| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
windows_10 [2020/06/13 17:31]
ww |
windows_10 [2022/03/16 09:38] (current)
|
| [[https://github.com/SCConfigMgr/ConfigMgr/blob/master/Operating%20System%20Deployment/Invoke-RemoveBuiltinApps.ps1|GitHub]] | [[https://github.com/SCConfigMgr/ConfigMgr/blob/master/Operating%20System%20Deployment/Invoke-RemoveBuiltinApps.ps1|GitHub]] |
| |
| | |
| | ---- |
| | |
| | ===== Deaktivace Defenderu (platné k Win10 2004) ===== |
| | |
| | **Nejdříve nutno vypnout Tamper Protection.** |
| | |
| | <code winbatch> |
| | rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! |
| | |
| | rem Disable Tamper Protection First !!!!! |
| | rem https://www.tenforums.com/tutorials/123792-turn-off-tamper-protection-windows-defender-antivirus.html |
| | reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f |
| | |
| | rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference |
| | rem https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290 |
| | |
| | rem Exclusion in WD can be easily set with an elevated cmd, so that makes it super easy to damage any pc. |
| | rem WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="xxxxxx |
| | |
| | rem To disable System Guard Runtime Monitor Broker |
| | rem reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f |
| | |
| | rem To disable Windows Defender Security Center include this |
| | rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f |
| | |
| | rem 1 - Disable Real-time protection |
| | reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f |
| | reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f |
| | |
| | rem 0 - Disable Logging |
| | reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f |
| | reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f |
| | |
| | rem Disable WD Tasks |
| | schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable |
| | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable |
| | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable |
| | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable |
| | schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable |
| | |
| | rem Disable WD systray icon |
| | reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f |
| | reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f |
| | |
| | rem Remove WD context menu |
| | reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f |
| | reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f |
| | reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f |
| | |
| | rem Disable WD services |
| | reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f |
| | reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f |
| | reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f |
| | reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f |
| | reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f |
| | |
| | rem Run twice to disable WD services !!!!! |
| | |
| | pause |
| | </code> |
| |
| ---- | ---- |
| * Přidat Úplné řízení. | * Přidat Úplné řízení. |
| * Upravit Attributes, změnit hodnotu 20040000 na 700100120. | * Upravit Attributes, změnit hodnotu 20040000 na 700100120. |
| | |
| | Vytažení zástupce na Poslední složky do Průzkumníka: |
| | Start > Spustit > shell:::{22877a6d-37a1-461a-91b0-dbda5aaebc99} |
| | A pak vytáhnout myší složku do "Rychlý přístup" vlevo |
| |
| ---- | ---- |
