Command-line utility to turn on/off Windows Defender and Tamper Protection

Discussion in 'MDL Projects and Applications' started by wesmar, Dec 9, 2025.

  1. betakernel

    betakernel MDL Novice

    Nov 29, 2017
    38
    11
    0
    thanks
     
  2. migascalp

    migascalp MDL Addicted

    Sep 18, 2009
    557
    940
    30
    From specialize
    Code:
    === WinDefCtl v2  -  kill status ===
    
      [*] Extracting kvckiller.sys from embedded CAB...
      [+] kvckiller.sys deployed to drivers\ (38816 B)
      [*] Applying IFEO block (MsMpEng + SecurityHealth*)...
      [*] Installing wsftprm service...
      [*] Issuing IOCTL kill...
      [+] MsMpEng.exe (PID 4740) terminated
      [*] Cleanup: stop + delete service, remove driver file...
      [*] Done. Defender is blocked.
    End of SetupComplete
    Code:
    === WinDefCtl v2  -  restore status ===
    
      [*] Removing IFEO block...
      [*] Starting WinDefend...
      [*] Starting SecurityHealthService...
      [*] Launching SecurityHealthSystray...
      [*] Done. Defender is restored.
    Work great. MAS is now running smoothly.
    Thank you.
     
  3. wesmar

    wesmar MDL Member

    Apr 1, 2012
    181
    636
    10
    #43 wesmar, May 31, 2026
    Last edited: May 31, 2026
    (OP)

    Attached Files:

  4. wesmar

    wesmar MDL Member

    Apr 1, 2012
    181
    636
    10
    V2 only! It disables and stops it; during the shutdown, there is a deliberate intro that masks the pop-up window with sliders. The stopping is handled by the driver. Defender becomes defenseless.
     
  5. wesmar

    wesmar MDL Member

    Apr 1, 2012
    181
    636
    10
    Version 1.1.2 isn't newer, it's just completely different. Unlike the GitHub release, this version doesn't use any driver or external overlays. It works entirely from within, injecting into the process and invisibly flipping the toggle by moving the mouse deep under the hood. The goal was to debunk Microsoft's marketing claim that disabling this protection outside of their official GUI/UX or Intune portal is impossible.