彻底卸载WIN10杀毒软件Windows Defender的批处理,来自GitHub

如果你想禁用 Windows Defender（比如运行于虚拟机中的WIN10）以提高响应速度，降低音频延迟，可以用此批处理，来自GitHub。

注意：Windows Defender会报告脚本有威胁，需要预先将其关闭，再管理员权限运行代码并重启。

脚本会禁用Windows Defender相关服务，WIN10右下角也没有红X图标，彻底卸载。

关闭Windows Defender.bat

@echo OFF
        ECHO.
        ECHO Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.
        ECHO This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,
        pause
        ECHO Disabling Windows Defender - restart required to see change:
        REM from: https://pastebin.com/kYCVzZPz
        REM Disable Tamper Protection First - on WIn10 vers which allow for this (not from 2004 onwards)
        reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
        REM To disable System Guard Runtime Monitor Broker
        REM reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
        REM To disable Windows Defender Security Center include this
        REM reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
        REM 1 - Disable Real-time protection
        reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
        reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
        REM 0 - Disable Logging
        reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
        reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
        REM Disable WD Tasks
        schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
        schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
        schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
        schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
        schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
        REM Disable WD systray icon
        reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
        reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
        REM Remove WD context menu
        reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
        reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
        reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
        REM Disable WD services
        reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
        reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
        reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
        reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
        reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
        REM Disable Security system tray icon
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
        ECHO Windows Defender has (hopefully) been disabled. Please restart your computer to see the change.

rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://docs.microsoft.com/en-us ... rence?view=win10-ps
rem https://docs.microsoft.com/en-us ... -exploit-protection
rem https://github.com/AndyFul/ConfigureDefender
rem https://github.com/AndyFul/Hard_Configurator
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "\"%windir%\system32\SecurityHealthSystray.exe\"" /f
rem Restore WD shell
reg add "HKLM\Software\Classes\*\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
reg add "HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
reg add "HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
rem Enable WD services
reg add "HKLM\System\CurrentControlSet\Services\BFE" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "2" /f
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f
rem 1 - Enable Logging
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "1" /f
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "1" /f
rem Enable WD Tasks
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Enable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Enable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Enable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Enable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Enable
rem CloudExtendedTimeout / 1 - 50 / block a suspicious file for up to 60 seconds (Default is 10)
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "0" /f
rem CloudBlockLevel / 0 - Default / 2 - High / 4 - High+ / 6 - Zero tolerance (block all unknown executables)
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d "0" /f
rem 1 - Potentially Unwanted Application protection (PUP) is enabled, the applications with unwanted behavior will be blocked at download and install-time
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f
rem Block at First Sight / 0 - Enable / 1 - Disable
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "0" /f
rem Cloud-based Protection / 0 - Disable / 1 - Basic / 2 - Advanced
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "1" /f
rem Send file samples when further analysis is required / 0 - Always prompt / 1 - Send safe samples automatically / 2 - Never send / 3 - Send all samples automatically
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "1" /f
rem To prevent WD using too much CPU, add this file to the exclusion list:
rem C:\Program Files\Windows Defender\MsMpEng.exe
reg add "HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files\Windows Defender\MsMpEng.exe" /t REG_DWORD /d "0" /f
shutdown /r

彻底卸载WIN10杀毒软件Windows Defender的批处理,来自GitHub

继续阅读

localstack 1.0 ga 了

Windows 命令行基础(转载同学的)

ASP编程经典例子

转：2008年微软Windows硬件工程(WinHEC)大会

解决方案之：DM relay 处理单元报错

ASP编程中20个非常有用的例子

用 Canvas 编织璀璨星空图

《2020失业潮，普通人能否出奇制胜？》笔记

20/20: Top 20 Programming Lessons I've Learned in 20 Years

20条编程经验

【观点】风雨20年：我所积累的20条编程经验【观点】风雨20年：我所积累的20条编程经验

【转载】风雨20年：我所积累的20条编程经验

部署.net平台的应用程序

在一个非套接字上尝试了一个操作

设置某一行背景颜色的CListCtrl

开源按键组件Multi_Button的使用,含测试工程