首页帮助中心教程帮助

PE中禁用原系统Windows Defender脚本,禁用win10和WIN11自带杀毒软件WD的方法

迅恒数据中心
Windows自带的杀毒软件很多人不喜欢使用,我们怎么正确的禁用呢?
但想禁用它却并不容易,尤其是在进入桌面后的正在运行的状态下。
这里提供一个脚本,要求在PE环境中运行。
原理是在PE环境中离线加载C:盘Windows系统的注册表,直接修改注册表中有关WD的各项设置。
由于是在PE环境离线修改,原系统没法阻止我们对它的随意禁用。
@echo off
title  PE中禁用原系统Windows Defender脚本

echo 警告:本脚本仅适合在PE中操作使用!
echo 在PE中原系统如果显示的不是C盘,请先将本脚本中的C:改成正确的盘符
echo.
echo 按任意键继续,或直接关闭本窗口取消操作...
pause > nul

REM ; 在PE中挂载原系统的注册表
REM ; 如原系统在PE中显示的不是C盘,请将C:改成正确的盘符
reg load HKLM\SYSTEM2 C:\Windows\System32\config\system
reg load HKLM\SOFTWARE2 C:\Windows\System32\config\software
reg load HKLM\CU2 C:\Users\Default\ntuser.dat

REM ; 移除 Defender 和 Windows 安全服务
reg delete "HKLM\SYSTEM2\ControlSet001\Services\MsSecCore" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\wscsvc" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdNisDrv" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdNisSvc" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdFilter" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdBoot" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SgrmAgent" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SgrmBroker" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WinDefend" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection" /v "UILockdown" /t REG_DWORD /d "1" /f
REM ; 禁用设备驱动
reg add "HKLM\SOFTWARE2\Microsoft\Windows Defender\Real-Time Protection" /v "DisableAsyncScanOnOpen" /t REG_DWORD /d "1" /f
REM ; 禁用内核内缓解措施 In-kernel Mitigations
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\kernel" /v "MitigationAuditOptions" /t REG_BINARY /d "000000000000202200000000000000200000000000000000" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\kernel" /v "MitigationOptions" /t REG_BINARY /d "002222202220222220000000002000200000000000000000" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\kernel" /v "KernelSEHOPEnabled" /t REG_DWORD /d "0" /f
REM ; 禁用Spectre熔毁缓解措施
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettings" /t REG_DWORD /d "1" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "3" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t REG_DWORD /d "3" /f
REM ; 禁用服务缓解
reg add "HKLM\SOFTWARE2\Microsoft\FTH" /v "Enabled" /t REG_DWORD /d "0" /f
REM ; 禁用 UAC
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d "1" /f

REM ; 关闭实时防护
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableAsyncScanOnOpen" /t REG_DWORD /d "1" /f
REM ; 移除 Defender 和 Windows 安全相关服务
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SecurityHealthService" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender Security Center\App and Browser protection" /v "DisallowExploitProtectionOverride" /t REG_DWORD /d "1" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\MsSecFlt" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\MsSecWfp" /f
REM ; 强制禁用 Windows Defender 反病毒策略
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "value" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "PUAProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "DisableLocalAdminMerge" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "RandomizeScheduleTaskTimes" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowCloudProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowEmailScanning" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowScriptScanning" /v "value" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor" /v "value" /t REG_DWORD /d "50" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\CloudBlockLevel" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\CloudExtendedTimeout" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\PUAProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\ScanParameter" /v "value" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\ScheduleScanDay" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\ScheduleScanTime" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval" /v "value" /t REG_DWORD /d "24" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "EnableFileHashComputation" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "ThrottleDetectionEventsRate" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "DisableSignatureRetirement" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "DisableProtocolRecognition" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableOnAccessProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideRealtimeScanDirection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableIOAVProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableBehaviorMonitoring" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableIntrusionPreventionSystem" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableRealtimeMonitoring" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "RealtimeScanDirection" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "IOAVMaxSize" /t REG_DWORD /d "1298" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableInformationProtectionControl" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableIntrusionPreventionSystem" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableRawWriteNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "LowCpuPriority" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableEmailScanning" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableHeuristics" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableReparsePointScanning" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureDisableNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "RealtimeSignatureDelivery" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableScheduledSignatureUpdateOnBattery" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t REG_DWORD /d "5184" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableScanOnUpdate" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\UX Configuration" /v "SuppressRebootNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection" /v "EnableNetworkProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\WOW6432Node\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Microsoft Antimalware" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Microsoft Antimalware\SpyNet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Microsoft Antimalware\SpyNet" /v "LocalSettingOverrideSpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingComponents" /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d "0" /f
REM ; 禁用杀毒
REM ; 禁止覆盖实时保护设置
REM ; 禁用 Windows Defender 安全中心通知
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableEnhancedNotifications" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableNotifications" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideWindowsSecurityNotificationAreaControl" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Security Center" /f
reg add "HKLM\SOFTWARE2\Microsoft\Security Center" /v "FirstRunDisabled" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\Security Center" /v "AntiVirusOverride" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\Security Center" /v "FirewallOverride" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f

reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
REM ; Defender 日志
reg delete "HKLM\SYSTEM2\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Control\WMI\Autologger\DefenderApiLogger" /f
REM ; 清除 Defender 任务计划
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACC9108-2000-46C0-8407-5FD9F89521E8}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D77BCC8-1D07-42D0-8C89-3A98674DFB6F}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9233DB-A7D3-45D6-B476-8C7D8DF73EB5}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B05F34EE-83F2-413D-BC1D-7D5BD6E98300}" /f
REM ; 移除右键关联菜单中的杀毒扫描菜单项
reg delete "HKLM\SOFTWARE2\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows Defender" /f
reg delete "HKLM\SOFTWARE2\Classes\Folder\shell\WindowsDefender" /f
reg delete "HKLM\SOFTWARE2\Classes\DesktopBackground\Shell\WindowsSecurity" /f
reg delete "HKLM\SOFTWARE2\Classes\Folder\shell\WindowsDefender\Command" /f

reg delete "HKLM\CU2\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\windowsdefender" /f
reg delete "HKLM\CU2\Software\Classes\ms-cxh" /f
reg delete "HKLM\CU2\Software\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0" /f
reg delete "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f
reg delete "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
reg add "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f

reg delete "HKLM\SOFTWARE2\Classes\AppUserModelId\Windows.Defender" /f
reg delete "HKLM\SOFTWARE2\Classes\AppUserModelId\Microsoft.Windows.Defender" /f
reg delete "HKLM\SOFTWARE2\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0" /f
reg delete "HKLM\SOFTWARE2\Classes\Local Settings\MrtCache\C:%%5CWindows%%5CSystemApps%%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%%5Cresources.pri" /f
reg delete "HKLM\SOFTWARE2\Classes\WindowsDefender" /f
reg delete "HKLM\SOFTWARE2\Classes\WindowsDefender" /f
REM ; 移除外壳关联
reg delete "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /v "CriticalMaintenance_DefenderCleanup" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /v "CriticalMaintenance_DefenderVerification" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-1" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-2" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-3" /f
reg add "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /f
REM ; 禁用 Windows Defender 签名更新
REM ; 移除 Defender 启动项
reg add "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /f

reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
REM ; 移除 Web 防护
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Run" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatExperienceManager.ThreatExperienceManager" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatResponseEngine.ThreatDecisionEngine" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings" /f
REM ; 隐藏 Windows 设置页面中的 Defender
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;" /f

reg unload HKLM\SYSTEM2
reg unload HKLM\SOFTWARE2

echo 警告:计算机即将重启!
echo.
echo 按任意键重启,或直接关闭本窗口取消重启...
pause > nul

REM 重启计算机
shutdown /r /t 0

直接脚本下载:
PE中禁用原系统WD脚本.rar
4b8fa037828abfec5e6880fade54f5ce.rar (3.88 KB)

分类:教程帮助 百度收录 必应收录

文章来源: 网络小编D
版权声明: 本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,请联系本站立刻删除。

上一篇WIN11关闭内存完整性和关闭VBS基于虚拟化的安全

下一篇UWF图形界面,UWF管理工具,统一写入筛选器图形界面,统一写入筛选器管理工具软件UWFPRO V2.0

最新图文