Skip to content

Commit 401006d

Browse files
melo936melo936
committed
Improved defender scripts
- no more EventLog spams when disabling smartscreen - notifications not working after enabling defender
1 parent 5ef31c3 commit 401006d

File tree

2 files changed

+53
-34
lines changed

2 files changed

+53
-34
lines changed

additionals/DisableWD.bat

Lines changed: 31 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,43 @@
11
@echo off
2+
set "services=HKLM\SYSTEM\ControlSet001\Services"
23
::Windows Defender
3-
reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
4-
reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
5-
reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
6-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
7-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
8-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
9-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
10-
reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
11-
reg add "HKLM\SYSTEM\ControlSet001\Services\wscsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
4+
reg add "%services%\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
5+
reg add "%services%\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
6+
reg add "%services%\Sense" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
7+
reg add "%services%\WdBoot" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
8+
reg add "%services%\WdFilter" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
9+
reg add "%services%\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
10+
reg add "%services%\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
11+
reg add "%services%\WinDefend" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
12+
reg add "%services%\wscsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
1213
::WindowsSystemTray
1314
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f >NUL 2>nul
1415
::System Guard
15-
reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
16-
reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
16+
reg add "%services%\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
17+
reg add "%services%\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
1718
::WebThreatDefSvc
18-
reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
19-
reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
20-
for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
19+
reg add "%services%\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
20+
reg add "%services%\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
21+
for /f %%i in ('reg query "%services%" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
2122
reg add "%%i" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
2223
)
2324
::
24-
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f >NUL 2>nul
25-
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "6152" /f >NUL 2>nul
26-
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f >NUL 2>nul
27-
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f >NUL 2>nul
28-
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f >NUL 2>nul
25+
::reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f >NUL 2>nul
26+
taskkill /f /im smartscreen.exe >NUL 2>nul
27+
for %%j in (
28+
"%systemroot%\system32\smartscreen.exe"
29+
) do (
30+
if not exist "%%j.revi" if exist %%j (
31+
takeown /F %%j /A >NUL 2>nul
32+
icacls %%j /grant Administrators:F >NUL 2>nul
33+
xcopy "%%j" "%%j.revi" >NUL 2>nul
34+
del "%%j" >NUL 2>nul
35+
)
36+
)
37+
:: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "6152" /f >NUL 2>nul
38+
:: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f >NUL 2>nul
39+
:: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f >NUL 2>nul
40+
:: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f >NUL 2>nul
2941
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f >NUL 2>nul
3042
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f >NUL 2>nul
3143
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_DWORD /d "0" /f >NUL 2>nul

additionals/EnableWD.bat

Lines changed: 22 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,36 @@
11
@echo off
2+
set "services=HKLM\SYSTEM\ControlSet001\Services"
23
::Windows Defender
3-
reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
4-
reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
5-
reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
6-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
7-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
8-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
9-
reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
10-
reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
11-
reg add "HKLM\SYSTEM\ControlSet001\Services\wscsvc" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
4+
reg add "%services%\MsSecFlt" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
5+
reg add "%services%\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
6+
reg add "%services%\Sense" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
7+
reg add "%services%\WdBoot" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
8+
reg add "%services%\WdFilter" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
9+
reg add "%services%\WdNisDrv" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
10+
reg add "%services%\WdNisSvc" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
11+
reg add "%services%\WinDefend" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
12+
reg add "%services%\wscsvc" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
1213
::WindowsSystemTray
1314
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "%systemroot%\system32\SecurityHealthSystray.exe" /f >NUL 2>nul
1415
::SystemGuard
15-
reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
16-
reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
16+
reg add "%services%\SgrmAgent" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
17+
reg add "%services%\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
1718
::WebThreatDefSvc
18-
reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
19-
reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
20-
for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
19+
reg add "%services%\webthreatdefsvc" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
20+
reg add "%services%\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
21+
for /f %%i in ('reg query "%services%" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
2122
reg add "%%i" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
2223
)
2324
::
2425
reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /f >NUL 2>nul
26+
for %%j in (
27+
"%systemroot%\system32\smartscreen.exe"
28+
) do (
29+
if not exist %%j if exist "%%j.revi" ren "%%j.revi" "smartscreen.exe" >NUL 2>nul
30+
)
2531
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f >NUL 2>nul
2632
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "On" /f >NUL 2>nul
27-
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /f >NUL 2>nul
33+
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f >NUL 2>nul
2834
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates" /f >NUL 2>nul
35+
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center" /f >NUL 2>nul
2936
goto :EOF

0 commit comments

Comments
 (0)