一、关闭安全功能对性能的影响
减少实时资源占用
注册表文件中禁用了Windows Defender实时防护(DisableAsyncScanOnOpen)、SmartScreen文件扫描、漏洞驱动阻止列表(VulnerableDriverBlocklistEnable)等功能。
这些安全机制通常会在文件打开、程序启动时进行扫描,关闭后可减少CPU和磁盘I/O的瞬时占用,从而缓解文件资源管理器卡顿或程序启动延迟。
降低内存和内核负担
禁用虚拟化安全(VBS)、内核隔离(MitigationOptions)和内存完整性保护(HypervisorEnforcedCodeIntegrity)会释放被安全机制占用的内存,减少系统服务的后台负载。
例如,VBS需要专用内存区域(如Credential Guard),关闭后可释放这部分资源。
优化系统响应
关闭用户账户控制(UAC)和部分安全策略(如RunAsPPL)能减少权限验证的等待时间,提升操作流畅度。
二、实际效果与局限性
卡顿改善的适用场景
若卡顿主要由安全组件的实时扫描引起(如打开含大量文件的文件夹、运行未签名程序),此类优化会较明显。例如,网页1提到修改FolderType键值可加快文件夹加载速度,而禁用Defender扫描进一步减少干扰。
但若卡顿源于硬件性能不足(如机械硬盘、内存≤8GB),关闭安全功能的效果可能有限,需配合硬件升级。
潜在风险与副作用
安全防护降级:禁用Defender、SmartScreen等会增加恶意软件感染风险,尤其在访问不明文件或网站时。
系统稳定性问题:例如关闭虚拟化安全(VBS)可能导致依赖该技术的应用(如某些游戏反作弊系统)无法运行。
功能缺失:禁用UAC后,部分需要管理员权限的操作可能无法正常触发提示,增加误操作风险。
三、替代优化建议
若希望平衡性能与安全性,可参考以下方案:
针对性关闭高负载功能
仅禁用对当前场景影响较大的安全组件(如保留Defender但关闭实时扫描),而非全部关闭。
清理无效注册表项
使用CCleaner等工具清理残留无效键值(如已卸载程序的注册表信息),避免注册表臃肿拖慢系统。
硬件与系统设置优化
升级SSD、增加内存,或关闭透明效果/动画(通过性能选项调整),这些改动更安全且效果显著。
总结
您的注册表修改可能缓解由安全组件引起的卡顿,尤其在文件操作、多任务场景下。然而,全面禁用安全措施会显著增加系统风险。建议:
优先关闭已验证对当前使用场景影响较大的功能(如文件夹扫描),而非“一刀切”禁用所有防护。
结合硬件升级(如更换SSD)和系统优化(清理启动项、关闭动画),实现更安全的性能提升。
操作前备份注册表,以便出现兼容性问题时快速恢复。
具体的优化注册表项如下:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection]
"DisableAsyncScanOnOpen"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
"everyoneincludesanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"SCENoApplyLegacyAuditPolicy"=dword:00000000
"LsaConfigFlags"=dword:00000000
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000
"LmCompatibilityLevel"=-
; 禁用Windows安全应用程序中维护任务的报告
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health]
[HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health\State]
"Disabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health\Platform]
"Registered"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]
"VulnerableDriverBlocklistEnable"=dword:00000000
; 禁用Edge中的SmartScreen
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter]
"EnabledV9"=dword:00000000
"PreventOverride"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Edge]
"SmartScreenEnabled"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled]
@=dword:00000000
; 禁用文件资源管理器和Windows Shell中的SmartScreen
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="off"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000
"ShellSmartScreenLevel"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableSmartScreenInShell]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableAppInstallControl]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\PreventOverrideForFilesInShell]
"value"=dword:00000000
; 禁用微软应用商店的SmartScreen
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000000
"PreventOverride"=dword:00000000
; 配置应用程序安装控制
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"="Anywhere"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001
"LocalSettingOverrideSpynetReporting"=dword:00000000
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet]
"SpyNetReporting"=dword:00000000
"LocalSettingOverrideSpyNetReporting"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsMitigation]
"UserPreference"=dword:00000002
; 内核内缓解措施
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00
"MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00
"KernelSEHOPEnabled"=dword:00000000
; 禁用 Spectre & Meltdown Mitigations
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettings"=dword:00000001
"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003
; 服务缓解措施
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig]
"EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00
; 移除Defender的防篡改保护
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00
"TamperProtectionSource"=dword:00000000
"MpCapability"=hex:00,00,00,00,00,00,00,00
"TamperProtection"=dword:00000000
; 关闭UAC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000000
"FilterAdministratorToken"=dword:00000001
"LocalAccountTokenFilterPolicy"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000001
"EnableSecureUIAPaths"=dword:00000000
"DelayedDesktopSwitchTimemout"=dword:00000000
"PromptOnSecureDesktop"=dword:00000000
; 修复鼠标光标消失的问题
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableCursorSuppression"=dword:00000000
; 重置虚拟化设置的值
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology]
; 禁用基于虚拟化的安全性
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"EnableVirtualizationBasedSecurity"=dword:00000000
"HypervisorEnforcedCodeIntegrity"=dword:00000000
"HVCIMATRequired"=dword:00000000
"LsaCfgFlags"=dword:00000000
"ConfigureSystemGuardLaunch"=dword:00000002
"RequirePlatformSecurityFeature"=dword:00000000
"CachedDrtmAuthIndex"=dword:00000000
"RequireMicrosoftSignedBootChain"=dword:00000001
"Locked"=dword:00000000
"RequirePlatformSecurityFeatures"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000
"Locked"=dword:00000000
"WasEnabledBy"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\HypervisorEnforcedCodeIntegrity]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\EnableVirtualizationBasedSecurity]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\ConfigureSystemGuardLaunch]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\LsaCfgFlags]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\RequirePlatformSecurityFeatures]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\RequireUEFIMemoryAttributesTable]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"DeployConfigCIPolicy"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_Rules"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears]
"HeartbeatTrackingIndex"=dword:00000000
"SpyNetReportingLocation"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"EnableASRConsumers"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"Enabled"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyPasswordReuse"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyMalicious"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp]
[-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WebThreatDefSvc_Allow_In"=-
"WebThreatDefSvc_Allow_Out"=-
"WebThreatDefSvc_Block_In"=-
"WebThreatDefSvc_Block_Out"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=-
"72e33e44-dc4c-40c5-a688-a77b6e988c69"=-
"b23879b5-1ef3-45b7-8933-554a4303d2f3"=-
减少实时资源占用
注册表文件中禁用了Windows Defender实时防护(DisableAsyncScanOnOpen)、SmartScreen文件扫描、漏洞驱动阻止列表(VulnerableDriverBlocklistEnable)等功能。
这些安全机制通常会在文件打开、程序启动时进行扫描,关闭后可减少CPU和磁盘I/O的瞬时占用,从而缓解文件资源管理器卡顿或程序启动延迟。
降低内存和内核负担
禁用虚拟化安全(VBS)、内核隔离(MitigationOptions)和内存完整性保护(HypervisorEnforcedCodeIntegrity)会释放被安全机制占用的内存,减少系统服务的后台负载。
例如,VBS需要专用内存区域(如Credential Guard),关闭后可释放这部分资源。
优化系统响应
关闭用户账户控制(UAC)和部分安全策略(如RunAsPPL)能减少权限验证的等待时间,提升操作流畅度。
二、实际效果与局限性
卡顿改善的适用场景
若卡顿主要由安全组件的实时扫描引起(如打开含大量文件的文件夹、运行未签名程序),此类优化会较明显。例如,网页1提到修改FolderType键值可加快文件夹加载速度,而禁用Defender扫描进一步减少干扰。
但若卡顿源于硬件性能不足(如机械硬盘、内存≤8GB),关闭安全功能的效果可能有限,需配合硬件升级。
潜在风险与副作用
安全防护降级:禁用Defender、SmartScreen等会增加恶意软件感染风险,尤其在访问不明文件或网站时。
系统稳定性问题:例如关闭虚拟化安全(VBS)可能导致依赖该技术的应用(如某些游戏反作弊系统)无法运行。
功能缺失:禁用UAC后,部分需要管理员权限的操作可能无法正常触发提示,增加误操作风险。
三、替代优化建议
若希望平衡性能与安全性,可参考以下方案:
针对性关闭高负载功能
仅禁用对当前场景影响较大的安全组件(如保留Defender但关闭实时扫描),而非全部关闭。
清理无效注册表项
使用CCleaner等工具清理残留无效键值(如已卸载程序的注册表信息),避免注册表臃肿拖慢系统。
硬件与系统设置优化
升级SSD、增加内存,或关闭透明效果/动画(通过性能选项调整),这些改动更安全且效果显著。
总结
您的注册表修改可能缓解由安全组件引起的卡顿,尤其在文件操作、多任务场景下。然而,全面禁用安全措施会显著增加系统风险。建议:
优先关闭已验证对当前使用场景影响较大的功能(如文件夹扫描),而非“一刀切”禁用所有防护。
结合硬件升级(如更换SSD)和系统优化(清理启动项、关闭动画),实现更安全的性能提升。
操作前备份注册表,以便出现兼容性问题时快速恢复。
具体的优化注册表项如下:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection]
"DisableAsyncScanOnOpen"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
"everyoneincludesanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"SCENoApplyLegacyAuditPolicy"=dword:00000000
"LsaConfigFlags"=dword:00000000
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000
"LmCompatibilityLevel"=-
; 禁用Windows安全应用程序中维护任务的报告
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health]
[HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health\State]
"Disabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health\Platform]
"Registered"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]
"VulnerableDriverBlocklistEnable"=dword:00000000
; 禁用Edge中的SmartScreen
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter]
"EnabledV9"=dword:00000000
"PreventOverride"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Edge]
"SmartScreenEnabled"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled]
@=dword:00000000
; 禁用文件资源管理器和Windows Shell中的SmartScreen
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="off"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000
"ShellSmartScreenLevel"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableSmartScreenInShell]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableAppInstallControl]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\PreventOverrideForFilesInShell]
"value"=dword:00000000
; 禁用微软应用商店的SmartScreen
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000000
"PreventOverride"=dword:00000000
; 配置应用程序安装控制
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"="Anywhere"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001
"LocalSettingOverrideSpynetReporting"=dword:00000000
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet]
"SpyNetReporting"=dword:00000000
"LocalSettingOverrideSpyNetReporting"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsMitigation]
"UserPreference"=dword:00000002
; 内核内缓解措施
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00
"MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00
"KernelSEHOPEnabled"=dword:00000000
; 禁用 Spectre & Meltdown Mitigations
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettings"=dword:00000001
"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003
; 服务缓解措施
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig]
"EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00
; 移除Defender的防篡改保护
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00
"TamperProtectionSource"=dword:00000000
"MpCapability"=hex:00,00,00,00,00,00,00,00
"TamperProtection"=dword:00000000
; 关闭UAC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000000
"FilterAdministratorToken"=dword:00000001
"LocalAccountTokenFilterPolicy"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000001
"EnableSecureUIAPaths"=dword:00000000
"DelayedDesktopSwitchTimemout"=dword:00000000
"PromptOnSecureDesktop"=dword:00000000
; 修复鼠标光标消失的问题
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableCursorSuppression"=dword:00000000
; 重置虚拟化设置的值
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology]
; 禁用基于虚拟化的安全性
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"EnableVirtualizationBasedSecurity"=dword:00000000
"HypervisorEnforcedCodeIntegrity"=dword:00000000
"HVCIMATRequired"=dword:00000000
"LsaCfgFlags"=dword:00000000
"ConfigureSystemGuardLaunch"=dword:00000002
"RequirePlatformSecurityFeature"=dword:00000000
"CachedDrtmAuthIndex"=dword:00000000
"RequireMicrosoftSignedBootChain"=dword:00000001
"Locked"=dword:00000000
"RequirePlatformSecurityFeatures"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000
"Locked"=dword:00000000
"WasEnabledBy"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\HypervisorEnforcedCodeIntegrity]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\EnableVirtualizationBasedSecurity]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\ConfigureSystemGuardLaunch]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\LsaCfgFlags]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\RequirePlatformSecurityFeatures]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\RequireUEFIMemoryAttributesTable]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"DeployConfigCIPolicy"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_Rules"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears]
"HeartbeatTrackingIndex"=dword:00000000
"SpyNetReportingLocation"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"EnableASRConsumers"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"Enabled"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyPasswordReuse"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyMalicious"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp]
[-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WebThreatDefSvc_Allow_In"=-
"WebThreatDefSvc_Allow_Out"=-
"WebThreatDefSvc_Block_In"=-
"WebThreatDefSvc_Block_Out"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=-
"72e33e44-dc4c-40c5-a688-a77b6e988c69"=-
"b23879b5-1ef3-45b7-8933-554a4303d2f3"=-
文章来源:
网络小编D
版权声明:
本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,请联系本站立刻删除。
