Skip to content

Commit 6205546

Browse files
melo936melo936
committed
defender autologgers
1 parent e77c6bb commit 6205546

File tree

2 files changed

+12
-4
lines changed

2 files changed

+12
-4
lines changed

additionals/DisableWD.bat

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
@echo off
2-
set "services=HKLM\SYSTEM\ControlSet001\Services"
2+
set "controlset=HKLM\SYSTEM\ControlSet001"
3+
set "services=%controlset%\Services"
34
PowerShell -NonInteractive -NoLogo -NoProfile -C "Set-MpPreference -DisableRealtimeMonitoring 1" >NUL 2>nul
45
::Windows Defender
56
reg add "%services%\MsSecCore" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
@@ -55,13 +56,17 @@ reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebCo
5556
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f >NUL 2>nul
5657

5758
::Smart App Control - Disabling it fixes slow app loading issues on 11+
58-
reg add "HKLM\SYSTEM\ControlSet001\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d "0" /f >NUL 2>nul
59+
reg add "%controlset%\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d "0" /f >NUL 2>nul
5960

6061
::Configure detection for potentially unwanted applications - Disabled
6162
reg add "HKLM\Software\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d "0" /f >NUL 2>nul
6263

6364
::Device Security
64-
reg add "HKLM\SYSTEM\ControlSet001\Control\CI\Config" /v "VulnerableDriverBlocklistEnable" /t REG_DWORD /d "0" /f >NUL 2>nul
65-
reg add "HKLM\SYSTEM\ControlSet001\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d "0" /f >NUL 2>nul
65+
reg add "%controlset%\Control\CI\Config" /v "VulnerableDriverBlocklistEnable" /t REG_DWORD /d "0" /f >NUL 2>nul
66+
reg add "%controlset%\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d "0" /f >NUL 2>nul
67+
68+
::Disable Autologgers (they still run even if the services are disabled)
69+
reg add "%controlset%\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
70+
reg add "%controlset%\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
6671

6772
goto :EOF

additionals/EnableWD.bat

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,5 +56,8 @@ reg add "HKLM\Software\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWO
5656
reg delete "HKLM\SYSTEM\ControlSet001\Control\CI\Config" /v "VulnerableDriverBlocklistEnable" /f >NUL 2>nul
5757
reg delete "HKLM\SYSTEM\ControlSet001\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /f >NUL 2>nul
5858

59+
::Revert Autologgers
60+
reg add "%controlset%\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "1" /f >NUL 2>nul
61+
reg add "%controlset%\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "1" /f >NUL 2>nul
5962

6063
goto :EOF

0 commit comments

Comments
 (0)