From 6eb7b1e4aaa22797f9d94c4a57924a179746a76a Mon Sep 17 00:00:00 2001 From: Dakote <112208867+dakotepc@users.noreply.github.com> Date: Fri, 26 Jan 2024 12:14:31 +0100 Subject: [PATCH] Add files via upload --- WDC.bat | 141 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 WDC.bat diff --git a/WDC.bat b/WDC.bat new file mode 100644 index 0000000..ab48249 --- /dev/null +++ b/WDC.bat @@ -0,0 +1,141 @@ +@echo off +setlocal enabledelayedexpansion +title Windows Defender Control ^| github.com/dakotepc/windows-defender-control + +IF "%PROCESSOR_ARCHITECTURE%" equ "amd64" ( +>nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system" +) else ( +>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" +) + +if '%errorlevel%' neq '0' ( + echo ======= ERROR: ADMINISTRATOR PRIVILEGES REQUIRED ========= + echo This script must be run as administrator to work properly! + echo Click on the shortcut and select "Run As Administrator". + echo ========================================================== + goto GetUAC +) else (goto gotAdmin) + +:GetUAC + echo Getting administrator rights... + echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" + set params= %* + echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params:"=""%", "", "runas", 1 >> "%temp%\getadmin.vbs" + "%temp%\getadmin.vbs" + del "%temp%\getadmin.vbs" + exit /b 0 + +:gotAdmin + pushd "%cd%" + cd /d "%~dp0" + +goto Menu + +:Menu +cls +for /f "tokens=2*" %%A in ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v Start ^| find "Start"') do ( + set "value=%%B" +) +if "%value%"=="0x0" ( + echo ======= STATUS: WINDOWS DEFENDER IS CURRENTLY DISABLED ========= +) else ( + echo ======= STATUS: WINDOWS DEFENDER IS CURRENTLY ENABLED ========== +) +echo. +echo [^>] Welcome to Windows Defender Control, %username%. +echo. +echo [1] Enable Windows Defender +echo. +echo [2] Disable Windows Defender +echo. +echo ================================================================ +echo. +set /p input= [X] Your option ^> +if /i %input% == 1 goto EnableWD +if /i %input% == 2 goto DisableWD +) ELSE ( +goto Menu + +:EnableWD +cls +echo ======= ENABLING: ATTEMPING TO ENABLE WINDOWS DEFENDER ========= +echo Windows Defender is enabling... +echo ========================================================== +reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f +reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "\"%windir%\system32\SecurityHealthSystray.exe\"" /f +reg add "HKLM\Software\Classes\*\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f +reg add "HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f +reg add "HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f +reg add "HKLM\System\CurrentControlSet\Services\BFE" /v "Start" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "1" /f +reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "1" /f + +schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Enable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Enable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Enable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Enable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Enable + +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "1" /f +echo ======= SUCCESS: WINDOWS DEFENDER ========= +echo Windows Defender successfull enabled! +echo =========================================== +timeout 3 > nul +goto Menu + +:DisableWD +cls +echo ======= DISABLING: ATTEMPING TO DISABLE WINDOWS DEFENDER ========= +echo Windows Defender is disabling... +echo ================================================================== +reg add "HKLM\Software\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications " /t REG_DWORD /d "1" /f +reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f +reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f +reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f +reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f +reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f + +schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable +schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable + +reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f +reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f +reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f +reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f +reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f +reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f +reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f +echo ======= SUCCESS: WINDOWS DEFENDER ========= +echo Windows Defender successfull disabled! +echo =========================================== +timeout 3 > nul +goto Menu