设为首页收藏本站
正安论坛»论坛 珍州生活 办公应用 禁止WD(Windows Defender)的批处理(修正版) ...

禁止WD(Windows Defender)的批处理(修正版)

[复制链接]
wlgn 1 发表于 办公应用 2023-7-14 23:20:02 | 显示全部楼层 阅读 2763

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册用户

x
一提到禁止WD,有人就会想到用各种工具啦,什么Defender Control之类的,这些工具很容易被微软当毒杀了。
其实这类工具的原理也和我后面说的大致一样。

我们现在就啥工具都不用,只用批处理来完成这活,省去用工具的麻烦,主要还是避免动不动被WD当毒杀的尴尬。

禁止:
DisableWD.bat

  1. @echo off
  2. ::Windows Defender
  3. reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  4. reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  5. reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  6. reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  7. reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  8. reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  9. reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  10. reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  11. ::WindowsSystemTray
  12. reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f >NUL 2>nul
  13. ::System Guard
  14. reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  15. reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  16. ::WebThreatDefSvc
  17. reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  18. reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  19. for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
  20.   reg add "%%i" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>nul
  21. )
  22. ::
  23. reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /v "Debugger" /t REG_SZ /d "%%windir%%\System32\taskkill.exe" /f >NUL 2>nul
  24. reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "DefaultFileTypeRisk" /t REG_DWORD /d "6152" /f >NUL 2>nul
  25. reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v "SaveZoneInformation" /t REG_DWORD /d "1" /f >NUL 2>nul
  26. reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "LowRiskFileTypes" /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f >NUL 2>nul
  27. reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /v "ModRiskFileTypes" /t REG_SZ /d ".bat;.exe;.reg;.vbs;.chm;.msi;.js;.cmd" /f >NUL 2>nul
  28. reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f >NUL 2>nul
  29. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f >NUL 2>nul
  30. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_DWORD /d "0" /f >NUL 2>nul
  31. reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f >NUL 2>nul
  32. reg add "HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f >NUL 2>nul
  33. reg add "HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f >NUL 2>nul
  34. goto :EOF
复制代码


允许:
EnableWD.bat
  1. @echo off
  2. ::Windows Defender
  3. reg add "HKLM\SYSTEM\ControlSet001\Services\MsSecFlt" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
  4. reg add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
  5. reg add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
  6. reg add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
  7. reg add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
  8. reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
  9. reg add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
  10. reg add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
  11. ::WindowsSystemTray
  12. reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /t REG_EXPAND_SZ /d "%systemroot%\system32\SecurityHealthSystray.exe" /f >NUL 2>nul
  13. ::SystemGuard
  14. reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmAgent" /v "Start" /t REG_DWORD /d "0" /f >NUL 2>nul
  15. reg add "HKLM\SYSTEM\ControlSet001\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
  16. ::WebThreatDefSvc
  17. reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefsvc" /v "Start" /t REG_DWORD /d "3" /f >NUL 2>nul
  18. reg add "HKLM\SYSTEM\ControlSet001\Services\webthreatdefusersvc" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
  19. for /f %%i in ('reg query "HKLM\SYSTEM\ControlSet001\Services" /s /k "webthreatdefusersvc" /f 2^>nul ^| find /i "webthreatdefusersvc" ') do (
  20.   reg add "%%i" /v "Start" /t REG_DWORD /d "2" /f >NUL 2>nul
  21. )
  22. ::
  23. reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartscreen.exe" /f >NUL 2>nul
  24. reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f >NUL 2>nul
  25. reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "On" /f >NUL 2>nul
  26. reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen" /f >NUL 2>nul
  27. reg delete "HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates" /f >NUL 2>nul
  28. goto :EOF
复制代码



注:以上都必须重启后彻底生效!


此批处理出自哪里?
它是revision-tool的一部分,源头:
https://github.com/meetrevision/revision-tool/tree/main/additionals


由于revision-tool只对正式版的Win10/Win11有用,Beta、Dev等就不能用了,于是本人将其单独拎出来。
经过测试,我用的Beta渠道Win11是有用的。


刚才发了这贴,觉得哪里不太对头,WD没那么容易被禁止的,果然,直接右键管理员运行,无法禁止那几个顽固的WD服务,提示的是“拒绝访问”相应注册表项。所以即使禁止了,其实后台还在运行,本尊还在跑着呢,只是右下角图标没有了而已!在设置里打开安全中心,还是能扫描,实时监控也在运行。那是不是这个批处理无效?
显然不是的!
于是看了一下revision-tool的实现方式,发现它用了一个提权工具MinSudo.exe(类似于DISM++里的春哥附体)。故明白了,禁止那几个服务并不是那么简单,管理员权限都不行的,要提权。于是我试着用了System用户权限去执行,结果是真的生效了!

真的生效后,打开安全中心是一块白屏!!



所以紧急修正了一下,附件已经更新了。还是得用到一个提权工具啊!注意:禁用前先关闭“实时保护”和“篡改防护”两项。否则禁用会失败!
(批处理运行时有引导)

网盘自取:
链接: https://pan.baidu.com/s/1tEkT8js0Ri15ZFu0kkOkwA?pwd=3ura
提取码: 3ura
回复

举报 使用道具

上一篇: win10开机启动项怎么添加的

下一篇: 没有了

全部回帖
暂无回帖,快来参与回复吧
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册用户
wlgn
活跃在4 天前
主题 3
回复 45
粉丝 0
加好友 发私信

小黑屋|正安论坛 ( 黔ICP备17012222号 ) 贵公网安备52032402001007号

Copyright © 2001-2020, Tencent Cloud. Powered by Discuz! X3.4

快速回复 返回顶部 返回列表