设为首页收藏本站
开启辅助访问 切换到宽版

无忧启动论坛

 找回密码
 注册
搜索
无忧启动论坛»论坛 ::启动制作:: 综合讨论区 PE下删除WD脚本亲测可用
系统gho:最纯净好用系统下载站投放广告、加入VIP会员,请联系 微信:wuyouceo
12下一页
返回列表 发新帖
查看: 633|回复: 35
打印 上一主题 下一主题

[分享] PE下删除WD脚本亲测可用

[复制链接]
j2rong
跳转到指定楼层
1#
发表于 昨天 18:41 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
加入VIP会员,获无忧币,赠积分,送勋章,下载无限制,获论坛最高级会员权限 !
装好系统以后重启之前运行会更好如果你的系统盘不在C盘就可以把C:改成其他盘的名字


@echo off

reg load HKLM\TEMPSYSTEM C:\Windows\System32\config\system
reg load HKLM\TEMPSOFTWARE C:\Windows\System32\config\software

REM ; 移除 Defender 和 Windows 安全服务
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\MsSecCore" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\wscsvc" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\WdNisDrv" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\WdNisSvc" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\WdFilter" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\WdBoot" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\SgrmAgent" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\SgrmBroker" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\WinDefend" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection" /v "UILockdown" /t REG_DWORD /d "1" /f
REM ; 禁用设备驱动
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableAsyncScanOnOpen" /t REG_DWORD /d "1" /f
REM ; 禁用内核内缓解措施 In-kernel Mitigations
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Session Manager\kernel" /v "MitigationAuditOptions" /t REG_BINARY /d "000000000000202200000000000000200000000000000000" /f
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Session Manager\kernel" /v "MitigationOptions" /t REG_BINARY /d "002222202220222220000000002000200000000000000000" /f
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Session Manager\kernel" /v "KernelSEHOPEnabled" /t REG_DWORD /d "0" /f
REM ; 禁用Spectre熔毁缓解措施
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettings" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "3" /f
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t REG_DWORD /d "3" /f
REM ; 禁用服务缓解
reg add "HKLM\TEMPSOFTWARE\Microsoft\FTH" /v "Enabled" /t REG_DWORD /d "0" /f
REM ; 禁用 UAC
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d "1" /f

REM ; 关闭实时防护
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableAsyncScanOnOpen" /t REG_DWORD /d "1" /f
REM ; 移除 Defender 和 Windows 安全相关服务
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\SecurityHealthService" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection" /v "DisallowExploitProtectionOverride" /t REG_DWORD /d "1" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\MsSecFlt" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Services\MsSecWfp" /f
REM ; 强制禁用 Windows Defender 反病毒策略
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "value" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "PUAProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "DisableLocalAdminMerge" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "RandomizeScheduleTaskTimes" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning" /v "value" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor" /v "value" /t REG_DWORD /d "50" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\CloudBlockLevel" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\CloudExtendedTimeout" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\PUAProtection" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter" /v "value" /t REG_DWORD /d "2" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanTime" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval" /v "value" /t REG_DWORD /d "24" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "EnableFileHashComputation" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "ThrottleDetectionEventsRate" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "DisableSignatureRetirement" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "DisableProtocolRecognition" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableOnAccessProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideRealtimeScanDirection" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableIOAVProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableBehaviorMonitoring" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableIntrusionPreventionSystem" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableRealtimeMonitoring" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "RealtimeScanDirection" /t REG_DWORD /d "2" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "IOAVMaxSize" /t REG_DWORD /d "1298" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableInformationProtectionControl" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableIntrusionPreventionSystem" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableRawWriteNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "LowCpuPriority" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableEmailScanning" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableHeuristics" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableReparsePointScanning" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureDisableNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "RealtimeSignatureDelivery" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableScheduledSignatureUpdateOnBattery" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t REG_DWORD /d "2" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t REG_DWORD /d "5184" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableScanOnUpdate" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration" /v "SuppressRebootNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection" /v "EnableNetworkProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Microsoft Antimalware" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet" /v "LocalSettingOverrideSpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingComponents" /t REG_DWORD /d "0" /f
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d "0" /f
REM ; 禁用杀毒
REM ; 禁止覆盖实时保护设置
REM ; 禁用 Windows Defender 安全中心通知
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableEnhancedNotifications" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableNotifications" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideWindowsSecurityNotificationAreaControl" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Security Center" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\Security Center" /v "FirstRunDisabled" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\Security Center" /v "AntiVirusOverride" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Microsoft\Security Center" /v "FirewallOverride" /t REG_DWORD /d "1" /f
reg add "HKLM\TEMPSOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f

reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
REM ; Defender 日志
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger" /f
reg delete "HKLM\TEMPSYSTEM\ControlSet001\Control\WMI\Autologger\DefenderApiLogger" /f
REM ; 清除 Defender 任务计划
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACC9108-2000-46C0-8407-5FD9F89521E8}" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D77BCC8-1D07-42D0-8C89-3A98674DFB6F}" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9233DB-A7D3-45D6-B476-8C7D8DF73EB5}" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B05F34EE-83F2-413D-BC1D-7D5BD6E98300}" /f
REM ; 移除右键关联菜单中的杀毒扫描菜单项
reg delete "HKLM\TEMPSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows Defender" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\Folder\shell\WindowsDefender" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\DesktopBackground\Shell\WindowsSecurity" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\Folder\shell\WindowsDefender\Command" /f

rem reg delete "HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\windowsdefender" /f
rem reg delete "HKCU\Software\Classes\ms-cxh" /f
rem reg delete "HKCU\Software\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0" /f
rem reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f
rem reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
rem reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f

reg delete "HKLM\TEMPSOFTWARE\Classes\AppUserModelId\Windows.Defender" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\AppUserModelId\Microsoft.Windows.Defender" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\Local Settings\MrtCache\C:%%5CWindows%%5CSystemApps%%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%%5Cresources.pri" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WindowsDefender" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WindowsDefender" /f
REM ; 移除外壳关联
reg delete "HKLM\SYSTEM\ControlSet001\Control\Ubpm" /v "CriticalMaintenance_DefenderCleanup" /f
reg delete "HKLM\SYSTEM\ControlSet001\Control\Ubpm" /v "CriticalMaintenance_DefenderVerification" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Ubpm" /f
reg add "HKLM\TEMPSYSTEM\ControlSet001\Control\Ubpm" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-1" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-2" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-3" /f
reg add "HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /f
REM ; 禁用 Windows Defender 签名更新
REM ; 移除 Defender 启动项
reg add "HKLM\TEMPSYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /f

reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
REM ; 移除 Web 防护
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\TEMPSOFTWARE\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatExperienceManager.ThreatExperienceManager" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatResponseEngine.ThreatDecisionEngine" /f
reg delete "HKLM\TEMPSOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings" /f
REM ; 隐藏 Windows 设置页面中的 Defender
reg add "HKLM\TEMPSOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;" /f

reg unload HKLM\TEMPSYSTEM
reg unload HKLM\TEMPSOFTWARE

echo 警告:计算机即将重启!
echo.
echo 按下任意键重启,直接关闭窗口取消...
pause > nul

REM 重启计算机
shutdown /r /t 0





点评

俪尚皇
你这脚本还需要完善呀,有些路径都没转换为HKLM\TEMPSYSTEM,如:移除外壳关联reg delete "HKLM\SYSTEM\  发表于 14 小时前

评分

参与人数 1无忧币 +5 收起 理由
cuicongyuan + 5 赞一个!

查看全部评分

回复

使用道具 举报

a66
2#
发表于 昨天 18:52 | 只看该作者
支持,不错~
回复

使用道具 举报

fuldho
3#
发表于 昨天 19:04 | 只看该作者
支持,辛苦了
回复

使用道具 举报

4#
发表于 昨天 19:39 | 只看该作者
没大看懂,要好好学习一下。
回复

使用道具 举报

5#
发表于 昨天 19:41 | 只看该作者
感谢分享,不过在隔壁论坛看到的是一样的
https://bbs.pcbeta.com/forum.php ... 52&highlight=WD

点评

semiuel
论坛之间互相转载帖子吧。  详情 回复 发表于 昨天 19:54
回复

使用道具 举报

6#
发表于 昨天 19:51 | 只看该作者
支持,不错~
回复

使用道具 举报

skycafe
7#
发表于 昨天 19:51 | 只看该作者
6666666666666666
回复

使用道具 举报

semiuel
8#
发表于 昨天 19:54 | 只看该作者
mrzhonghb 发表于 2025-12-14 19:41
感谢分享,不过在隔壁论坛看到的是一样的
https://bbs.pcbeta.com/forum.php?mod=viewthread&tid=2045952& ...

论坛之间互相转载帖子吧。
回复

使用道具 举报

erdos47
9#
发表于 昨天 20:04 | 只看该作者
感谢分享
回复

使用道具 举报

10#
发表于 昨天 20:11 | 只看该作者
感谢分享
回复

使用道具 举报

smile_z
11#
发表于 昨天 20:26 | 只看该作者
感谢分享
回复

使用道具 举报

zyy
12#
发表于 昨天 22:20 | 只看该作者
谢谢分享
回复

使用道具 举报

13#
发表于 16 小时前 | 只看该作者
纯路过
回复

使用道具 举报

ZDL214R
14#
发表于 16 小时前 | 只看该作者
为什么要删WD?
回复

使用道具 举报

15#
发表于 14 小时前 | 只看该作者
@echo off
title  PE中禁用原系统Windows Defender脚本

echo 警告:本脚本仅适合在PE中操作使用!
echo 在PE中原系统如果显示的不是C盘,请先将本脚本中的C:改成正确的盘符
echo.
echo 按任意键继续,或直接关闭本窗口取消操作...
pause > nul

REM ; 在PE中挂载原系统的注册表
REM ; 如原系统在PE中显示的不是C盘,请将C:改成正确的盘符
reg load HKLM\SYSTEM2 C:\Windows\System32\config\system
reg load HKLM\SOFTWARE2 C:\Windows\System32\config\software
reg load HKLM\CU2 C:\Users\Default\ntuser.dat

REM ; 移除 Defender 和 Windows 安全服务
reg delete "HKLM\SYSTEM2\ControlSet001\Services\MsSecCore" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\wscsvc" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdNisDrv" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdNisSvc" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdFilter" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WdBoot" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SgrmAgent" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SgrmBroker" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\WinDefend" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection" /v "UILockdown" /t REG_DWORD /d "1" /f
REM ; 禁用设备驱动
reg add "HKLM\SOFTWARE2\Microsoft\Windows Defender\Real-Time Protection" /v "DisableAsyncScanOnOpen" /t REG_DWORD /d "1" /f
REM ; 禁用内核内缓解措施 In-kernel Mitigations
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\kernel" /v "MitigationAuditOptions" /t REG_BINARY /d "000000000000202200000000000000200000000000000000" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\kernel" /v "MitigationOptions" /t REG_BINARY /d "002222202220222220000000002000200000000000000000" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\kernel" /v "KernelSEHOPEnabled" /t REG_DWORD /d "0" /f
REM ; 禁用Spectre熔毁缓解措施
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettings" /t REG_DWORD /d "1" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "3" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t REG_DWORD /d "3" /f
REM ; 禁用服务缓解
reg add "HKLM\SOFTWARE2\Microsoft\FTH" /v "Enabled" /t REG_DWORD /d "0" /f
REM ; 禁用 UAC
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d "1" /f

REM ; 关闭实时防护
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableAsyncScanOnOpen" /t REG_DWORD /d "1" /f
REM ; 移除 Defender 和 Windows 安全相关服务
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SecurityHealthService" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender Security Center\App and Browser protection" /v "DisallowExploitProtectionOverride" /t REG_DWORD /d "1" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\MsSecFlt" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\MsSecWfp" /f
REM ; 强制禁用 Windows Defender 反病毒策略
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "value" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "PUAProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "AllowFastServiceStartup" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "DisableLocalAdminMerge" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection" /v "RandomizeScheduleTaskTimes" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowCloudProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowEmailScanning" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowOnAccessProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowScriptScanning" /v "value" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor" /v "value" /t REG_DWORD /d "50" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\CloudBlockLevel" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\CloudExtendedTimeout" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\PUAProtection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\ScanParameter" /v "value" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\ScheduleScanDay" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\ScheduleScanTime" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval" /v "value" /t REG_DWORD /d "24" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\Defender\SubmitSamplesConsent" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "MpCloudBlockLevel" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\MpEngine" /v "EnableFileHashComputation" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "ThrottleDetectionEventsRate" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "DisableSignatureRetirement" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS" /v "DisableProtocolRecognition" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableOnAccessProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideRealtimeScanDirection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableIOAVProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableBehaviorMonitoring" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableIntrusionPreventionSystem" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "LocalSettingOverrideDisableRealtimeMonitoring" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "RealtimeScanDirection" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "IOAVMaxSize" /t REG_DWORD /d "1298" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableInformationProtectionControl" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableIntrusionPreventionSystem" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Policy Manager" /v "DisableRawWriteNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "LowCpuPriority" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableEmailScanning" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableHeuristics" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Scan" /v "DisableReparsePointScanning" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureDisableNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "RealtimeSignatureDelivery" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableScheduledSignatureUpdateOnBattery" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t REG_DWORD /d "5184" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableScanOnUpdate" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\UX Configuration" /v "SuppressRebootNotification" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access" /v "EnableControlledFolderAccess" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection" /v "EnableNetworkProtection" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\WOW6432Node\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Microsoft Antimalware" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Microsoft Antimalware\SpyNet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Microsoft Antimalware\SpyNet" /v "LocalSettingOverrideSpyNetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingLevel" /t REG_DWORD /d "0" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender\Reporting" /v "WppTracingComponents" /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d "0" /f
REM ; 禁用杀毒
REM ; 禁止覆盖实时保护设置
REM ; 禁用 Windows Defender 安全中心通知
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableEnhancedNotifications" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableNotifications" /f
reg add "HKLM\SOFTWARE2\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideWindowsSecurityNotificationAreaControl" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Security Center" /f
reg add "HKLM\SOFTWARE2\Microsoft\Security Center" /v "FirstRunDisabled" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\Security Center" /v "AntiVirusOverride" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Microsoft\Security Center" /v "FirewallOverride" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE2\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f

reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{2781761E-28E2-4109-99FE-B9D127C57AFE}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{195B4D07-3DE2-4744-BBF2-D90121AE785B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{361290c0-cb1b-49ae-9f3e-ba1cbe5dab35}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{45F2C32F-ED16-4C94-8493-D72EF93A051B}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8a696d12-576b-422e-9712-01b9dd84b446}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A2D75874-6750-4931-94C1-C99D3BC9D0C7}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{DACA056E-216A-4FD1-84A6-C306A017ECEC}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}" /f
REM ; Defender 日志
reg delete "HKLM\SYSTEM2\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Control\WMI\Autologger\DefenderApiLogger" /f
REM ; 清除 Defender 任务计划
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACC9108-2000-46C0-8407-5FD9F89521E8}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D77BCC8-1D07-42D0-8C89-3A98674DFB6F}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9233DB-A7D3-45D6-B476-8C7D8DF73EB5}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B05F34EE-83F2-413D-BC1D-7D5BD6E98300}" /f
REM ; 移除右键关联菜单中的杀毒扫描菜单项
reg delete "HKLM\SOFTWARE2\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows Defender" /f
reg delete "HKLM\SOFTWARE2\Classes\Folder\shell\WindowsDefender" /f
reg delete "HKLM\SOFTWARE2\Classes\DesktopBackground\Shell\WindowsSecurity" /f
reg delete "HKLM\SOFTWARE2\Classes\Folder\shell\WindowsDefender\Command" /f

reg delete "HKLM\CU2\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\windowsdefender" /f
reg delete "HKLM\CU2\Software\Classes\ms-cxh" /f
reg delete "HKLM\CU2\Software\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0" /f
reg delete "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f
reg delete "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
reg add "HKLM\CU2\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f

reg delete "HKLM\SOFTWARE2\Classes\AppUserModelId\Windows.Defender" /f
reg delete "HKLM\SOFTWARE2\Classes\AppUserModelId\Microsoft.Windows.Defender" /f
reg delete "HKLM\SOFTWARE2\Classes\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0" /f
reg delete "HKLM\SOFTWARE2\Classes\Local Settings\MrtCache\C:%%5CWindows%%5CSystemApps%%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%%5Cresources.pri" /f
reg delete "HKLM\SOFTWARE2\Classes\WindowsDefender" /f
reg delete "HKLM\SOFTWARE2\Classes\WindowsDefender" /f
REM ; 移除外壳关联
reg delete "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /v "CriticalMaintenance_DefenderCleanup" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /v "CriticalMaintenance_DefenderVerification" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /f
reg add "HKLM\SYSTEM2\ControlSet001\Control\Ubpm" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-1" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-2" /f
reg delete "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /v "WindowsDefender-3" /f
reg add "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /f
REM ; 禁用 Windows Defender 签名更新
REM ; 移除 Defender 启动项
reg add "HKLM\SYSTEM2\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System" /f

reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /f
reg delete "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
REM ; 移除 Web 防护
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Run" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Classes\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Classes\WOW6432Node\CLSID\{E48B2549-D510-4A76-8A5F-FC126A6215F0}" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Service.UserSessionServiceManager" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatExperienceManager.ThreatExperienceManager" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.ThreatResponseEngine.ThreatDecisionEngine" /f
reg delete "HKLM\SOFTWARE2\Microsoft\WindowsRuntime\ActivatableClassId\Microsoft.OneCore.WebThreatDefense.Configuration.WTDUserSettings" /f
REM ; 隐藏 Windows 设置页面中的 Defender
reg add "HKLM\SOFTWARE2\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;" /f

reg unload HKLM\SYSTEM2
reg unload HKLM\SOFTWARE2

echo 警告:计算机即将重启!
echo.
echo 按任意键重启,或直接关闭本窗口取消重启...
pause > nul

REM 重启计算机
shutdown /r /t 0
回复

使用道具 举报

16#
发表于 8 小时前 | 只看该作者
感谢分享
回复

使用道具 举报

renlihl
17#
发表于 8 小时前 | 只看该作者
谢谢分享
回复

使用道具 举报

nie956
18#
发表于 8 小时前 | 只看该作者
感谢分享
回复

使用道具 举报

it323
19#
发表于 8 小时前 | 只看该作者
都是离线移除干净再用,感谢分享!

点评

xpzzj
离线移除是什么意思,就是在PE下移除?  详情 回复 发表于 6 小时前
回复

使用道具 举报

20#
发表于 7 小时前 | 只看该作者
这个好,感谢分享
回复

使用道具 举报

21#
发表于 7 小时前 | 只看该作者
多谢楼主分享
回复

使用道具 举报

sulong
22#
发表于 7 小时前 | 只看该作者
谢谢楼主分享
回复

使用道具 举报

23#
发表于 7 小时前 | 只看该作者
谢谢楼主分享
回复

使用道具 举报

24#
发表于 6 小时前 | 只看该作者
好。。。。。。。。
回复

使用道具 举报

xpzzj
25#
发表于 6 小时前 | 只看该作者
it323 发表于 2025-12-15 08:27
都是离线移除干净再用,感谢分享!

离线移除是什么意思,就是在PE下移除?

点评

it323
用NTLite移除重新封装,当然用楼主脚本移除也可以(没测试)前提是脚本没问题能用。  详情 回复 发表于 4 小时前
回复

使用道具 举报

kkddff
26#
发表于 6 小时前 | 只看该作者
多谢楼主分享
回复

使用道具 举报

27#
发表于 6 小时前 | 只看该作者
感谢大佬分享
回复

使用道具 举报

hmaaaa
28#
发表于 5 小时前 | 只看该作者
謝謝大大分享,感恩喔~~! ^^ 辛苦了!
回复

使用道具 举报

董大
29#
发表于 5 小时前 | 只看该作者
没看懂,要学习一下
回复

使用道具 举报

guong
30#
发表于 5 小时前 | 只看该作者
谢谢分享了!
回复

使用道具 举报

12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2025-12-15 16:29

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表