关闭所有的安全缓解措施-卡顿元凶

fulibo

Windows Registry Editor Version 5.00
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableDevDriveProtection.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection]
"DisableAsyncScanOnOpen"=dword:00000001
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableLSAProtection.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
"everyoneincludesanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"SCENoApplyLegacyAuditPolicy"=dword:00000000
"LsaConfigFlags"=dword:00000000
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000
"LmCompatibilityLevel"=-
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMaintenanceTaskreportinginSecurityHealthUI.reg

; disables reporting of things from Maintenance Task in Windows Security App

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health]

[HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health\State]
"Disabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health\Platform]
"Registered"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMicrosoftVulnerabileDriverBlocklist.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]
"VulnerableDriverBlocklistEnable"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSmartScreen.reg

; Disable SmartScreen for Microsoft Edge

[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter]
"EnabledV9"=dword:00000000
"PreventOverride"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Edge]
"SmartScreenEnabled"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled]
@=dword:00000000

; Disable SmartScreen in File Explorer and Windows Shell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="off"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000
"ShellSmartScreenLevel"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableSmartScreenInShell]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableAppInstallControl]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\PreventOverrideForFilesInShell]
"value"=dword:00000000

; Disable SmartScreen for Microsoft Store Apps

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000000
"PreventOverride"=dword:00000000

; Configure App Install Control

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"="Anywhere"
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSpyNetTelemetry.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001
"LocalSettingOverrideSpynetReporting"=dword:00000000
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet]
"SpyNetReporting"=dword:00000000
"LocalSettingOverrideSpyNetReporting"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSystemMitigations.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsMitigation]
"UserPreference"=dword:00000002

; In-kernel Mitigations

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00
"MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00
"KernelSEHOPEnabled"=dword:00000000

; Disable Spectre & Meltdown Mitigations

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettings"=dword:00000001
"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003

; Services Mitigations

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig]
"EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableTamperProtection.reg

; Remove Defender's Tamper Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00
"TamperProtectionSource"=dword:00000000
"MpCapability"=hex:00,00,00,00,00,00,00,00
"TamperProtection"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableUAC.reg

; Disable UAC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000000
"FilterAdministratorToken"=dword:00000001
"LocalAccountTokenFilterPolicy"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000001
"EnableSecureUIAPaths"=dword:00000000
"DelayedDesktopSwitchTimemout"=dword:00000000
"PromptOnSecureDesktop"=dword:00000000

; Fix mouse cursor dissapeiring

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableCursorSuppression"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableVBS.reg

; Reset values for Virtualization Settings

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology]

; Disable Virtualization Based Security

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"EnableVirtualizationBasedSecurity"=dword:00000000
"HypervisorEnforcedCodeIntegrity"=dword:00000000
"HVCIMATRequired"=dword:00000000
"LsaCfgFlags"=dword:00000000
"ConfigureSystemGuardLaunch"=dword:00000002
"RequirePlatformSecurityFeature"=dword:00000000
"CachedDrtmAuthIndex"=dword:00000000
"RequireMicrosoftSignedBootChain"=dword:00000001
"Locked"=dword:00000000
"RequirePlatformSecurityFeatures"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000
"Locked"=dword:00000000
"WasEnabledBy"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\HypervisorEnforcedCodeIntegrity]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\EnableVirtualizationBasedSecurity]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\ConfigureSystemGuardLaunch]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\LsaCfgFlags]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\RequirePlatformSecurityFeatures]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\RequireUEFIMemoryAttributesTable]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"DeployConfigCIPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard]
"Enabled"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\ExploitGuard_d.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_Rules"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears]
"HeartbeatTrackingIndex"=dword:00000000
"SpyNetReportingLocation"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"EnableASRConsumers"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\MitigationofFaultTorelantHeap.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"Enabled"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemovalofAnti-PhishingServices.reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-

; From Disabler

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyPasswordReuse"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyMalicious"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\Remove and Disable Microsoft Pluton.reg

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp]
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveSecurityandMaintenance.reg

[-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveWindowsDefenderFirewallRules.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WebThreatDefSvc_Allow_In"=-
"WebThreatDefSvc_Allow_Out"=-
"WebThreatDefSvc_Block_In"=-
"WebThreatDefSvc_Block_Out"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=-
"72e33e44-dc4c-40c5-a688-a77b6e988c69"=-
"b23879b5-1ef3-45b7-8933-554a4303d2f3"=-

俪尚皇

学习一啵

handsome_xiang

感谢分享！

86933924

感谢分享

snluwei

谢谢分享

lb1395468

谢谢分享

5982168

Win 10 Tweaker 20.4
你值得拥有！！！！！！

86933924

谢谢分享

lovelyelfpop

试试看看

pureivan

这个无敌啊！！

lovelyelfpop

多谢分享！！！

iwkd00

谢谢

zxas1218

oar 发表于 2025-3-14 20:26
腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡 ...

现在的ai都这么厉害了？注册表都能解读吗

昔日石琴

所以是哪个系统用的？10还是11？

无痕Love恨天

oar 发表于 2025-3-14 20:26
腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡 ...

哈哈

2011lanz

学习了，谢谢大佬分享！

qytjc

装的影子系统，开机就还原了！从不担心病毒！

wjkw

谢谢大佬分享！

gamezboy

正好电脑卡，谢谢楼主分享

wuhu3000

oar 发表于 2025-3-14 20:26
腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡 ...

谢谢分享

fegr

谢谢分享

董大

感谢楼主分享!知识的分享给力！

wang1126

谢谢楼主分享

ddonglliu

注册表下手需谨慎！！！

ylac

谢谢楼主分享

花盗睡鼠

感谢资源共享经济

andylxh

感谢楼主分享

小灰兔

感谢分享

hmaaaa

感謝大大分享!^^ 辛苦了！

valen21

没有注释，都不知道具体关闭了什么