Closed AzimsTech closed 1 year ago
The unstable and not not recommended options are labed red color. Yes and this will save +- 200MB ram. There is no method to completely uninstall/kill defender and edge YET. Without interfering with the system image.
The unstable and not not recommended options are labed red color.
Is there a way to make this information more visible for users in the future?"
There is no method to completely uninstall/kill defender and edge YET. Without interfering with the system image.
Apparently, it is possible with this script: https://github.com/hellzerg/optimizer/blob/master/Optimizer/Resources/Scripts/DisableDefenderSafeMode1903Plus.bat However, it needs to be run in safe mode.
Yes from safe mode and 1903 build I know hellzerg's Optimizer (1 year old), script is for IT and non IT users if u click on button "Select All" ucan't hilight red options. I would be happy for advice how to make this information about red options more visible for users.
And code of git up is the same like E.T. but E.T. has got +extras values well.... If u want to try in safe mode good luck I am sure there is methode to reboot into safe mode via command (thats mean I can add this in the future E.T. version)
:chck3
if exist %programdata%\ET\chck3.lbool del %programdata%\ET\chck3.lbool
:: Disable Windows Defender
title %version% [%counter%/%alltodo%] && set /a counter+=1 >nul 2>nul
powershell -Command "Write-Host ' [Disable] Windows Defender' -F darkgray -B black"
::Windows Defender
reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
::WindowsSystemTray
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f >NUL 2>nul
::System Guard
reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
::WebThreatDefSvc
reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
reg add "%%i" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
)
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f >NUL 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "6152" /f >NUL 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f >NUL 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f >NUL 2>nul
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f >NUL 2>nul
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f >NUL 2>nul
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f >NUL 2>nul
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_DWORD /d "0" /f >NUL 2>nul
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f >NUL 2>nul
reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f >NUL 2>nul
reg add "HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f >NUL 2>nul
:: Disable Logging
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
:: Disable Tasks
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable >NUL 2>nul
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable >NUL 2>nul
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable >NUL 2>nul
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable >NUL 2>nul
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable >NUL 2>nul
:: Disable systray icon
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f >NUL 2>nul
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f >NUL 2>nul
:: Remove context menu
reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f >NUL 2>nul
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f >NUL 2>nul
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f >NUL 2>nul
:: Disable services (it will stop WdFilter.sys as well, better not to disable the driver by itself)
:: reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
goto Start
Yes from safe mode and 1903 build I know hellzerg's Optimizer (1 year old), script is for IT and non IT users if u click on button "Select All" ucan't hilight red options. I would be happy for advice how to make this information about red options more visible for users.
I think grouping the red options separately from the normal options is a good idea.
And code of git up is the same like E.T. but E.T. has got +extras values well.... If u want to try in safe mode good luck I am sure there is methode to reboot into safe mode via command (thats mean I can add this in the future E.T. version)
I just tried rebooting into safe mode using the E.T again and it worked for me.
Updated and ready to use.
Updated and ready to use.
This looks awesome. I really appreciate the effort you put into considering my feedback.
- After fast googling I find out about command way to reboot into safe mode: https://4it.com.au/kb/article/restart-windows-safe-mode-using-command-prompt/ But yet I don't know where and how to do it for users friendly. Maybe I will make extra button in extras or auto-detector.
Something like this should work
@echo off
rem Check if running in safe mode
bcdedit /enum | find "safeboot" > nul
if %errorlevel% == 0 (
rem Already in safe mode, run the command and reboot
rem Disable Windows Defender commands to be executed in safe mode here
bcdedit /deletevalue {current} safeboot > nul
shutdown /r /t 3
) else (
rem Not in safe mode, set safe mode and reboot
bcdedit /set {current} safeboot minimal > nul
rem Add a registry key to run the script at next startup
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v *%~n0 /t REG_SZ /d %~dpnx0
shutdown /r /t 3
)
exit
I am always trying to listen others feedback and make changes it's tool for all 👌😊 That code of puting into startup is awesome but still I need to think when E.T. should restart to safe mode like: 1) before all options/changes at start 2) Only after choosing defender option (I think that I will choose 2) second option)
Glad to hear that!
Option 2 sounds like a good choice for safe mode activation, but it's up to your preference. Keep up the good work! 👍
Check new version with ur code of rebooting into safe mode, I belive everything is fine now 👌
Finally, I got a chance to test it today. I haven't had the opportunity to test it in the past few days.
Unfortunately, it didn't reboot to safe mode. Here are the screenshots from before the reboot:
When u manually reboot u probably will get safe mode.
FIX that typing:
bcdedit /deletevalue {current} safeboot delete all files in %programdata%\ET
I will make own code to boot script and fix that...
I just updated the code, the first tests passed without any problems, soon I will test on other machines.
And u need reboot manually computer and after that u will see safe mode windows.
After running the script, I can confirm that it is now working properly as expected.
Probably the script need improvements but for now it's working at least... sorry for trouble.
Thanks to you for fixing it, now I can use it with other machines. Cheers!
Give me a second I am still updating + testing becouse of glitches. I will let you know if all is fine.
Looks promising so far, the edge after updating with windows update is not removable, the rest works. Stable release ready to use/download.
OS: Windows 10 Pro 22H2 (19045.2673)