PCEVA,PC绝对领域,探寻真正的电脑知识
开启左侧

GITHUB上的禁用和启用WIN10杀毒软件的批处理

[复制链接]
haierccc 发表于 2022-6-4 12:59 | 显示全部楼层 |阅读模式
点击数:2941|回复数:11
本帖最后由 haierccc 于 2022-6-4 18:29 编辑

如果你想临时禁用 Windows Defender(比如运行于虚拟机中的WIN10。)以提高响应速度,降低音频延迟,可以用此批处理。来自GITHUB。
注意:Windows Defender会发现此脚本并报告威胁,所以需要预先将其关闭,然后管理员权限运行,重启。


关闭Windows Defender.bat
  1. [url=home.php?mod=space&uid=128362]@echo[/url] OFF

  2.         ECHO.
  3.         ECHO Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.
  4.         ECHO This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,
  5.         pause

  6.         ECHO Disabling Windows Defender - restart required to see change:
  7.         REM from: https://pastebin.com/kYCVzZPz
  8.         REM Disable Tamper Protection First - on WIn10 vers which allow for this (not from 2004 onwards)
  9.         reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f

  10.         REM To disable System Guard Runtime Monitor Broker
  11.         REM reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f

  12.         REM To disable Windows Defender Security Center include this
  13.         REM reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f

  14.         REM 1 - Disable Real-time protection
  15.         reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
  16.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
  17.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
  18.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
  19.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
  20.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
  21.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
  22.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
  23.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
  24.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
  25.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
  26.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
  27.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
  28.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f

  29.         REM 0 - Disable Logging
  30.         reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
  31.         reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f

  32.         REM Disable WD Tasks
  33.         schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
  34.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
  35.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
  36.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
  37.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

  38.         REM Disable WD systray icon
  39.         reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
  40.         reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f

  41.         REM Remove WD context menu
  42.         reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
  43.         reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
  44.         reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f

  45.         REM Disable WD services
  46.         reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
  47.         reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
  48.         reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
  49.         reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
  50.         reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f

  51.         REM Disable Security system tray icon
  52.         reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
  53.         
  54.         ECHO Windows Defender has (hopefully) been disabled. Please restart your computer to see the change.
复制代码

开启Windows Defender.bat
  1. rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!

  2. rem https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps
  3. rem https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection
  4. rem https://github.com/AndyFul/ConfigureDefender
  5. rem https://github.com/AndyFul/Hard_Configurator

  6. reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
  7. reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "\"%windir%\system32\SecurityHealthSystray.exe\"" /f

  8. rem Restore WD shell
  9. reg add "HKLM\Software\Classes\*\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
  10. reg add "HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
  11. reg add "HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f

  12. rem Enable WD services
  13. reg add "HKLM\System\CurrentControlSet\Services\BFE" /v "Start" /t REG_DWORD /d "2" /f
  14. reg add "HKLM\System\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d "2" /f
  15. reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "2" /f
  16. reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f
  17. reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "2" /f
  18. reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "2" /f
  19. reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "2" /f
  20. reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "2" /f
  21. reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f
  22. rem 1 - Enable Logging
  23. reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "1" /f
  24. reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "1" /f

  25. rem Enable WD Tasks
  26. schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Enable
  27. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Enable
  28. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Enable
  29. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Enable
  30. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Enable

  31. rem CloudExtendedTimeout / 1 - 50 / block a suspicious file for up to 60 seconds (Default is 10)
  32. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "0" /f

  33. rem CloudBlockLevel / 0 - Default / 2 - High / 4 - High+ / 6 - Zero tolerance (block all unknown executables)
  34. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d "0" /f

  35. rem 1 - Potentially Unwanted Application protection (PUP) is enabled, the applications with unwanted behavior will be blocked at download and install-time
  36. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f

  37. rem Block at First Sight / 0 - Enable / 1 - Disable
  38. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "0" /f

  39. rem Cloud-based Protection / 0 - Disable / 1 - Basic / 2 - Advanced
  40. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "1" /f

  41. rem Send file samples when further analysis is required / 0 - Always prompt / 1 - Send safe samples automatically / 2 - Never send / 3 - Send all samples automatically
  42. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "1" /f

  43. reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "1" /f

  44. rem To prevent WD using too much CPU, add this file to the exclusion list:
  45. rem C:\Program Files\Windows Defender\MsMpEng.exe
  46. reg add "HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files\Windows Defender\MsMpEng.exe" /t REG_DWORD /d "0" /f

  47. shutdown /r
复制代码






红色狂想 发表于 2022-6-4 16:27 | 显示全部楼层
都已经手动关闭Windows Defender了,还运行这个脚本干啥?我倒是会在使用系统激活工具之前先建个目录添加到排除列表里,然后再把系统激活工具拷过去
604027672 发表于 2022-6-4 19:26 | 显示全部楼层
红色狂想 发表于 2022-6-4 16:27
都已经手动关闭Windows Defender了,还运行这个脚本干啥?我倒是会在使用系统激活工具之前先建个目录添加到 ...

京东有的店,一百多就能买到序列号了,真没必要用激活工具了。
我的WIN11就是在京东买的。
红色狂想 发表于 2022-6-4 20:53 | 显示全部楼层
604027672 发表于 2022-6-4 19:26
京东有的店,一百多就能买到序列号了,真没必要用激活工具了。
我的WIN11就是在京东买的。
...

我只用Windows Server 2019,而且要在几台机器上部署,重要长期不重装的就在X宝花10块钱完事儿,不太重要的比如虚拟机里的Windows就用激活工具了。
604027672 发表于 2022-6-4 22:12 | 显示全部楼层
红色狂想 发表于 2022-6-4 20:53
我只用Windows Server 2019,而且要在几台机器上部署,重要长期不重装的就在X宝花10块钱完事儿,不太重要 ...

你比我还省
固特异轮胎 发表于 2022-6-4 23:25 | 显示全部楼层
604027672 发表于 2022-6-4 19:26
京东有的店,一百多就能买到序列号了,真没必要用激活工具了。
我的WIN11就是在京东买的。
...

win11买的什么版本?我上网上找了个普通版安在虚拟机来,什么功能都没有,废物一个
604027672 发表于 2022-6-5 12:55 | 显示全部楼层
固特异轮胎 发表于 2022-6-4 23:25
win11买的什么版本?我上网上找了个普通版安在虚拟机来,什么功能都没有,废物一个
...

家庭版
红色狂想 发表于 2022-6-5 13:42 | 显示全部楼层

怎么不装企业版,与win11桌面版对应的服务器版应该就是server 2022吧?
604027672 发表于 2022-6-5 20:13 | 显示全部楼层
红色狂想 发表于 2022-6-5 13:42
怎么不装企业版,与win11桌面版对应的服务器版应该就是server 2022吧?  ...

我装那有啥用
固特异轮胎 发表于 2022-6-5 20:48 | 显示全部楼层

家庭版不行啊,什么功能都没有,我装的就是家庭版,好歹装个专业版啊,最起码功能是全的呀
红色狂想 发表于 2022-6-7 13:03 | 显示全部楼层

你要光斗个地主看看片儿确实没啥用
pphiuyt 发表于 2023-12-29 23:26 | 显示全部楼层
WIN SERVER 2022
C:\Users\Administrator\Desktop>ECHO Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.
Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.

C:\Users\Administrator\Desktop>ECHO This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,
This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部