├── .github └── ISSUE_TEMPLATE │ └── defender-remover-issue-report.md ├── @Management └── RegistryUnifier.ps1 ├── LICENSE ├── PowerRun.exe ├── PowerRun.ini ├── README.md ├── RemoveSecHealthApp.ps1 ├── Remove_Defender └── RemoveDefender.reg ├── Remove_SecurityComp └── Remove_SecurityComp.reg ├── Remove_SecurityComp_moduled ├── DisableDevDriveProtection.reg ├── DisableLSAProtection.reg ├── DisableMaintenanceTaskreportinginSecurityHealthUI.reg ├── DisableMicrosoftVulnerabileDriverBlocklist.reg ├── DisableSmartScreen.reg ├── DisableSpyNetTelemetry.reg ├── DisableSystemMitigations.reg ├── DisableTamperProtection.reg ├── DisableUAC.reg ├── DisableVBS.reg ├── ExploitGuard_d.reg ├── MitigationofFaultTorelantHeap.reg ├── RemovalofAnti-PhishingServices.reg ├── Remove and Disable Microsoft Pluton.reg ├── RemoveSecurityandMaintenance.reg └── RemoveWindowsDefenderFirewallRules.reg ├── Remove_defender_moduled ├── DisableAntivirusProtection.reg ├── DisableDefenderPolicies.reg ├── DisableDefenderandSecurityCenterNotifications.reg ├── NomoreDelayandTimeouts.reg ├── RemovalofWindowsDefenderAntivirus.reg ├── RemoveDefenderTasks.reg ├── RemoveServices.reg ├── RemoveShellAssociation.reg ├── RemoveSignatureUpdates.reg ├── RemoveStartupEntries.reg ├── RemoveWindowsWebThreat.reg ├── RemoverofDefenderContextMenu.reg └── WindowsSettingsPageVisibility.reg ├── Script_Run.bat └── app_icon.ico /.github/ISSUE_TEMPLATE/defender-remover-issue-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Defender Remover Issue Report 3 | about: Describe the problem there 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | ## *What* affects the bug ? 11 | 12 | 13 | ## *When* does this occur? 14 | 15 | 16 | ## *In which* version of Windows does this issue happen ? Write version complete. 17 | 18 | 19 | 20 | ## *How* do we replicate the issue? 21 | 22 | 23 | 24 | ## Expected behavior (if you have any solution write here.) 25 | 26 | 27 | 28 | ## Other Comments 29 | -------------------------------------------------------------------------------- /@Management/RegistryUnifier.ps1: -------------------------------------------------------------------------------- 1 | # Define the folder containing the .reg files and the output file 2 | $sourceFolder = "../Remove_defender_moduled" # Modify this with your source folder path 3 | $outputFile = "../Output.reg" # Specify the output file path 4 | 5 | $combinedContent = @() 6 | $combinedContent += "Windows Registry Editor Version 5.00" 7 | $regFiles = Get-ChildItem -Path $sourceFolder -Recurse -Filter "*.reg" 8 | 9 | foreach ($file in $regFiles) { 10 | $content = Get-Content -Path $file.FullName 11 | $combinedContent += "; File: $($file.FullName)" 12 | $combinedContent += $content[1..($content.Length - 1)] 13 | } 14 | $combinedContent | Set-Content -Path $outputFile -Encoding UTF8 15 | 16 | Write-Host "Combined registry file created at: $outputFile" 17 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This work is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. 2 | -------------------------------------------------------------------------------- /PowerRun.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionuttbara/windows-defender-remover/efa67724aa3b0c414f221b1fef8f8669b622f7f2/PowerRun.exe -------------------------------------------------------------------------------- /PowerRun.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionuttbara/windows-defender-remover/efa67724aa3b0c414f221b1fef8f8669b622f7f2/PowerRun.ini -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ❌️ Defender Remover / Defender Disabler 2 | 3 | 4 | 5 | 6 | Defender Remover 7 | 8 | 9 | 10 | ## ❓️ What does the app do? 11 | 12 | This application removes / disables Windows Defender, including the Windows Security App, Windows Virtualization-Based Security (VBS), Windows SmartScreen, Windows Security Services, Windows Web-Threat Service, Windows File Virtualization (UAC), Microsoft Defender App Guard, Microsoft Driver Block List, System Mitigations and the Windows Defender page in the Settings App on Windows 10 or later. 13 | 14 | 15 | ## ❓️ What components are removing? 16 | 17 | ### Removing Security Components 18 | This script removes/disables following security components: 19 | - support for Windows Security Center including Windows Security Center Service (wscsvc), Windows Security Service (SgrmBroker, Sgrm Drivers) which are needed to run Windows Security App. 20 | - virtualization support. 21 | - Hypervisor startup (this fixes disablation of Virtualization Based Security, this will auto enable if you use Hyper-V and/or WSL (Windows Subsystem for Linux), WSA (Windows Subsystem for Android)) 22 | - LUA (disables File Virtualization and User Account Control, which will run all apps as administrator priviliges (also fixes old app errors)) 23 | - Exploit Guard (something about Exploits) 24 | - Windows Smart Control 25 | - Tamper Protection (for Windows 11 21H2 or earlier) 26 | - SecHealthUI (Windows Security UWP App) 27 | - SmartScreen 28 | - Pluton Support and Pluton Services Support 29 | - System Mitigations 30 | - "Services Mitigations" (search on admx.help for more informations, its policy) 31 | - Spectre and Meltdown Mitigation (for get +30% performance on old Intel CPUs) 32 | - Windows Security Section from Settings App. 33 | 34 | ### Removing Antivirus Components 35 | This script forcily removes following antivirus components: 36 | - Windows Defender Definition Update List (this will disable updating definitions of Defender because its removed) 37 | - Windows Defender SpyNet Telemetry 38 | - Antivirus Service 39 | - Windows Defender Antivirus filter and windows defender rootkit scanner drivers 40 | - Antivirus Scanning Tasks 41 | - Shell Associations (Context Menu) 42 | - Hides Antivirus Protection section from Windows Security App. 43 | 44 | ## 📃 Instructions 45 | 46 | > [!NOTE] 47 | > A system restore point is recommended before you run the script. (if you don't know what are you doing) 48 | 49 | 1. Download the packed script from [Releases](https://github.com/ionuttbara/windows-defender-remover/releases) 50 | 2. Run the ".exe" as administrator 51 | 3. Follow the instructions displayed 52 | 53 | OR 54 | 55 | you can use git 56 | 57 | ``` 58 | git clone https://github.com/ionuttbara/windows-defender-remover.git 59 | cd windows-defender-remover 60 | Script_Run.bat 61 | ``` 62 | 63 | 64 | OR 65 | 66 | you can use download entire source code 67 | 1. Download the source code from [Releases](https://github.com/jbara2002/windows-defender-remover/releases). 68 | 2. Choose the file **Source Code(.zip)** from last version and download it. 69 | 3. Unarchive the file into a folder and run the Script_Run.bat. 70 | 71 | ![cli](https://github.com/drunkwinter/windows-defender-remover/assets/38593134/46007191-0a65-43c2-b451-a993ff90e00e) 72 | 73 | You can file an [issue](https://github.com/ionuttbara/windows-defender-remover/issues) if you experience any problems. 74 | 75 | ## 📃 Automation of the script 76 | 77 | You can remove Defender with arguments. 78 | 79 | #### Removing 80 | 81 | ```PowerShell 82 | # Removal 83 | Defender.Remover.exe /r <# or /R #> 84 | ``` 85 | 86 | 87 | ## Disable or Remove Windows Defender *Application Guard Policies* (advanced) 88 | 89 | If you have any problems when opening an app (*extremely rare*) and get the message "The app can not run because Device Guard" or "Windows Defender Application Guard Blocked this app", you have to remove 4 files with the same name, from different locations. 90 | 91 | 92 | - In EFI Partition 93 | 94 | ```PowerShell 95 | Remove-Item -LiteralPath "$((Get-Partition | ? IsSystem).AccessPaths[0])Microsoft\Boot\WiSiPolicy.p7b" 96 | ``` 97 | 98 | - In Code Integrity Folder 99 | 100 | ```PowerShell 101 | Remove-Item -LiteralPath "$env:windir\System32\CodeIntegrity\WiSiPolicy.p7b" 102 | ``` 103 | 104 | - In Windows Folder 105 | 106 | ```PowerShell 107 | Remove-Item -LiteralPath "$env:windir\Boot\EFI\wisipolicy.p7b" 108 | ``` 109 | 110 | - In WinSxS Folder 111 | 112 | ```PowerShell 113 | Remove-Item -Path "$env:windir\WinSxS" -Include *winsipolicy.p7b* -Recurse 114 | ``` 115 | 116 | ## Creating an ISO with Windows Defender and Services disabled 117 | 118 | You can create an ISO with Windoows Defender and Security Services Disabled. It's easy, so this is a fiie which it can helps you. 119 | Here are the rules: 120 | 1. Mount the ISO and extract it into location. 121 | 2. Open the **sources** folder and create the **$OEM$** folder. (this is needed to run the DefenderRemover part in OOBE). 122 | 3. Open the **$OEM$** folder and create the folder with **$$** name. 123 | 4. Open the **$$** folder and create the folder with **Panther** name. 124 | 5. Open the **Panther** folder. 125 | The path it shown like to 126 | **%location of extracted ISO%\sources\$OEM$\$$\Panther\** 127 | 6. Download the unnatended.xml file from repo in ISO_Maker folder and put it in Panther folder. 128 | 7. Save this as bootable ISO. (for now the script can't do this automaticly, but it will do in next version). 129 | 130 | 131 | ## ❓ Frequently Asked Questions 132 | #### ⭕ How to remove Windows Security Center / Windows SecurityApp from PC without downloading Script? 133 | Paste this code into a powershell file and after **Run as Administrator**. 134 | ``` 135 | $remove_appx = @("SecHealthUI"); $provisioned = get-appxprovisionedpackage -online; $appxpackage = get-appxpackage -allusers; $eol = @() 136 | $store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore' 137 | $users = @('S-1-5-18'); if (test-path $store) {$users += $((dir $store -ea 0 |where {$_ -like '*S-1-5-21*'}).PSChildName)} 138 | foreach ($choice in $remove_appx) { if ('' -eq $choice.Trim()) {continue} 139 | foreach ($appx in $($provisioned |where {$_.PackageName -like "*$choice*"})) { 140 | $next = !1; foreach ($no in $skip) {if ($appx.PackageName -like "*$no*") {$next = !0}} ; if ($next) {continue} 141 | $PackageName = $appx.PackageName; $PackageFamilyName = ($appxpackage |where {$_.Name -eq $appx.DisplayName}).PackageFamilyName 142 | ni "$store\Deprovisioned\$PackageFamilyName" -force >''; $PackageFamilyName 143 | foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$PackageName" -force >''} ; $eol += $PackageName 144 | dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >'' 145 | remove-appxprovisionedpackage -packagename $PackageName -online -allusers >'' 146 | } 147 | foreach ($appx in $($appxpackage |where {$_.PackageFullName -like "*$choice*"})) { 148 | $next = !1; foreach ($no in $skip) {if ($appx.PackageFullName -like "*$no*") {$next = !0}} ; if ($next) {continue} 149 | $PackageFullName = $appx.PackageFullName; 150 | ni "$store\Deprovisioned\$appx.PackageFamilyName" -force >''; $PackageFullName 151 | foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$PackageFullName" -force >''} ; $eol += $PackageFullName 152 | dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >'' 153 | remove-appxpackage -package $PackageFullName -allusers >'' 154 | } 155 | } 156 | ``` 157 | 158 | #### ⭕ Why is the downloaded executable being flagged as a virus? 159 | 160 | That is a false positive. 161 | 162 | Some security apps flag this app as a virus because of the way the ".exe" files are created. Download with **git** or source code .zip will indicate virus-free. 163 | Starting with Defender 12.6.x , some versions are considered as virus, some are not (its a bug from me, so do not file for this). 164 | 165 | #### ⭕ Why is the patch not working when Windows is updated? 166 | 167 | Windows Update includes a ```Intelligence Update``` which blocks certain actions and modifies Windows Defender/Security policies. 168 | If the script is not working for you, check if you have the Windows Security Intelligence Update installed. If you do, disable tamper protection, and re-run the script. 169 | 170 | #### ⭕ How to use the package remover without downloading the executable from the release? 171 | 172 | Run the desired ".bat" file from cmd with PowerRun (by dragging to the executable). You must reboot for the changes to take effect. 173 | 174 | #### ⭕ How to disable VBS if the removal script does not work 175 | 176 | Disable with this command and reboot. 177 | 178 | ``` 179 | bcdedit /set hypervisorlaunchtype off 180 | ``` 181 | -------------------------------------------------------------------------------- /RemoveSecHealthApp.ps1: -------------------------------------------------------------------------------- 1 | $remove_appx = @("SecHealthUI"); $provisioned = get-appxprovisionedpackage -online; $appxpackage = get-appxpackage -allusers; $eol = @() 2 | $store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore' 3 | $users = @('S-1-5-18'); if (test-path $store) {$users += $((dir $store -ea 0 |where {$_ -like '*S-1-5-21*'}).PSChildName)} 4 | foreach ($choice in $remove_appx) { if ('' -eq $choice.Trim()) {continue} 5 | foreach ($appx in $($provisioned |where {$_.PackageName -like "*$choice*"})) { 6 | $next = !1; foreach ($no in $skip) {if ($appx.PackageName -like "*$no*") {$next = !0}} ; if ($next) {continue} 7 | $PackageName = $appx.PackageName; $PackageFamilyName = ($appxpackage |where {$_.Name -eq $appx.DisplayName}).PackageFamilyName 8 | ni "$store\Deprovisioned\$PackageFamilyName" -force >''; $PackageFamilyName 9 | foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$PackageName" -force >''} ; $eol += $PackageName 10 | dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >'' 11 | remove-appxprovisionedpackage -packagename $PackageName -online -allusers >'' 12 | } 13 | foreach ($appx in $($appxpackage |where {$_.PackageFullName -like "*$choice*"})) { 14 | $next = !1; foreach ($no in $skip) {if ($appx.PackageFullName -like "*$no*") {$next = !0}} ; if ($next) {continue} 15 | $PackageFullName = $appx.PackageFullName; 16 | ni "$store\Deprovisioned\$appx.PackageFamilyName" -force >''; $PackageFullName 17 | foreach ($sid in $users) {ni "$store\EndOfLife\$sid\$PackageFullName" -force >''} ; $eol += $PackageFullName 18 | dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >'' 19 | remove-appxpackage -package $PackageFullName -allusers >'' 20 | } 21 | } -------------------------------------------------------------------------------- /Remove_Defender/RemoveDefender.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\DisableAntivirusProtection.reg 3 | 4 | ; disabling Antivirus 5 | 6 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] 7 | "DisableRoutinelyTakingAction"=dword:00000001 8 | "ServiceKeepAlive"=dword:00000000 9 | "AllowFastServiceStartup"=dword:00000000 10 | "DisableLocalAdminMerge"=dword:00000001 11 | 12 | ; disable overwriting real time protection settings 13 | 14 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] 15 | "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 16 | "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 17 | "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 18 | "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 19 | "LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000 20 | "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 21 | "DisableIOAVProtection"=dword:00000001 22 | "DisableRealtimeMonitoring"=dword:00000001 23 | "DisableBehaviorMonitoring"=dword:00000001 24 | "DisableOnAccessProtection"=dword:00000001 25 | "DisableScanOnRealtimeEnable"=dword:00000001 26 | "RealtimeScanDirection"=dword:00000002 27 | "DisableInformationProtectionControl"=dword:00000001 28 | "DisableIntrusionPreventionSystem"=dword:00000001 29 | "DisableRawWriteNotification"=dword:00000001 30 | 31 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring] 32 | "value"=dword:00000000 33 | 34 | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender] 35 | "DisableRoutinelyTakingAction"=dword:00000001 36 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\DisableDefenderandSecurityCenterNotifications.reg 37 | 38 | ; Disable Windows Defender Security Center Notifications 39 | 40 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableEnhancedNotifications] 41 | "value"=dword:00000001 42 | 43 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableNotifications] 44 | "value"=dword:00000001 45 | 46 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideWindowsSecurityNotificationAreaControl] 47 | "value"=dword:00000001 48 | 49 | ; Disable Windows Security Center Notifications 50 | 51 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 52 | 53 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 54 | "FirstRunDisabled"=dword:00000001 55 | "AntiVirusOverride"=dword:00000001 56 | "FirewallOverride"=dword:00000001 57 | 58 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications] 59 | "DisableEnhancedNotifications"=dword:00000001 60 | "DisableNotifications"=dword:00000001 61 | 62 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance] 63 | "Enabled"=dword:00000000 64 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\DisableDefenderPolicies.reg 65 | 66 | ; Enforce Disabling of Windows Defender Antivirus Policy 67 | 68 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection] 69 | "value"=dword:00000000 70 | 71 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] 72 | "PUAProtection"=dword:00000000 73 | "DisableRoutinelyTakingAction"=dword:00000001 74 | "ServiceKeepAlive"=dword:00000000 75 | "AllowFastServiceStartup"=dword:00000000 76 | "DisableLocalAdminMerge"=dword:00000001 77 | "DisableAntiSpyware"=dword:00000001 78 | "RandomizeScheduleTaskTimes"=dword:00000000 79 | 80 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning] 81 | "value"=dword:00000000 82 | 83 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring] 84 | "value"=dword:00000000 85 | 86 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection] 87 | "value"=dword:00000000 88 | 89 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning] 90 | "value"=dword:00000000 91 | 92 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives] 93 | "value"=dword:00000000 94 | 95 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning] 96 | "value"=dword:00000000 97 | 98 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem] 99 | "value"=dword:00000000 100 | 101 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection] 102 | "value"=dword:00000000 103 | 104 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring] 105 | "value"=dword:00000000 106 | 107 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles] 108 | "value"=dword:00000000 109 | 110 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning] 111 | "value"=dword:00000001 112 | 113 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess] 114 | "value"=dword:00000000 115 | 116 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor] 117 | "value"=dword:00000032 118 | 119 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan] 120 | "value"=dword:00000000 121 | 122 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudBlockLevel] 123 | "value"=dword:00000000 124 | 125 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudExtendedTimeout] 126 | "value"=dword:00000000 127 | 128 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware] 129 | "value"=dword:00000000 130 | 131 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan] 132 | "value"=dword:00000001 133 | 134 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan] 135 | "value"=dword:00000001 136 | 137 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess] 138 | "value"=dword:00000000 139 | 140 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority] 141 | "value"=dword:00000001 142 | 143 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection] 144 | "value"=dword:00000000 145 | 146 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\PUAProtection] 147 | "value"=dword:00000000 148 | 149 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection] 150 | "value"=dword:00000000 151 | 152 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter] 153 | "value"=dword:00000002 154 | 155 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay] 156 | "value"=dword:00000000 157 | 158 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanTime] 159 | "value"=dword:00000000 160 | 161 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval] 162 | "value"=dword:00000018 163 | 164 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent] 165 | "value"=dword:00000000 166 | 167 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions] 168 | "DisableAutoExclusions"=dword:00000001 169 | 170 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine] 171 | "MpEnablePus"=dword:00000000 172 | "MpCloudBlockLevel"=dword:00000000 173 | "MpBafsExtendedTimeout"=dword:00000000 174 | "EnableFileHashComputation"=dword:00000000 175 | 176 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS] 177 | "ThrottleDetectionEventsRate"=dword:00000000 178 | "DisableSignatureRetirement"=dword:00000001 179 | "DisableProtocolRecognition"=dword:00000001 180 | 181 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager] 182 | "DisableScanningNetworkFiles"=dword:00000001 183 | 184 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] 185 | "DisableRealtimeMonitoring"=dword:00000001 186 | "DisableBehaviorMonitoring"=dword:00000001 187 | "DisableOnAccessProtection"=dword:00000001 188 | "DisableScanOnRealtimeEnable"=dword:00000001 189 | "DisableIOAVProtection"=dword:00000001 190 | "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 191 | "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 192 | "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 193 | "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 194 | "LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000 195 | "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 196 | "RealtimeScanDirection"=dword:00000002 197 | "IOAVMaxSize"=dword:00000512 198 | "DisableInformationProtectionControl"=dword:00000001 199 | "DisableIntrusionPreventionSystem"=dword:00000001 200 | "DisableRawWriteNotification"=dword:00000001 201 | 202 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan] 203 | "LowCpuPriority"=dword:00000001 204 | "DisableRestorePoint"=dword:00000001 205 | "DisableArchiveScanning"=dword:00000000 206 | "DisableScanningNetworkFiles"=dword:00000000 207 | "DisableCatchupFullScan"=dword:00000000 208 | "DisableCatchupQuickScan"=dword:00000001 209 | "DisableEmailScanning"=dword:00000000 210 | "DisableHeuristics"=dword:00000001 211 | "DisableReparsePointScanning"=dword:00000001 212 | 213 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] 214 | "SignatureDisableNotification"=dword:00000001 215 | "RealtimeSignatureDelivery"=dword:00000000 216 | "ForceUpdateFromMU"=dword:00000000 217 | "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 218 | "UpdateOnStartUp"=dword:00000000 219 | "SignatureUpdateCatchupInterval"=dword:00000002 220 | "DisableUpdateOnStartupWithoutEngine"=dword:00000001 221 | "ScheduleTime"=dword:00001440 222 | "DisableScanOnUpdate"=dword:00000001 223 | 224 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] 225 | "DisableBlockAtFirstSeen"=dword:00000001 226 | "LocalSettingOverrideSpynetReporting"=dword:00000000 227 | "SpynetReporting"=dword:00000000 228 | "SubmitSamplesConsent"=dword:00000002 229 | 230 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration] 231 | "SuppressRebootNotification"=dword:00000001 232 | 233 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access] 234 | "EnableControlledFolderAccess"=dword:00000000 235 | 236 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] 237 | "EnableNetworkProtection"=dword:00000000 238 | 239 | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender] 240 | "DisableRoutinelyTakingAction"=dword:00000001 241 | 242 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware] 243 | "ServiceKeepAlive"=dword:00000000 244 | "AllowFastServiceStartup"=dword:00000000 245 | "DisableRoutinelyTakingAction"=dword:00000001 246 | "DisableAntiSpyware"=dword:00000001 247 | "DisableAntiVirus"=dword:00000001 248 | 249 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet] 250 | "SpyNetReporting"=dword:00000000 251 | "LocalSettingOverrideSpyNetReporting"=dword:00000000 252 | 253 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting] 254 | "DisableEnhancedNotifications"=dword:00000001 255 | "DisableGenericRePorts"=dword:00000001 256 | "WppTracingLevel"=dword:00000000 257 | "WppTracingComponents"=dword:00000000 258 | 259 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy] 260 | "VerifiedAndReputablePolicyState"=dword:00000000 261 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\NomoreDelayandTimeouts.reg 262 | 263 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 264 | "VerboseStatus"=dword:00000000 265 | 266 | [HKEY_CURRENT_USER\Control Panel\Desktop] 267 | "AutoEndTasks"="1" 268 | "MenuShowDelay"="1" 269 | "ForegroundLockTimeout"=dword:00000000 270 | "WaitToKillAppTimeout"="1" 271 | "WaitToKillServiceTimeout"=dword:00000001 272 | "HungAppTimeout"="1000" 273 | "LowLevelHooksTimeout"=dword:00000001 274 | 275 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] 276 | "WaitToKillServiceTimeout"="1" 277 | "DisableRemoteScmEndpoints"dword:00000000 278 | "ServicesPipeTimeout"=dword:00240000 279 | 280 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] 281 | "ThumbnailLivePreviewHoverTime"=dword:00000001 282 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemovalofWindowsDefenderAntivirus.reg 283 | 284 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 285 | 286 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 287 | 288 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 289 | 290 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 291 | 292 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 293 | 294 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 295 | 296 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 297 | 298 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 299 | 300 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 301 | 302 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 303 | 304 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 305 | 306 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 307 | 308 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 309 | 310 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 311 | 312 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 313 | 314 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 315 | 316 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 317 | 318 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 319 | 320 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 321 | 322 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 323 | 324 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 325 | 326 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 327 | 328 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 329 | 330 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 331 | 332 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 333 | 334 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 335 | 336 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 337 | 338 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 339 | 340 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 341 | 342 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 343 | 344 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 345 | 346 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 347 | 348 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 349 | 350 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 351 | 352 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 353 | 354 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 355 | 356 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 357 | 358 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 359 | 360 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 361 | 362 | [-HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 363 | 364 | [-HKEY_CLASSES_ROOT\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 365 | 366 | [-HKEY_CLASSES_ROOT\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 367 | 368 | [-HKEY_CLASSES_ROOT\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 369 | 370 | [-HKEY_CLASSES_ROOT\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 371 | 372 | [-HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 373 | 374 | [-HKEY_CLASSES_ROOT\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 375 | 376 | [-HKEY_CLASSES_ROOT\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 377 | 378 | [-HKEY_CLASSES_ROOT\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 379 | 380 | [-HKEY_CLASSES_ROOT\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 381 | 382 | [-HKEY_CLASSES_ROOT\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 383 | 384 | [-HKEY_CLASSES_ROOT\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 385 | 386 | [-HKEY_CLASSES_ROOT\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 387 | 388 | ; Defender Loggers 389 | 390 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger] 391 | 392 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger] 393 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoveDefenderTasks.reg 394 | 395 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACC9108-2000-46C0-8407-5FD9F89521E8}] 396 | 397 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D77BCC8-1D07-42D0-8C89-3A98674DFB6F}] 398 | 399 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9233DB-A7D3-45D6-B476-8C7D8DF73EB5}] 400 | 401 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B05F34EE-83F2-413D-BC1D-7D5BD6E98300}] 402 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoverofDefenderContextMenu.reg 403 | 404 | [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}] 405 | 406 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}] 407 | 408 | ; Remove "Scan with Defender" Context Menu 409 | 410 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] 411 | 412 | [-HKEY_CLASSES_ROOT\Folder\shell\WindowsDefender] 413 | 414 | [-HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsSecurity] 415 | 416 | [-HKEY_CLASSES_ROOT\Folder\shell\WindowsDefender\Command] 417 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoveServices.reg 418 | 419 | ; Remove Defender and Windows Security Services 420 | 421 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecCore] 422 | 423 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] 424 | 425 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv] 426 | 427 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc] 428 | 429 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter] 430 | 431 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot] 432 | 433 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService] 434 | 435 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SgrmAgent] 436 | 437 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SgrmBroker] 438 | 439 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend] 440 | 441 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection] 442 | "DisallowExploitProtectionOverride"=dword:00000001 443 | 444 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecFlt] 445 | 446 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecWfp] 447 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoveShellAssociation.reg 448 | 449 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend] 450 | 451 | [-HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\windowsdefender] 452 | 453 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender] 454 | 455 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Microsoft.Windows.Defender] 456 | 457 | [-HKEY_CLASSES_ROOT\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0] 458 | 459 | [-HKEY_CURRENT_USER\Software\Classes\ms-cxh] 460 | 461 | [-HKEY_CLASSES_ROOT\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%5Cresources.pri] 462 | 463 | [-HKEY_CLASSES_ROOT\WindowsDefender] 464 | 465 | [-HKEY_CURRENT_USER\Software\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0] 466 | 467 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WindowsDefender] 468 | 469 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ubpm] 470 | "CriticalMaintenance_DefenderCleanup"=- 471 | "CriticalMaintenance_DefenderVerification"=- 472 | 473 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System] 474 | "WindowsDefender-1"=- 475 | "WindowsDefender-2"=- 476 | "WindowsDefender-3"=- 477 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoveSignatureUpdates.reg 478 | 479 | ; this file disables Signature Updates in Windows Defender 480 | 481 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] 482 | "SignatureDisableNotification"=dword:00000001 483 | "RealtimeSignatureDelivery"=dword:00000000 484 | "ForceUpdateFromMU"=dword:00000000 485 | "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 486 | "UpdateOnStartUp"=dword:00000000 487 | "SignatureUpdateCatchupInterval"=dword:00000002 488 | "DisableUpdateOnStartupWithoutEngine"=dword:00000001 489 | "ScheduleTime"=dword:00001440 490 | "DisableScanOnUpdate"=dword:00000001 491 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoveStartupEntries.reg 492 | 493 | ; Remove Defender's Startup Entries 494 | 495 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 496 | "Windows Defender"=- 497 | "SecurityHealth"=- 498 | 499 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] 500 | "Windows Defender"=- 501 | "SecurityHealth"=- 502 | 503 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 504 | "WindowsDefender"=- 505 | "SecurityHealth"=- 506 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\RemoveWindowsWebThreat.reg 507 | 508 | [-HKEY_CLASSES_ROOT\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 509 | 510 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 511 | 512 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 513 | 514 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 515 | 516 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager] 517 | 518 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatExperienceManager.ThreatExperienceManager] 519 | 520 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatResponseEngine.ThreatDecisionEngine] 521 | 522 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings] 523 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_defender_moduled\WindowsSettingsPageVisibility.reg 524 | 525 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 526 | "SettingsPageVisibility"="hide:windowsdefender;" 527 | -------------------------------------------------------------------------------- /Remove_SecurityComp/Remove_SecurityComp.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableDevDriveProtection.reg 3 | 4 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection] 5 | "DisableAsyncScanOnOpen"=dword:00000001 6 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableLSAProtection.reg 7 | 8 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] 9 | "RunAsPPL"=dword:00000000 10 | 11 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] 12 | "LsaConfigFlags"=dword:00000000 13 | "RunAsPPL"=dword:00000000 14 | "RunAsPPLBoot"=dword:00000000 15 | "LmCompatibilityLevel"=- 16 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMaintenanceTaskreportinginSecurityHealthUI.reg 17 | 18 | ; disables reporting of things from Maintenance Task in Windows Security App 19 | 20 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health] 21 | 22 | [-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health] 23 | 24 | [HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health\State] 25 | "Disabled"=dword:00000001 26 | 27 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health\Platform] 28 | "Registered"=dword:00000000 29 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMicrosoftVulnerabileDriverBlocklist.reg 30 | 31 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config] 32 | "VulnerableDriverBlocklistEnable"=dword:00000000 33 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSmartScreen.reg 34 | 35 | ; Disable SmartScreen for Microsoft Edge 36 | 37 | [HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter] 38 | "EnabledV9"=dword:00000000 39 | "PreventOverride"=dword:00000000 40 | 41 | [HKEY_CURRENT_USER\Software\Microsoft\Edge] 42 | "SmartScreenEnabled"=dword:00000000 43 | 44 | [HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled] 45 | @=dword:00000000 46 | 47 | ; Disable SmartScreen in File Explorer and Windows Shell 48 | 49 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] 50 | "SmartScreenEnabled"="off" 51 | 52 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] 53 | "EnableSmartScreen"=dword:00000000 54 | "ShellSmartScreenLevel"=- 55 | 56 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen] 57 | "value"=dword:00000000 58 | 59 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableSmartScreenInShell] 60 | "value"=dword:00000000 61 | 62 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableAppInstallControl] 63 | "value"=dword:00000000 64 | 65 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\PreventOverrideForFilesInShell] 66 | "value"=dword:00000000 67 | 68 | ; Disable SmartScreen for Microsoft Store Apps 69 | 70 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost] 71 | "EnableWebContentEvaluation"=dword:00000000 72 | "PreventOverride"=dword:00000000 73 | 74 | ; Configure App Install Control 75 | 76 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen] 77 | "ConfigureAppInstallControlEnabled"=dword:00000001 78 | "ConfigureAppInstallControl"="Anywhere" 79 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSpyNetTelemetry.reg 80 | 81 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] 82 | "DisableBlockAtFirstSeen"=dword:00000001 83 | "LocalSettingOverrideSpynetReporting"=dword:00000000 84 | "SpynetReporting"=dword:00000000 85 | "SubmitSamplesConsent"=dword:00000002 86 | 87 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet] 88 | "SpyNetReporting"=dword:00000000 89 | "LocalSettingOverrideSpyNetReporting"=dword:00000000 90 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSystemMitigations.reg 91 | 92 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsMitigation] 93 | "UserPreference"=dword:00000002 94 | 95 | ; In-kernel Mitigations 96 | 97 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] 98 | "MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00 99 | "MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00 100 | "KernelSEHOPEnabled"=dword:00000000 101 | 102 | ; Disable Spectre & Meltdown Mitigations 103 | 104 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] 105 | "FeatureSettings"=dword:00000001 106 | "FeatureSettingsOverride"=dword:00000003 107 | "FeatureSettingsOverrideMask"=dword:00000003 108 | 109 | ; Services Mitigations 110 | 111 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig] 112 | "EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00 113 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableTamperProtection.reg 114 | 115 | ; Remove Defender's Tamper Protection 116 | 117 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] 118 | "MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00 119 | "TamperProtectionSource"=dword:00000000 120 | "MpCapability"=hex:00,00,00,00,00,00,00,00 121 | "TamperProtection"=dword:00000000 122 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableUAC.reg 123 | 124 | ; Disable UAC 125 | 126 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 127 | "EnableLUA"=dword:00000000 128 | "ConsentPromptBehaviorAdmin"=dword:00000000 129 | "ConsentPromptBehaviorUser"=dword:00000000 130 | "FilterAdministratorToken"=dword:00000001 131 | "LocalAccountTokenFilterPolicy"=dword:00000001 132 | "EnableUIADesktopToggle"=dword:00000000 133 | "ValidateAdminCodeSignatures"=dword:00000001 134 | "EnableSecureUIAPaths"=dword:00000000 135 | "DelayedDesktopSwitchTimemout"=dword:00000000 136 | "PromptOnSecureDesktop"=dword:00000000 137 | 138 | ; Fix mouse cursor dissapeiring 139 | 140 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 141 | "EnableCursorSuppression"=dword:00000000 142 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableVBS.reg 143 | 144 | ; Reset values for Virtualization Settings 145 | 146 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 147 | 148 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard] 149 | 150 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology] 151 | 152 | ; Disable Virtualization Based Security 153 | 154 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 155 | "EnableVirtualizationBasedSecurity"=dword:00000000 156 | "HypervisorEnforcedCodeIntegrity"=dword:00000000 157 | "HVCIMATRequired"=dword:00000000 158 | "LsaCfgFlags"=dword:00000000 159 | "ConfigureSystemGuardLaunch"=dword:00000002 160 | "RequirePlatformSecurityFeature"=dword:00000000 161 | "CachedDrtmAuthIndex"=dword:00000000 162 | "RequireMicrosoftSignedBootChain"=dword:00000001 163 | "Locked"=dword:00000000 164 | "RequirePlatformSecurityFeatures"=dword:00000000 165 | 166 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity] 167 | "Enabled"=dword:00000000 168 | "Locked"=dword:00000000 169 | "WasEnabledBy"=- 170 | 171 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\HypervisorEnforcedCodeIntegrity] 172 | "value"=dword:00000000 173 | 174 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\EnableVirtualizationBasedSecurity] 175 | "value"=dword:00000000 176 | 177 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\ConfigureSystemGuardLaunch] 178 | "value"=dword:00000000 179 | 180 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\LsaCfgFlags] 181 | "value"=dword:00000000 182 | 183 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\RequirePlatformSecurityFeatures] 184 | "value"=dword:00000000 185 | 186 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\RequireUEFIMemoryAttributesTable] 187 | "value"=dword:00000000 188 | 189 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 190 | "DeployConfigCIPolicy"=dword:00000000 191 | 192 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard] 193 | "Enabled"=dword:00000000 194 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\ExploitGuard_d.reg 195 | 196 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access] 197 | "EnableControlledFolderAccess"=dword:00000000 198 | 199 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] 200 | "EnableNetworkProtection"=- 201 | 202 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] 203 | "ExploitGuard_ASR_Rules"=dword:00000000 204 | 205 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] 206 | "EnableNetworkProtection"=- 207 | 208 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears] 209 | "HeartbeatTrackingIndex"=dword:00000000 210 | "SpyNetReportingLocation"="0" 211 | 212 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] 213 | "EnableASRConsumers"=dword:00000000 214 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\MitigationofFaultTorelantHeap.reg 215 | 216 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH] 217 | "Enabled"=dword:00000000 218 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemovalofAnti-PhishingServices.reg 219 | 220 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc] 221 | 222 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc] 223 | 224 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc] 225 | 226 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense] 227 | 228 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 229 | "WebThreatDefense"=- 230 | 231 | ; From Disabler 232 | 233 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense] 234 | 235 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode] 236 | "value"=dword:00000000 237 | 238 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword] 239 | "value"=dword:00000000 240 | 241 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled] 242 | "value"=dword:00000000 243 | 244 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS] 245 | 246 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components] 247 | "NotifyPasswordReuse"=dword:00000000 248 | 249 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components] 250 | "NotifyMalicious"=dword:00000000 251 | 252 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode] 253 | "value"=dword:00000000 254 | 255 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword] 256 | "value"=dword:00000000 257 | 258 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled] 259 | "value"=dword:00000000 260 | 261 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc] 262 | 263 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc] 264 | 265 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense] 266 | 267 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 268 | "WebThreatDefense"=- 269 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\Remove and Disable Microsoft Pluton.reg 270 | 271 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2] 272 | 273 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci] 274 | 275 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp] 276 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveSecurityandMaintenance.reg 277 | 278 | [-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 279 | 280 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 281 | 282 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 283 | 284 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 285 | 286 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 287 | 288 | [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 289 | 290 | [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 291 | ; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveWindowsDefenderFirewallRules.reg 292 | 293 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System] 294 | "WebThreatDefSvc_Allow_In"=- 295 | "WebThreatDefSvc_Allow_Out"=- 296 | "WebThreatDefSvc_Block_In"=- 297 | "WebThreatDefSvc_Block_Out"=- 298 | 299 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System] 300 | "{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=- 301 | "72e33e44-dc4c-40c5-a688-a77b6e988c69"=- 302 | "b23879b5-1ef3-45b7-8933-554a4303d2f3"=- 303 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableDevDriveProtection.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection] 4 | "DisableAsyncScanOnOpen"=dword:00000001 -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableLSAProtection.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] 4 | "RunAsPPL"=dword:00000000 5 | 6 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] 7 | "LsaConfigFlags"=dword:00000000 8 | "RunAsPPL"=dword:00000000 9 | "RunAsPPLBoot"=dword:00000000 10 | "LmCompatibilityLevel"=- 11 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableMaintenanceTaskreportinginSecurityHealthUI.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; disables reporting of things from Maintenance Task in Windows Security App 4 | 5 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health] 6 | 7 | [-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health] 8 | 9 | [HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health\State] 10 | "Disabled"=dword:00000001 11 | 12 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health\Platform] 13 | "Registered"=dword:00000000 14 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableMicrosoftVulnerabileDriverBlocklist.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config] 4 | "VulnerableDriverBlocklistEnable"=dword:00000000 5 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableSmartScreen.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Disable SmartScreen for Microsoft Edge 4 | 5 | [HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter] 6 | "EnabledV9"=dword:00000000 7 | "PreventOverride"=dword:00000000 8 | 9 | [HKEY_CURRENT_USER\Software\Microsoft\Edge] 10 | "SmartScreenEnabled"=dword:00000000 11 | 12 | [HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled] 13 | @=dword:00000000 14 | 15 | ; Disable SmartScreen in File Explorer and Windows Shell 16 | 17 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] 18 | "SmartScreenEnabled"="off" 19 | 20 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] 21 | "EnableSmartScreen"=dword:00000000 22 | "ShellSmartScreenLevel"=- 23 | 24 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen] 25 | "value"=dword:00000000 26 | 27 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableSmartScreenInShell] 28 | "value"=dword:00000000 29 | 30 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableAppInstallControl] 31 | "value"=dword:00000000 32 | 33 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\PreventOverrideForFilesInShell] 34 | "value"=dword:00000000 35 | 36 | ; Disable SmartScreen for Microsoft Store Apps 37 | 38 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost] 39 | "EnableWebContentEvaluation"=dword:00000000 40 | "PreventOverride"=dword:00000000 41 | 42 | ; Configure App Install Control 43 | 44 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen] 45 | "ConfigureAppInstallControlEnabled"=dword:00000001 46 | "ConfigureAppInstallControl"="Anywhere" 47 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableSpyNetTelemetry.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] 4 | "DisableBlockAtFirstSeen"=dword:00000001 5 | "LocalSettingOverrideSpynetReporting"=dword:00000000 6 | "SpynetReporting"=dword:00000000 7 | "SubmitSamplesConsent"=dword:00000002 8 | 9 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet] 10 | "SpyNetReporting"=dword:00000000 11 | "LocalSettingOverrideSpyNetReporting"=dword:00000000 -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableSystemMitigations.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsMitigation] 4 | "UserPreference"=dword:00000002 5 | 6 | ; In-kernel Mitigations 7 | 8 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] 9 | "MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00 10 | "MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00 11 | "KernelSEHOPEnabled"=dword:00000000 12 | 13 | ; Disable Spectre & Meltdown Mitigations 14 | 15 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] 16 | "FeatureSettings"=dword:00000001 17 | "FeatureSettingsOverride"=dword:00000003 18 | "FeatureSettingsOverrideMask"=dword:00000003 19 | 20 | ; Services Mitigations 21 | 22 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig] 23 | "EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00 24 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableTamperProtection.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Remove Defender's Tamper Protection 4 | 5 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features] 6 | "MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00 7 | "TamperProtectionSource"=dword:00000000 8 | "MpCapability"=hex:00,00,00,00,00,00,00,00 9 | "TamperProtection"=dword:00000000 10 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableUAC.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Disable UAC 4 | 5 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 6 | "EnableLUA"=dword:00000000 7 | "ConsentPromptBehaviorAdmin"=dword:00000000 8 | "ConsentPromptBehaviorUser"=dword:00000000 9 | "FilterAdministratorToken"=dword:00000001 10 | "LocalAccountTokenFilterPolicy"=dword:00000001 11 | "EnableUIADesktopToggle"=dword:00000000 12 | "ValidateAdminCodeSignatures"=dword:00000001 13 | "EnableSecureUIAPaths"=dword:00000000 14 | "DelayedDesktopSwitchTimemout"=dword:00000000 15 | "PromptOnSecureDesktop"=dword:00000000 16 | 17 | ; Fix mouse cursor dissapeiring 18 | 19 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 20 | "EnableCursorSuppression"=dword:00000000 21 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/DisableVBS.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Reset values for Virtualization Settings 4 | 5 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 6 | 7 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard] 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology] 10 | 11 | ; Disable Virtualization Based Security 12 | 13 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 14 | "EnableVirtualizationBasedSecurity"=dword:00000000 15 | "HypervisorEnforcedCodeIntegrity"=dword:00000000 16 | "HVCIMATRequired"=dword:00000000 17 | "LsaCfgFlags"=dword:00000000 18 | "ConfigureSystemGuardLaunch"=dword:00000002 19 | "RequirePlatformSecurityFeature"=dword:00000000 20 | "CachedDrtmAuthIndex"=dword:00000000 21 | "RequireMicrosoftSignedBootChain"=dword:00000001 22 | "Locked"=dword:00000000 23 | "RequirePlatformSecurityFeatures"=dword:00000000 24 | 25 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity] 26 | "Enabled"=dword:00000000 27 | "Locked"=dword:00000000 28 | "WasEnabledBy"=- 29 | 30 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\HypervisorEnforcedCodeIntegrity] 31 | "value"=dword:00000000 32 | 33 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\EnableVirtualizationBasedSecurity] 34 | "value"=dword:00000000 35 | 36 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\ConfigureSystemGuardLaunch] 37 | "value"=dword:00000000 38 | 39 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\LsaCfgFlags] 40 | "value"=dword:00000000 41 | 42 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\RequirePlatformSecurityFeatures] 43 | "value"=dword:00000000 44 | 45 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\RequireUEFIMemoryAttributesTable] 46 | "value"=dword:00000000 47 | 48 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard] 49 | "DeployConfigCIPolicy"=dword:00000000 50 | 51 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard] 52 | "Enabled"=dword:00000000 53 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/ExploitGuard_d.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access] 4 | "EnableControlledFolderAccess"=dword:00000000 5 | 6 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] 7 | "EnableNetworkProtection"=- 8 | 9 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] 10 | "ExploitGuard_ASR_Rules"=dword:00000000 11 | 12 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] 13 | "EnableNetworkProtection"=- 14 | 15 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears] 16 | "HeartbeatTrackingIndex"=dword:00000000 17 | "SpyNetReportingLocation"="0" 18 | 19 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] 20 | "EnableASRConsumers"=dword:00000000 21 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/MitigationofFaultTorelantHeap.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH] 4 | "Enabled"=dword:00000000 -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/RemovalofAnti-PhishingServices.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc] 4 | 5 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc] 6 | 7 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc] 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense] 10 | 11 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 12 | "WebThreatDefense"=- 13 | 14 | ; From Disabler 15 | 16 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense] 17 | 18 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode] 19 | "value"=dword:00000000 20 | 21 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword] 22 | "value"=dword:00000000 23 | 24 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled] 25 | "value"=dword:00000000 26 | 27 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS] 28 | 29 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components] 30 | "NotifyPasswordReuse"=dword:00000000 31 | 32 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components] 33 | "NotifyMalicious"=dword:00000000 34 | 35 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode] 36 | "value"=dword:00000000 37 | 38 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword] 39 | "value"=dword:00000000 40 | 41 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled] 42 | "value"=dword:00000000 43 | 44 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc] 45 | 46 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc] 47 | 48 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense] 49 | 50 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] 51 | "WebThreatDefense"=- 52 | -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/Remove and Disable Microsoft Pluton.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2] 4 | 5 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci] 6 | 7 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp] -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/RemoveSecurityandMaintenance.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 4 | 5 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 6 | 7 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 10 | 11 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 12 | 13 | [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] 14 | 15 | [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}] -------------------------------------------------------------------------------- /Remove_SecurityComp_moduled/RemoveWindowsDefenderFirewallRules.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System] 4 | "WebThreatDefSvc_Allow_In"=- 5 | "WebThreatDefSvc_Allow_Out"=- 6 | "WebThreatDefSvc_Block_In"=- 7 | "WebThreatDefSvc_Block_Out"=- 8 | 9 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System] 10 | "{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=- 11 | "72e33e44-dc4c-40c5-a688-a77b6e988c69"=- 12 | "b23879b5-1ef3-45b7-8933-554a4303d2f3"=- 13 | -------------------------------------------------------------------------------- /Remove_defender_moduled/DisableAntivirusProtection.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; disabling Antivirus 4 | 5 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] 6 | "DisableRoutinelyTakingAction"=dword:00000001 7 | "ServiceKeepAlive"=dword:00000000 8 | "AllowFastServiceStartup"=dword:00000000 9 | "DisableLocalAdminMerge"=dword:00000001 10 | 11 | ; disable overwriting real time protection settings 12 | 13 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] 14 | "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 15 | "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 16 | "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 17 | "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 18 | "LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000 19 | "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 20 | "DisableIOAVProtection"=dword:00000001 21 | "DisableRealtimeMonitoring"=dword:00000001 22 | "DisableBehaviorMonitoring"=dword:00000001 23 | "DisableOnAccessProtection"=dword:00000001 24 | "DisableScanOnRealtimeEnable"=dword:00000001 25 | "RealtimeScanDirection"=dword:00000002 26 | "DisableInformationProtectionControl"=dword:00000001 27 | "DisableIntrusionPreventionSystem"=dword:00000001 28 | "DisableRawWriteNotification"=dword:00000001 29 | 30 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring] 31 | "value"=dword:00000000 32 | 33 | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender] 34 | "DisableRoutinelyTakingAction"=dword:00000001 -------------------------------------------------------------------------------- /Remove_defender_moduled/DisableDefenderPolicies.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Enforce Disabling of Windows Defender Antivirus Policy 4 | 5 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection] 6 | "value"=dword:00000000 7 | 8 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] 9 | "PUAProtection"=dword:00000000 10 | "DisableRoutinelyTakingAction"=dword:00000001 11 | "ServiceKeepAlive"=dword:00000000 12 | "AllowFastServiceStartup"=dword:00000000 13 | "DisableLocalAdminMerge"=dword:00000001 14 | "DisableAntiSpyware"=dword:00000001 15 | "RandomizeScheduleTaskTimes"=dword:00000000 16 | 17 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning] 18 | "value"=dword:00000000 19 | 20 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring] 21 | "value"=dword:00000000 22 | 23 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection] 24 | "value"=dword:00000000 25 | 26 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning] 27 | "value"=dword:00000000 28 | 29 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives] 30 | "value"=dword:00000000 31 | 32 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning] 33 | "value"=dword:00000000 34 | 35 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem] 36 | "value"=dword:00000000 37 | 38 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection] 39 | "value"=dword:00000000 40 | 41 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring] 42 | "value"=dword:00000000 43 | 44 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles] 45 | "value"=dword:00000000 46 | 47 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning] 48 | "value"=dword:00000001 49 | 50 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess] 51 | "value"=dword:00000000 52 | 53 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor] 54 | "value"=dword:00000032 55 | 56 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan] 57 | "value"=dword:00000000 58 | 59 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudBlockLevel] 60 | "value"=dword:00000000 61 | 62 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudExtendedTimeout] 63 | "value"=dword:00000000 64 | 65 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware] 66 | "value"=dword:00000000 67 | 68 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan] 69 | "value"=dword:00000001 70 | 71 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan] 72 | "value"=dword:00000001 73 | 74 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess] 75 | "value"=dword:00000000 76 | 77 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority] 78 | "value"=dword:00000001 79 | 80 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection] 81 | "value"=dword:00000000 82 | 83 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\PUAProtection] 84 | "value"=dword:00000000 85 | 86 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection] 87 | "value"=dword:00000000 88 | 89 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter] 90 | "value"=dword:00000002 91 | 92 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay] 93 | "value"=dword:00000000 94 | 95 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanTime] 96 | "value"=dword:00000000 97 | 98 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval] 99 | "value"=dword:00000018 100 | 101 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent] 102 | "value"=dword:00000000 103 | 104 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions] 105 | "DisableAutoExclusions"=dword:00000001 106 | 107 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine] 108 | "MpEnablePus"=dword:00000000 109 | "MpCloudBlockLevel"=dword:00000000 110 | "MpBafsExtendedTimeout"=dword:00000000 111 | "EnableFileHashComputation"=dword:00000000 112 | 113 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS] 114 | "ThrottleDetectionEventsRate"=dword:00000000 115 | "DisableSignatureRetirement"=dword:00000001 116 | "DisableProtocolRecognition"=dword:00000001 117 | 118 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager] 119 | "DisableScanningNetworkFiles"=dword:00000001 120 | 121 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] 122 | "DisableRealtimeMonitoring"=dword:00000001 123 | "DisableBehaviorMonitoring"=dword:00000001 124 | "DisableOnAccessProtection"=dword:00000001 125 | "DisableScanOnRealtimeEnable"=dword:00000001 126 | "DisableIOAVProtection"=dword:00000001 127 | "LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 128 | "LocalSettingOverrideRealtimeScanDirection"=dword:00000000 129 | "LocalSettingOverrideDisableIOAVProtection"=dword:00000000 130 | "LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 131 | "LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000 132 | "LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 133 | "RealtimeScanDirection"=dword:00000002 134 | "IOAVMaxSize"=dword:00000512 135 | "DisableInformationProtectionControl"=dword:00000001 136 | "DisableIntrusionPreventionSystem"=dword:00000001 137 | "DisableRawWriteNotification"=dword:00000001 138 | 139 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan] 140 | "LowCpuPriority"=dword:00000001 141 | "DisableRestorePoint"=dword:00000001 142 | "DisableArchiveScanning"=dword:00000000 143 | "DisableScanningNetworkFiles"=dword:00000000 144 | "DisableCatchupFullScan"=dword:00000000 145 | "DisableCatchupQuickScan"=dword:00000001 146 | "DisableEmailScanning"=dword:00000000 147 | "DisableHeuristics"=dword:00000001 148 | "DisableReparsePointScanning"=dword:00000001 149 | 150 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] 151 | "SignatureDisableNotification"=dword:00000001 152 | "RealtimeSignatureDelivery"=dword:00000000 153 | "ForceUpdateFromMU"=dword:00000000 154 | "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 155 | "UpdateOnStartUp"=dword:00000000 156 | "SignatureUpdateCatchupInterval"=dword:00000002 157 | "DisableUpdateOnStartupWithoutEngine"=dword:00000001 158 | "ScheduleTime"=dword:00001440 159 | "DisableScanOnUpdate"=dword:00000001 160 | 161 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] 162 | "DisableBlockAtFirstSeen"=dword:00000001 163 | "LocalSettingOverrideSpynetReporting"=dword:00000000 164 | "SpynetReporting"=dword:00000000 165 | "SubmitSamplesConsent"=dword:00000002 166 | 167 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration] 168 | "SuppressRebootNotification"=dword:00000001 169 | 170 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access] 171 | "EnableControlledFolderAccess"=dword:00000000 172 | 173 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] 174 | "EnableNetworkProtection"=dword:00000000 175 | 176 | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender] 177 | "DisableRoutinelyTakingAction"=dword:00000001 178 | 179 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware] 180 | "ServiceKeepAlive"=dword:00000000 181 | "AllowFastServiceStartup"=dword:00000000 182 | "DisableRoutinelyTakingAction"=dword:00000001 183 | "DisableAntiSpyware"=dword:00000001 184 | "DisableAntiVirus"=dword:00000001 185 | 186 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet] 187 | "SpyNetReporting"=dword:00000000 188 | "LocalSettingOverrideSpyNetReporting"=dword:00000000 189 | 190 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting] 191 | "DisableEnhancedNotifications"=dword:00000001 192 | "DisableGenericRePorts"=dword:00000001 193 | "WppTracingLevel"=dword:00000000 194 | "WppTracingComponents"=dword:00000000 195 | 196 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy] 197 | "VerifiedAndReputablePolicyState"=dword:00000000 198 | -------------------------------------------------------------------------------- /Remove_defender_moduled/DisableDefenderandSecurityCenterNotifications.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Disable Windows Defender Security Center Notifications 4 | 5 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableEnhancedNotifications] 6 | "value"=dword:00000001 7 | 8 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableNotifications] 9 | "value"=dword:00000001 10 | 11 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideWindowsSecurityNotificationAreaControl] 12 | "value"=dword:00000001 13 | 14 | ; Disable Windows Security Center Notifications 15 | 16 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 17 | 18 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 19 | "FirstRunDisabled"=dword:00000001 20 | "AntiVirusOverride"=dword:00000001 21 | "FirewallOverride"=dword:00000001 22 | 23 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications] 24 | "DisableEnhancedNotifications"=dword:00000001 25 | "DisableNotifications"=dword:00000001 26 | 27 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance] 28 | "Enabled"=dword:00000000 -------------------------------------------------------------------------------- /Remove_defender_moduled/NomoreDelayandTimeouts.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] 4 | "VerboseStatus"=dword:00000000 5 | 6 | [HKEY_CURRENT_USER\Control Panel\Desktop] 7 | "AutoEndTasks"="1" 8 | "MenuShowDelay"="1" 9 | "ForegroundLockTimeout"=dword:00000000 10 | "WaitToKillAppTimeout"="1" 11 | "WaitToKillServiceTimeout"=dword:00000001 12 | "HungAppTimeout"="1000" 13 | "LowLevelHooksTimeout"=dword:00000001 14 | 15 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] 16 | "WaitToKillServiceTimeout"="1" 17 | "DisableRemoteScmEndpoints"dword:00000000 18 | "ServicesPipeTimeout"=dword:00240000 19 | 20 | [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] 21 | "ThumbnailLivePreviewHoverTime"=dword:00000001 22 | -------------------------------------------------------------------------------- /Remove_defender_moduled/RemovalofWindowsDefenderAntivirus.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 4 | 5 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 6 | 7 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 8 | 9 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 10 | 11 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 12 | 13 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 14 | 15 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 16 | 17 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 18 | 19 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 20 | 21 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 22 | 23 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 24 | 25 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 26 | 27 | [-HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 28 | 29 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 30 | 31 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 32 | 33 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 34 | 35 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 36 | 37 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 38 | 39 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 40 | 41 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 42 | 43 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 44 | 45 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 46 | 47 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 48 | 49 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 50 | 51 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 52 | 53 | [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 54 | 55 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 56 | 57 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 58 | 59 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 60 | 61 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 62 | 63 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 64 | 65 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 66 | 67 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 68 | 69 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 70 | 71 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 72 | 73 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 74 | 75 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 76 | 77 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 78 | 79 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 80 | 81 | [-HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] 82 | 83 | [-HKEY_CLASSES_ROOT\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}] 84 | 85 | [-HKEY_CLASSES_ROOT\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}] 86 | 87 | [-HKEY_CLASSES_ROOT\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}] 88 | 89 | [-HKEY_CLASSES_ROOT\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}] 90 | 91 | [-HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}] 92 | 93 | [-HKEY_CLASSES_ROOT\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}] 94 | 95 | [-HKEY_CLASSES_ROOT\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}] 96 | 97 | [-HKEY_CLASSES_ROOT\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}] 98 | 99 | [-HKEY_CLASSES_ROOT\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}] 100 | 101 | [-HKEY_CLASSES_ROOT\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}] 102 | 103 | [-HKEY_CLASSES_ROOT\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}] 104 | 105 | [-HKEY_CLASSES_ROOT\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}] 106 | 107 | ; Defender Loggers 108 | 109 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger] 110 | 111 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger] -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoveDefenderTasks.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACC9108-2000-46C0-8407-5FD9F89521E8}] 4 | 5 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D77BCC8-1D07-42D0-8C89-3A98674DFB6F}] 6 | 7 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9233DB-A7D3-45D6-B476-8C7D8DF73EB5}] 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B05F34EE-83F2-413D-BC1D-7D5BD6E98300}] 10 | -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoveServices.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Remove Defender and Windows Security Services 4 | 5 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecCore] 6 | 7 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] 8 | 9 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv] 10 | 11 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc] 12 | 13 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter] 14 | 15 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot] 16 | 17 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService] 18 | 19 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SgrmAgent] 20 | 21 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SgrmBroker] 22 | 23 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend] 24 | 25 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection] 26 | "DisallowExploitProtectionOverride"=dword:00000001 27 | 28 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecFlt] 29 | 30 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecWfp] -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoveShellAssociation.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend] 4 | 5 | [-HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\windowsdefender] 6 | 7 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Windows.Defender] 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppUserModelId\Microsoft.Windows.Defender] 10 | 11 | [-HKEY_CLASSES_ROOT\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0] 12 | 13 | [-HKEY_CURRENT_USER\Software\Classes\ms-cxh] 14 | 15 | [-HKEY_CLASSES_ROOT\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%5Cresources.pri] 16 | 17 | [-HKEY_CLASSES_ROOT\WindowsDefender] 18 | 19 | [-HKEY_CURRENT_USER\Software\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0] 20 | 21 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WindowsDefender] 22 | 23 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Ubpm] 24 | "CriticalMaintenance_DefenderCleanup"=- 25 | "CriticalMaintenance_DefenderVerification"=- 26 | 27 | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System] 28 | "WindowsDefender-1"=- 29 | "WindowsDefender-2"=- 30 | "WindowsDefender-3"=- 31 | -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoveSignatureUpdates.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; this file disables Signature Updates in Windows Defender 4 | 5 | [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] 6 | "SignatureDisableNotification"=dword:00000001 7 | "RealtimeSignatureDelivery"=dword:00000000 8 | "ForceUpdateFromMU"=dword:00000000 9 | "DisableScheduledSignatureUpdateOnBattery"=dword:00000001 10 | "UpdateOnStartUp"=dword:00000000 11 | "SignatureUpdateCatchupInterval"=dword:00000002 12 | "DisableUpdateOnStartupWithoutEngine"=dword:00000001 13 | "ScheduleTime"=dword:00001440 14 | "DisableScanOnUpdate"=dword:00000001 15 | -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoveStartupEntries.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | ; Remove Defender's Startup Entries 4 | 5 | [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 6 | "Windows Defender"=- 7 | "SecurityHealth"=- 8 | 9 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] 10 | "Windows Defender"=- 11 | "SecurityHealth"=- 12 | 13 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 14 | "WindowsDefender"=- 15 | "SecurityHealth"=- 16 | -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoveWindowsWebThreat.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_CLASSES_ROOT\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 4 | 5 | [-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 6 | 7 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}] 10 | 11 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager] 12 | 13 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatExperienceManager.ThreatExperienceManager] 14 | 15 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatResponseEngine.ThreatDecisionEngine] 16 | 17 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings] 18 | -------------------------------------------------------------------------------- /Remove_defender_moduled/RemoverofDefenderContextMenu.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}] 4 | 5 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}] 6 | 7 | ; Remove "Scan with Defender" Context Menu 8 | 9 | [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] 10 | 11 | [-HKEY_CLASSES_ROOT\Folder\shell\WindowsDefender] 12 | 13 | [-HKEY_CLASSES_ROOT\DesktopBackground\Shell\WindowsSecurity] 14 | 15 | [-HKEY_CLASSES_ROOT\Folder\shell\WindowsDefender\Command] 16 | -------------------------------------------------------------------------------- /Remove_defender_moduled/WindowsSettingsPageVisibility.reg: -------------------------------------------------------------------------------- 1 | Windows Registry Editor Version 5.00 2 | 3 | [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 4 | "SettingsPageVisibility"="hide:windowsdefender;" 5 | -------------------------------------------------------------------------------- /Script_Run.bat: -------------------------------------------------------------------------------- 1 | @set defenderremoverver=12.8.2 2 | @setlocal DisableDelayedExpansion 3 | @echo off 4 | pushd "%CD%" 5 | CD /D "%~dp0" 6 | 7 | :: Arguments Section 8 | IF "%1"== "y" GOTO :removedef 9 | IF "%1"== "Y" GOTO :removedef 10 | IF "%1"== "a" GOTO :removeantivirus 11 | IF "%1"== "A" GOTO :removeantivirus 12 | IF "%1"== "S" GOTO :disablemitigations 13 | IF "%1"== "s" GOTO :disablemitigations 14 | :-------------------------------------- 15 | 16 | 17 | :-------------------------------------- 18 | cls 19 | echo ------ Defender Remover Script , version %defenderremoverver% ------ 20 | echo Select an option: 21 | echo. 22 | echo Do you want to remove Windows Defender and alongside components? After this you'll need to reboot. 23 | echo If you PC have a Microsoft Pluton Chip, you can disable from BIOS anytime. (This script removes the integration of Pluton Chip Support and Processing from Windows.) 24 | echo After confirmation of Removal, your Device will RESTART!! 25 | echo A backup and/or System Restore point is recommended. 26 | echo [Y] Remove Windows Defender Antivirus + Disable All Security Mitigations 27 | echo [A] Remove Windows Defender only, but keep UAC Enabled 28 | echo [S] Disable All Security Mitigations 29 | choice /C:yas /N 30 | if errorlevel==3 goto disablemitigations 31 | if errorlevel==2 goto removeantivirus 32 | if errorlevel==1 goto removedef 33 | :-------------------------------------- 34 | 35 | 36 | :-------------------------------------- 37 | goto :eof 38 | :-------------------------------------- 39 | 40 | :-------------------------------------- 41 | :removedef 42 | CLS 43 | bcdedit /set hypervisorlaunchtype off 44 | 45 | CLS 46 | echo Removing Windows Security UWP App... 47 | Powershell -noprofile -executionpolicy bypass -file "%~dp0\RemoveSecHealthApp.ps1" 48 | 49 | CLS 50 | echo Unregister Windows Defender Security Components... 51 | FOR /R %%f IN (Remove_defender\*.reg) DO PowerRun.exe regedit.exe /s "%%f" 52 | FOR /R %%f IN (Remove_defender\*.reg) DO regedit.exe /s "%%f" 53 | FOR /R %%f IN (Remove_SecurityComp\*.reg) DO PowerRun.exe regedit.exe /s "%%f" 54 | CLS 55 | for %%d in ("C:\Windows\WinSxS\FileMaps\wow64_windows-defender*.manifest" "C:\Windows\WinSxS\FileMaps\x86_windows-defender*.manifest" "C:\Windows\WinSxS\FileMaps\amd64_windows-defender*.manifest" "C:\Windows\System32\SecurityAndMaintenance_Error.png" "C:\Windows\System32\SecurityAndMaintenance.png" "C:\Windows\System32\SecurityHealthSystray.exe" "C:\Windows\System32\SecurityHealthService.exe" "C:\Windows\System32\SecurityHealthHost.exe" "C:\Windows\System32\drivers\SgrmAgent.sys" "C:\Windows\System32\drivers\WdDevFlt.sys" "C:\Windows\System32\drivers\WdBoot.sys" "C:\Windows\System32\drivers\WdFilter.sys" "C:\Windows\System32\wscsvc.dll" "C:\Windows\System32\drivers\WdNisDrv.sys" "C:\Windows\System32\wscsvc.dll" "C:\Windows\System32\wscproxystub.dll" "C:\Windows\System32\wscisvif.dll" "C:\Windows\System32\SecurityHealthProxyStub.dll" "C:\Windows\System32\smartscreen.dll" "C:\Windows\SysWOW64\smartscreen.dll" "C:\Windows\System32\smartscreen.exe" "C:\Windows\SysWOW64\smartscreen.exe" "C:\Windows\System32\DWWIN.EXE" "C:\Windows\SysWOW64\smartscreenps.dll" "C:\Windows\System32\smartscreenps.dll" "C:\Windows\System32\SecurityHealthCore.dll" "C:\Windows\System32\SecurityHealthSsoUdk.dll" "C:\Windows\System32\SecurityHealthUdk.dll" "C:\Windows\System32\SecurityHealthAgent.dll" "C:\Windows\System32\wscapi.dll" "C:\Windows\System32\wscadminui.exe" "C:\Windows\SysWOW64\GameBarPresenceWriter.exe" "C:\Windows\System32\GameBarPresenceWriter.exe" "C:\Windows\SysWOW64\DeviceCensus.exe" "C:\Windows\SysWOW64\CompatTelRunner.exe" "C:\Windows\system32\drivers\msseccore.sys" "C:\Windows\system32\drivers\MsSecFltWfp.sys" "C:\Windows\system32\drivers\MsSecFlt.sys") DO PowerRun cmd.exe /c del /f "%%d" 56 | :: part 2 57 | for %%d in ("C:\Windows\WinSxS\amd64_security-octagon*" "C:\Windows\WinSxS\x86_windows-defender*" "C:\Windows\WinSxS\wow64_windows-defender*" "C:\Windows\WinSxS\amd64_windows-defender*" "C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy" "C:\ProgramData\Microsoft\Windows Defender" "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection" "C:\Program Files (x86)\Windows Defender Advanced Threat Protection" "C:\Program Files\Windows Defender Advanced Threat Protection" "C:\ProgramData\Microsoft\Windows Security Health" "C:\ProgramData\Microsoft\Storage Health" "C:\WINDOWS\System32\drivers\wd" "C:\Program Files (x86)\Windows Defender" "C:\Program Files\Windows Defender" "C:\Windows\System32\SecurityHealth" "C:\Windows\System32\WebThreatDefSvc" "C:\Windows\System32\Sgrm" "C:\Windows\Containers\WindowsDefenderApplicationGuard.wim" "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance" "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\DefenderPerformance" "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender" "C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender" "C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender" "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender" "C:\Windows\System32\HealthAttestationClient" "C:\Windows\GameBarPresenceWriter" "C:\Windows\bcastdvr" "C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim") do PowerRun cmd.exe /c rmdir "%%~d" /s /q 58 | echo Your PC will reboot in 10 seconds.. 59 | timeout 3 60 | shutdown /r /f /t 10 61 | exit 62 | :-------------------------------------- 63 | 64 | 65 | :-------------------------------------- 66 | :removeantivirus 67 | CLS 68 | bcdedit /set hypervisorlaunchtype off 69 | 70 | CLS 71 | echo Removing Windows Security UWP App... 72 | Powershell -noprofile -executionpolicy bypass -file "%~dp0\RemoveSecHealthApp.ps1" 73 | 74 | CLS 75 | echo Unregister Windows Defender Security Components... 76 | FOR /R %%f IN (Remove_defender\*.reg) DO PowerRun.exe regedit.exe /s "%%f" 77 | FOR /R %%f IN (Remove_defender\*.reg) DO regedit.exe /s "%%f" 78 | CLS 79 | for %%d in ("C:\Windows\WinSxS\FileMaps\wow64_windows-defender*.manifest" "C:\Windows\WinSxS\FileMaps\x86_windows-defender*.manifest" "C:\Windows\WinSxS\FileMaps\amd64_windows-defender*.manifest" "C:\Windows\System32\SecurityAndMaintenance_Error.png" "C:\Windows\System32\SecurityAndMaintenance.png" "C:\Windows\System32\SecurityHealthSystray.exe" "C:\Windows\System32\SecurityHealthService.exe" "C:\Windows\System32\SecurityHealthHost.exe" "C:\Windows\System32\drivers\SgrmAgent.sys" "C:\Windows\System32\drivers\WdDevFlt.sys" "C:\Windows\System32\drivers\WdBoot.sys" "C:\Windows\System32\drivers\WdFilter.sys" "C:\Windows\System32\wscsvc.dll" "C:\Windows\System32\drivers\WdNisDrv.sys" "C:\Windows\System32\wscsvc.dll" "C:\Windows\System32\wscproxystub.dll" "C:\Windows\System32\wscisvif.dll" "C:\Windows\System32\SecurityHealthProxyStub.dll" "C:\Windows\System32\smartscreen.dll" "C:\Windows\SysWOW64\smartscreen.dll" "C:\Windows\System32\smartscreen.exe" "C:\Windows\SysWOW64\smartscreen.exe" "C:\Windows\System32\DWWIN.EXE" "C:\Windows\SysWOW64\smartscreenps.dll" "C:\Windows\System32\smartscreenps.dll" "C:\Windows\System32\SecurityHealthCore.dll" "C:\Windows\System32\SecurityHealthSsoUdk.dll" "C:\Windows\System32\SecurityHealthUdk.dll" "C:\Windows\System32\SecurityHealthAgent.dll" "C:\Windows\System32\wscapi.dll" "C:\Windows\System32\wscadminui.exe" "C:\Windows\SysWOW64\GameBarPresenceWriter.exe" "C:\Windows\System32\GameBarPresenceWriter.exe" "C:\Windows\SysWOW64\DeviceCensus.exe" "C:\Windows\SysWOW64\CompatTelRunner.exe" "C:\Windows\system32\drivers\msseccore.sys" "C:\Windows\system32\drivers\MsSecFltWfp.sys" "C:\Windows\system32\drivers\MsSecFlt.sys") DO PowerRun cmd.exe /c del /f "%%d" 80 | :: part 2 81 | for %%d in ("C:\Windows\WinSxS\amd64_security-octagon*" "C:\Windows\WinSxS\x86_windows-defender*" "C:\Windows\WinSxS\wow64_windows-defender*" "C:\Windows\WinSxS\amd64_windows-defender*" "C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy" "C:\ProgramData\Microsoft\Windows Defender" "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection" "C:\Program Files (x86)\Windows Defender Advanced Threat Protection" "C:\Program Files\Windows Defender Advanced Threat Protection" "C:\ProgramData\Microsoft\Windows Security Health" "C:\ProgramData\Microsoft\Storage Health" "C:\WINDOWS\System32\drivers\wd" "C:\Program Files (x86)\Windows Defender" "C:\Program Files\Windows Defender" "C:\Windows\System32\SecurityHealth" "C:\Windows\System32\WebThreatDefSvc" "C:\Windows\System32\Sgrm" "C:\Windows\Containers\WindowsDefenderApplicationGuard.wim" "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DefenderPerformance" "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\DefenderPerformance" "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender" "C:\Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender" "C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender" "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Defender" "C:\Windows\System32\HealthAttestationClient" "C:\Windows\GameBarPresenceWriter" "C:\Windows\bcastdvr" "C:\Windows\Containers\serviced\WindowsDefenderApplicationGuard.wim") do PowerRun cmd.exe /c rmdir "%%~d" /s /q 82 | echo Your PC will reboot in 10 seconds.. 83 | timeout 3 84 | shutdown /r /f /t 10 85 | exit 86 | :-------------------------------------- 87 | 88 | :-------------------------------------- 89 | :disablemitigations 90 | CLS 91 | bcdedit /set hypervisorlaunchtype off 92 | 93 | CLS 94 | echo Disabling Security Mitigations... 95 | FOR /R %%f IN (Remove_SecurityComp\*.reg) DO PowerRun.exe regedit.exe /s "%%f" 96 | CLS 97 | echo Your PC will reboot in 10 seconds.. 98 | timeout 3 99 | shutdown /r /f /t 10 100 | exit 101 | :-------------------------------------- -------------------------------------------------------------------------------- /app_icon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ionuttbara/windows-defender-remover/efa67724aa3b0c414f221b1fef8f8669b622f7f2/app_icon.ico --------------------------------------------------------------------------------