu | ||
|
|
||
| :EnableWD | ||
| cls | ||
| echo ======= ENABLING: ATTEMPING TO ENABLE WINDOWS DEFENDER ========= | ||
| echo Windows Defender is enabling... | ||
| echo ========================================================== | ||
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | ||
| reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "\"%windir%\system32\SecurityHealthSystray.exe\"" /f | ||
| reg add "HKLM\Software\Classes\*\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f | ||
| reg add "HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f | ||
| reg add "HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\BFE" /v "Start" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "1" /f | ||
|
|
||
| schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Enable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Enable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Enable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Enable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Enable | ||
|
|
||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "0" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "1" /f | ||
| echo ======= SUCCESS: WINDOWS DEFENDER ========= | ||
| echo Windows Defender successfull enabled! | ||
| echo =========================================== | ||
| timeout 3 > nul | ||
| goto Menu | ||
|
|
||
| :DisableWD | ||
| cls | ||
| echo ======= DISABLING: ATTEMPING TO DISABLE WINDOWS DEFENDER ========= | ||
| echo Windows Defender is disabling... | ||
| echo ================================================================== | ||
| reg add "HKLM\Software\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d "1" /f | ||
| reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f | ||
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f | ||
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f | ||
| reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f | ||
| reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f | ||
|
|
||
| schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable | ||
| schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable | ||
|
|
||
| reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f | ||
| reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f | ||
| reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f | ||
| reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f | ||
| reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f | ||
| reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f | ||
| echo ======= SUCCESS: WINDOWS DEFENDER ========= | ||
| echo Windows Defender successfull disabled! | ||
| echo =========================================== | ||
| timeout 3 > nul | ||
| goto Menu |