[New script]: New defender scripts.

[femdiya]

Operating system

Windows

Name of the script

1. Disable SmartScreen in Microsoft Edge.
2. Disable SmartScreen PUA protection in Microsoft Edge.
3. Lower priority for antimalware service at startup.
4. Prefer group policy over local settings.
5. Disable monitoring of files and programs.
6. Disable scanning of all downloaded files and attachments.
7. Disable scanning archive files.
8. Disable behavior monitoring.
9. Disable cloud protection.
10. Disable Email scanning.
11. Disable scanning mapped network drives during full scan.
12. Disable scanning removable drives.
13. Disable real-time monitoring.
14. Disable network file scanning.
15. Disable script scanning.
16. Disable Virus and threat protection section in Windows Security.
17. Disable signature verification before scanning.
18. Minimize cloud protection level.
19. Disable catch-up full scans.
20. Disable catch-up quick scans.
21. Disable controlled folder access.
22. Enable low-priority CPU for scheduled scans.
23. Disable prevention of users and apps from accessing dangerous websites.
24. Disable scheduled full-scans.
25. Disable scheduled scans frequently.
26. Disable sending file samples for further analysis.
27. Disable network file scanning.
28. Disable non-critical Defender notifications.
29. Disable routine remediation.
30. Disable Microsoft Defender Antivirus.
31. Disable SpyNet.

Documentation/References

1. This script disables SmartScreen in Microsoft Edge. More info: Winaero
2. This script disables SmartScreen PUA protection in Microsoft Edge. More info: Group policy catalog Microsoft
3. This script lowers the antimalware service startup priority from normal to low. More info: Group policy catalog1 Group policy catalog2 Microsoft
4. This script prefers group policy over local settings. More info: 1 2 3 4 5 6 7 8 9
5. This script disables files and programs monitoring. (Requires Tamper protection to be turned off). More info: Microsoft
6. This script prevents files and attachments from being scanned. (Requires Tamper protection to be turned off). More info: Microsoft
7. This script prevents archives from being scanned. (Requires Tamper protection to be turned off). More info: Microsoft
8. This script prevents behavior monitoring, used in real time to monitor user activity and detect malwares. (Requires Tamper protection to be turned off). More info: Microsoft
9. This script prevents data from being sent to Microsoft cloud protection. More info: Microsoft
10. This script prevents emails (ex. Outlook emails) from being scanned. More info: Microsoft
11. This script prevents mapped network drives from being scanned. More info: Microsoft
12. This script prevents removable devices from being scanned. More info: Microsoft
13. This script disables real-time monitoring. (Requires Tamper protection to be turned off). More info: Microsoft
14. This script disables network file scanning. More info: Microsoft
15. This script disables script scanning. (Requires Tamper protection to be turned off). More info: Microsoft
16. This script disables access to Virus and threat protection in Windows Security. More info: Microsoft
17. This script disables checking for signature update before every scan. More info: Microsoft
18. This script minimizes the cloud protection level. More info: Microsoft
19. This script disables catch up full scans after missed scheduled (full) scans. More info: Microsoft
20. This script disables catch up quick scans after misses scheduled (quick) scans. More info: Microsoft
21. This script disables controlled folder access. More info: Microsoft
22. This script lowers the priority (CPU) for scheduled scans. More info: Group policy catalog Microsoft
23. This script disables prevention of users and apps from accessing dangerous websites. More info: Microsoft
24. This script disables scheduled scans being full and will make them quick instead. More info: Microsoft
25. This script changes the scheduled scan day to "Never" which thus, disables scheduled scans completely (?). More info: Group policy catalog Microsoft
26. This script prevents samples from being sent to Microsoft. More info: Microsoft
27. This script prevent network file scanning.
28. This script prevents enhanced notifications. More info: Group policy catalog
29. This script disables routine remediation. More info: Group policy catalog
30. This script disables Microsoft Defender Anti-Virus. More info: Group policy catalog 1 Group policy catalog 2
31. This script disables/minimizes Microsoft SpyNet. More info: Group policy catalog

Code

1. Disables SmartScreen in Microsoft Edge: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKCU\Software\Microsoft\Edge\SmartScreenEnabled' /v '(Default)' /t 'REG_DWORD' /d '0' /f"
2. Disables SmartScreen PUA protection in Microsoft Edge: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKCU\Software\Microsoft\Edge\SmartScreenPuaEnabled' /v '(Default)' /t 'REG_DWORD' /d '0' /f"
3. Low priority for antimalware service:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender' /v 'AllowFastServiceStartup' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'AllowFastServiceStartup' /t 'REG_DWORD' /d '0' /f"
4. Prefer group policy over local settings:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideDisableOnAccessProtection' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideRealtimeScanDirection' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideDisableIOAVProtection' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideDisableBehaviorMonitoring' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideDisableIntrusionPreventionSystem' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideDisableRealtimeMonitoring' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'LocalSettingOverrideDisableScriptScanning' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' /v 'LocalSettingOverrideSpynetReporting' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet' /v 'LocalSettingOverrideSpyNetReporting' /t 'REG_DWORD' /d '0' /f"
5. Disables files and programs monitoring:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableOnAccessProtection' /t 'REG_DWORD' /d '1' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection' /v 'value' /t 'REG_DWORD' /d '0' /f"
6. Disable scanning of all downloaded files and attachments: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection' /v 'value' /t 'REG_DWORD' /d '0' /f"
7. Disable archive scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning' /v 'value' /t 'REG_DWORD' /d '0' /f"
8. Disable behavior monitoring:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring' /v 'value' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "Set-MpPreference -DisableBehaviorMonitoring false"
9. Disable cloud protection:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection' /v 'value' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
10. Disable email scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning' /v 'value' /t 'REG_DWORD' /d '0' /f"
11. Disable mapped drive scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives' /v 'value' /t 'REG_DWORD' /d '0' /f"
12. Disable removable device scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning' /v 'value' /t 'REG_DWORD' /d '0' /f"
13. Disable real-time monitoring: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring' /v 'value' /t 'REG_DWORD' /d '0' /f"
14. Disable network file scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles' /v 'value' /t 'REG_DWORD' /d '0' /f"
15. Disable script scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning' /v 'value' /t 'REG_DWORD' /d '0' /f"
16. Disable Virus and threat protection section in Windows Security: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess' /v 'value' /t 'REG_DWORD' /d '0' /f"
17. Disable signature update before scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan' /v 'value' /t 'REG_DWORD' /d '0' /f"
18. Minimize cloud protection: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudBlockLevel' /v 'value' /t 'REG_DWORD' /d '0' /f"
19. Disable catch-up full scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan' /v 'value' /t 'REG_DWORD' /d '1' /f"
20. Disable catch-up quick scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan' /v 'value' /t 'REG_DWORD' /d '1' /f"
21. Disable controlled folder access: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess' /v 'value' /t 'REG_DWORD' /d '0' /f"
22. Low-priority CPU scheduled scans:
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority' /v 'value' /t 'REG_DWORD' /d '1' /f"
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan' /v 'LowCpuPriority' /t 'REG_DWORD' /d '1' /f"
23. Disable prevention of users and apps from accessing dangerous websites: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection' /v 'value' /t 'REG_DWORD' /d '0' /f"
24. Disable scheduled full-scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter' /v 'value' /t 'REG_DWORD' /d '1' /f"
25. Disable scheduled scans:
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay' /v 'value' /t 'REG_DWORD' /d '8' /f"
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan' /v 'ScheduleDay' /t 'REG_DWORD' /d '1' /f"
26. Disable sample submitting: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent' /v 'value' /t 'REG_DWORD' /d '2' /f"
27. Disable network file scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager' /v 'DisableScanningNetworkFiles' /t 'REG_DWORD' /d '1' /f"
28. Disable enhanced notifications: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' /v 'DisableEnhancedNotifications' /t 'REG_DWORD' /d '1' /f"
29. Disable routine remediation: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'DisableRoutinelyTakingAction' /t 'REG_DWORD' /d '1' /f"
30. Disable Microsoft Defender Anti-Virus:
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'DisableAntiVirus' /t 'REG_DWORD' /d '1' /f"
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'DisableAntiSpyware' /t 'REG_DWORD' /d '1' /f"
31. Disable SpyNet: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet' /v 'SpyNetReporting' /t 'REG_DWORD' /d '0' /f"

Revert code

1. Enables SmartScreen in Microsoft Edge: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKCU\Software\Microsoft\Edge\SmartScreenEnabled' /v '(Default)' /t 'REG_DWORD' /d '1' /f"
2. Enables SmartScreen PUA protection in Microsoft Edge: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKCU\Software\Microsoft\Edge\SmartScreenPuaEnabled' /v '(Default)' /t 'REG_DWORD' /d '1' /f"
3. Normal priority for antimalware service:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender' /v 'AllowFastServiceStartup' /t 'REG_DWORD' /d '1' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'AllowFastServiceStartup' /t 'REG_DWORD' /d '1' /f"
4. THIS SCRIPT DOESN'T NEED REVERTING, AS IT IS ALREADY USING DEFAULT AND RECOMMENDED SETTINGS. THE COMMANDS ARE ONLY REPEATED TO ENSURE THAT THE OTHER SCRIPTS WORK PROPERLY
5. Enables files and programs monitoring:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' /v 'DisableOnAccessProtection' /t 'REG_DWORD' /d '0' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection' /v 'value' /t 'REG_DWORD' /d '1' /f"
6. Enable scanning of all downloaded files and attachments: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection' /v 'value' /t 'REG_DWORD' /d '1' /f"
7. Enable archive scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning' /v 'value' /t 'REG_DWORD' /d '1' /f"
8. Enable behavior monitoring:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring' /v 'value' /t 'REG_DWORD' /d '1' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "Set-MpPreference -DisableBehaviorMonitoring true"
9. Enable cloud protection:
   • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection' /v 'value' /t 'REG_DWORD' /d '1' /f"
   • PowerShell -ExecutionPolicy Unrestricted -Command "Set-MpPreference -SubmitSamplesConsent SendSafeSamples"
10. Enable email scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning' /v 'value' /t 'REG_DWORD' /d '1' /f"
11. Enable mapped drive scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives' /v 'value' /t 'REG_DWORD' /d '1' /f"
12. Enable removable device scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning' /v 'value' /t 'REG_DWORD' /d '1' /f"
13. Enable real-time monitoring: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring' /v 'value' /t 'REG_DWORD' /d '1' /f"
14. Enable network file scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles' /v 'value' /t 'REG_DWORD' /d '1' /f"
15. Enable script scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning' /v 'value' /t 'REG_DWORD' /d '1' /f"
16. Enable Virus and threat protection section in Windows Security: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess' /v 'value' /t 'REG_DWORD' /d '1' /f"
17. Enable signature update before scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan' /v 'value' /t 'REG_DWORD' /d '1' /f"
18. THIS IS DEFAULT SETTINGS, NOT RECOMMENDED TO CHANGE
19. Enable catch-up full scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan' /v 'value' /t 'REG_DWORD' /d '0' /f"
20. Enable catch-up quick scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan' /v 'value' /t 'REG_DWORD' /d '0' /f"
21. Enable controlled folder access: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess' /v 'value' /t 'REG_DWORD' /d '1' /f"
22. Normal-priority CPU scheduled scans:
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority' /v 'value' /t 'REG_DWORD' /d '0' /f"
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan' /v 'LowCpuPriority' /t 'REG_DWORD' /d '0' /f"
23. Enable prevention of users and apps from accessing dangerous websites: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection' /v 'value' /t 'REG_DWORD' /d '1' /f"
24. Enable scheduled full-scan: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter' /v 'value' /t 'REG_DWORD' /d '2' /f"
25. Enable scheduled scans:
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay' /v 'value' /t 'REG_DWORD' /d '0' /f"
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan' /v 'ScheduleDay' /t 'REG_DWORD' /d '1' /f"
26. Enable sample submitting: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent' /v 'value' /t 'REG_DWORD' /d '1' /f"
27. Enable network file scanning: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager' /v 'DisableScanningNetworkFiles' /t 'REG_DWORD' /d '0' /f"
28. Enable enhanced notifications: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' /v 'DisableEnhancedNotifications' /t 'REG_DWORD' /d '0' /f"
29. Enable routine remediation: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'DisableRoutinelyTakingAction' /t 'REG_DWORD' /d '0' /f"
30. Enable Microsoft Defender Anti-Virus:
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'DisableAntiVirus' /t 'REG_DWORD' /d '0' /f"
    • PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware' /v 'DisableAntiSpyware' /t 'REG_DWORD' /d '0' /f"
31. Enable SpyNet: PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet' /v 'SpyNetReporting' /t 'REG_DWORD' /d '1' /f"

Suggested category

No response

Recommendation level

None

Additional information

Most of these scripts, need to have "Tamper protection" off, as documented in official Microsoft website. (It can be turned on later by user, personal choice.) Note that this issue created, is an addition to the main project. Which means, no duplicate scripts compared to the main project. This feature request is only created to add "missing" values to registry and helping the main project scripts, work better (as intended). Again, all codes checked to prevent duplication in the main script. None of them are duplicate. SIDE NOTE 1 According to this, most of Windows Defender files are located in "C:\Program Files\Windows Defender" so maybe develop a script to purge that location? SIDE NOTE 2 I realized some services (!) are not disabled: MDCoreSvc WinDefend wscsvc SgrmAgent SgrmBroker Also they put some before/after pictures for their script: Before After The script: https://github.com/TairikuOokami/Windows/blob/main/Microsoft Defender Disable.bat Like I found some scripts to remove the "Shell Association" of Windows Defender, which AFAIK, isn't implemented in this project.

[femdiya]

@undergroundwires I need to shower.

[undergroundwires]

A lot of userful stuff @femdiya. Thank you for the research. I will release 0.13.6 first then focus on Defender.

One question is PolicyManager keys: HKLM\SOFTWARE\Microsoft\PolicyManager.. These are Intune MDM policies and apply only to remote managed devices such as work and school computers. If see the traditional policies for many of these take AllowRealtimeMonitoring for example. You provided PowerShell -ExecutionPolicy Unrestricted -Command "reg add 'HKLM\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring' /v 'value' /t 'REG_DWORD' /d '0' /f". But we already set GPO using Software\Policies\Microsoft\Windows Defender\Real-Time Protection and DisableRealtimeMonitoring value, see docs:

So I'm not sure if they provide any benefits if the traditional GPOs already being set. Otherwise, I will add all others 👍❤️ Thanks for great contribution.

[femdiya]

I see no problem adding them to the project. And yes, I know that some of keys are provided, we set them earlier in a different path. However, as I mentioned, my contribution only persist on completing this project. And there's no downside of using those codes, so why not?

[undergroundwires]

MDCoreSvc cannot be disabled anyway as a service due to permissions errors, alternative way is added see: https://github.com/undergroundwires/privacy.sexy/issues/385#issuecomment-2260606743, commit b40e46a209b1f025f391b091fe06f0a5bf0cdb9d.

[undergroundwires]

SgrmAgent and SgrmBroker belongs to System Guard. Should they really be disabled as part of Defender? Any justification?

https://learn.microsoft.com/en-us/windows/security/hardware-security/how-hardware-based-root-of-trust-helps-protect-windows

[femdiya]

Does disabling them brick the system or anything? Or any possible outcome?