GITHUB上的禁用和启用WIN10杀毒软件的批处理

如果你想临时禁用 Windows Defender（比如运行于虚拟机中的WIN10。）以提高响应速度，降低音频延迟，可以用此批处理。来自GITHUB。
注意：Windows Defender会发现此脚本并报告威胁，所以需要预先将其关闭，然后管理员权限运行，重启。


关闭Windows Defender.bat

1. [url=home.php?mod=space&uid=128362]@echo[/url] OFF
   
2. 
   
3.         ECHO.
   
4.         ECHO Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.
   
5.         ECHO This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,
   
6.         pause
   
7. 
   
8.         ECHO Disabling Windows Defender - restart required to see change:
   
9.         REM from: https://pastebin.com/kYCVzZPz
   
10.         REM Disable Tamper Protection First - on WIn10 vers which allow for this (not from 2004 onwards)
    
11.         reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f
    
12. 
    
13.         REM To disable System Guard Runtime Monitor Broker
    
14.         REM reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f
    
15. 
    
16.         REM To disable Windows Defender Security Center include this
    
17.         REM reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
    
18. 
    
19.         REM 1 - Disable Real-time protection
    
20.         reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
    
21.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    
22.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
    
23.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
    
24.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
    
25.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
    
26.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
    
27.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    
28.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
    
29.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
    
30.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
    
31.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
    
32.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
    
33.         reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
    
34. 
    
35.         REM 0 - Disable Logging
    
36.         reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
    
37.         reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
    
38. 
    
39.         REM Disable WD Tasks
    
40.         schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
    
41.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
    
42.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
    
43.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
    
44.         schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
    
45. 
    
46.         REM Disable WD systray icon
    
47.         reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
    
48.         reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    
49. 
    
50.         REM Remove WD context menu
    
51.         reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
    
52.         reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
    
53.         reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
    
54. 
    
55.         REM Disable WD services
    
56.         reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
    
57.         reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
    
58.         reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
    
59.         reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
    
60.         reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
    
61. 
    
62.         REM Disable Security system tray icon
    
63.         reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f
    
64.         
    
65.         ECHO Windows Defender has (hopefully) been disabled. Please restart your computer to see the change.

复制代码

开启Windows Defender.bat

1. rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
   
2. 
   
3. rem https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps
   
4. rem https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection
   
5. rem https://github.com/AndyFul/ConfigureDefender
   
6. rem https://github.com/AndyFul/Hard_Configurator
   
7. 
   
8. reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
   
9. reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "\"%windir%\system32\SecurityHealthSystray.exe\"" /f
   
10. 
    
11. rem Restore WD shell
    
12. reg add "HKLM\Software\Classes\*\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
    
13. reg add "HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
    
14. reg add "HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\EPP" /ve /t REG_SZ /d "{09A47860-11B0-4DA5-AFA5-26D86198A780}" /f
    
15. 
    
16. rem Enable WD services
    
17. reg add "HKLM\System\CurrentControlSet\Services\BFE" /v "Start" /t REG_DWORD /d "2" /f
    
18. reg add "HKLM\System\CurrentControlSet\Services\MpsSvc" /v "Start" /t REG_DWORD /d "2" /f
    
19. reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "2" /f
    
20. reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f
    
21. reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "2" /f
    
22. reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "2" /f
    
23. reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "2" /f
    
24. reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "2" /f
    
25. reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f
    
26. rem 1 - Enable Logging
    
27. reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "1" /f
    
28. reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "1" /f
    
29. 
    
30. rem Enable WD Tasks
    
31. schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Enable
    
32. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Enable
    
33. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Enable
    
34. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Enable
    
35. schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Enable
    
36. 
    
37. rem CloudExtendedTimeout / 1 - 50 / block a suspicious file for up to 60 seconds (Default is 10)
    
38. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "0" /f
    
39. 
    
40. rem CloudBlockLevel / 0 - Default / 2 - High / 4 - High+ / 6 - Zero tolerance (block all unknown executables)
    
41. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d "0" /f
    
42. 
    
43. rem 1 - Potentially Unwanted Application protection (PUP) is enabled, the applications with unwanted behavior will be blocked at download and install-time
    
44. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f
    
45. 
    
46. rem Block at First Sight / 0 - Enable / 1 - Disable
    
47. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "0" /f
    
48. 
    
49. rem Cloud-based Protection / 0 - Disable / 1 - Basic / 2 - Advanced
    
50. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "1" /f
    
51. 
    
52. rem Send file samples when further analysis is required / 0 - Always prompt / 1 - Send safe samples automatically / 2 - Never send / 3 - Send all samples automatically
    
53. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "1" /f
    
54. 
    
55. reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "1" /f
    
56. 
    
57. rem To prevent WD using too much CPU, add this file to the exclusion list:
    
58. rem C:\Program Files\Windows Defender\MsMpEng.exe
    
59. reg add "HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths" /v "C:\Program Files\Windows Defender\MsMpEng.exe" /t REG_DWORD /d "0" /f
    
60. 
    
61. shutdown /r

复制代码

都已经手动关闭Windows Defender了，还运行这个脚本干啥？我倒是会在使用系统激活工具之前先建个目录添加到排除列表里，然后再把系统激活工具拷过去

红色狂想 发表于 2022-6-4 16:27
都已经手动关闭Windows Defender了，还运行这个脚本干啥？我倒是会在使用系统激活工具之前先建个目录添加到 ...

京东有的店，一百多就能买到序列号了，真没必要用激活工具了。
我的WIN11就是在京东买的。

604027672 发表于 2022-6-4 19:26
京东有的店，一百多就能买到序列号了，真没必要用激活工具了。
我的WIN11就是在京东买的。
...

我只用Windows Server 2019，而且要在几台机器上部署，重要长期不重装的就在X宝花10块钱完事儿，不太重要的比如虚拟机里的Windows就用激活工具了。

红色狂想 发表于 2022-6-4 20:53
我只用Windows Server 2019，而且要在几台机器上部署，重要长期不重装的就在X宝花10块钱完事儿，不太重要 ...

你比我还省

604027672 发表于 2022-6-4 19:26
京东有的店，一百多就能买到序列号了，真没必要用激活工具了。
我的WIN11就是在京东买的。
...

win11买的什么版本？我上网上找了个普通版安在虚拟机来，什么功能都没有，废物一个

固特异轮胎 发表于 2022-6-4 23:25
win11买的什么版本？我上网上找了个普通版安在虚拟机来，什么功能都没有，废物一个
...

家庭版

604027672 发表于 2022-6-5 12:55
家庭版

怎么不装企业版，与win11桌面版对应的服务器版应该就是server 2022吧？

红色狂想 发表于 2022-6-5 13:42
怎么不装企业版，与win11桌面版对应的服务器版应该就是server 2022吧？  ...

我装那有啥用

604027672 发表于 2022-6-5 12:55
家庭版

家庭版不行啊，什么功能都没有，我装的就是家庭版，好歹装个专业版啊，最起码功能是全的呀

604027672 发表于 2022-6-5 20:13
我装那有啥用

你要光斗个地主看看片儿确实没啥用

WIN SERVER 2022
C:\Users\Administrator\Desktop>ECHO Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.
Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled.

C:\Users\Administrator\Desktop>ECHO This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,
This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then,