First of all, thank you. Your sharing helps me disable Defender. A little suggestion. Replace Spoiler: Delete Code: rem Remove Smartscreen (to restore run "sfc /scannow") takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe" icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F taskkill /im smartscreen.exe /f del "%WinDir%\System32\smartscreen.exe" /s /f /q By Spoiler: Block Code: rem Block execution of smartscreen.exe Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartScreen.exe" /v "Debugger" /t REG_SZ /d "del \"%%WinDir%%\System32\smartscreen.exe\" /s /f /q" /f The advantage, it still works after a Windows update. Tested on 19044 and 26100. The initial idea comes from somewhere around here to block OneDriveSetup.exe.
Thanks for the suggestion. This is the link I have for the MDL source: https://forums.mydigitallife.net/th...1-22h2-vb_release.80763/page-411#post-1680616 I think the block idea is to assign the app you want to block to "systray" ?? Code: REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartScreen.exe" /v Debugger /d "systray" /f >NUL
Thanks for finding the source. Yes, that's the idea. But with SmartScreen.exe it causes big problems when opening Windows Security. Try and see. I tried other things without success. To finally put what I proposed in my previous message. Again, try an see.
For anyone interested in just disabling and removing SmartScreen and Smart App Control, here is a copy of my own script. It's amateur but it works. Copy and paste the code into a .bat file. Do a restart after. You cannot undo this after it has run. Code: @echo off :: BatchGotAdmin :------------------------------------- REM --> Check for permissions IF "%PROCESSOR_ARCHITECTURE%" EQU "amd64" ( >nul 2>&1 "%SYSTEMROOT%\SysWOW64\cacls.exe" "%SYSTEMROOT%\SysWOW64\config\system" ) ELSE ( >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" ) REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo Requesting administrative privileges... goto UACPrompt ) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" set params= %* echo UAC.ShellExecute "cmd.exe", "/c ""%~s0"" %params:"=""%", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" exit /B :gotAdmin pushd "%CD%" CD /D "%~dp0" set Policies=HKEY_LOCAL_MACHINE\SOFTWARE\Policies echo == Disabling SmartScreen REG ADD "%Policies%\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0" REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControlEnabled /t REG_DWORD /d "0" REG ADD "%Policies%\Microsoft\Windows Defender\SmartScreen" /f /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere" REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v Enabled /t REG_DWORD /d "0" REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV8 /t REG_DWORD /d "0" REG ADD "%Policies%\Microsoft\Internet Explorer\PhishingFilter" /f /v EnabledV9 /t REG_DWORD /d "0" REG ADD "%Policies%\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /f /v 2301 /t REG_DWORD /d "3" REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /f /v value /t REG_DWORD /d "0" REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /f /v SmartScreenEnabled /t REG_SZ /d "Off" REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /f /v EnableSmartScreen /t REG_DWORD /d "0" echo == Disabling SmartScreen for Store and Apps REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v EnableWebContentEvaluation /t REG_DWORD /d "0" REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /f /v PreventOverride /t REG_DWORD /d "0" REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_StoreAppsSmartScreenOff /t REG_DWORD /d "0" REG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /f /v "EnabledV9" /t REG_DWORD /d "0" echo == Disabling SmartScreen for Microsoft Edge REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenEnabled /t REG_DWORD /d "0" REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge" /f /v SmartScreenPuaEnabled /t REG_DWORD /d "0" REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health\State" /f /v AppAndBrowser_EdgeSmartScreenOff /t REG_DWORD /d "0" echo == Disabling Smart App Control REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy" /f /v VerifiedAndReputablePolicyState /t REG_DWORD /d "0" echo == Stopping SmartScreen and Cleaning Up takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe" icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F taskkill /im smartscreen.exe /f del "%WinDir%\System32\smartscreen.exe" /s /f /q takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.dll" icacls "%WinDir%\System32\smartscreen.dll" /grant:r %username%:F del "%WinDir%\System32\smartscreen.dll" /s /f /q takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreenps.dll" icacls "%WinDir%\System32\smartscreenps.dll" /grant:r %username%:F del "%WinDir%\System32\smartscreenps.dll" /s /f /q pause
What can you cay abiut this piece of code: Spoiler Code: @echo Off if exist "%ProgramFiles%\Windows Defender\MsMpEng.exe" ( sc config WinDefend start=disabled >nul && net stop WinDefend >nul sc config WdBoot start=disabled >nul && net stop WdBoot >nul sc config WdFilter start=disabled >nul && net stop WinDefend >nul sc config SecurityHealthService start=disabled >nul && net stop SecurityHealthService >nul sc config Sense start=disabled >nul && net stop Sense >nul sc config WdNisDrv start=disabled >nul && net stop WdNisDrv >nul sc config WdNisSvc start=disabled >nul && net stop WdNisSvc >nul taskkill /im MsMpEng.exe /f & taskkill /im MpCmdRun.exe /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "PUAProtection" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f >nul reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f >nul for /f %%i in ('reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" /s /k /f "SecHealthUI" ^| find /i "SecHealthUI" ') do (reg delete "%%i" /f >nul 2>&1) call :policies ) exit /b :policies for /f "tokens=1* delims=:" %%i in ('reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility') do set "hidelist=%%j" reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender;%hidelist%" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender.SecurityCenter" /v "Enabled" /t REG_DWORD /d "0" /f >nul reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d "0" /f >nul exit /b I see that your script does more in disabling Smart Screen and Filter, but some other options in policy and WUAU you ignore. Isn't it good to combine it?
From what I can see, all of these relate to DefenderAV, and my script does not touch Defender itself, only SmartScreen. My script is aimed at all those Defender Removers that don't seem to remove or disable the worst part (IMO), SmartScreen.
tested it against 22h2 and 24h2 in both causes sfc error this one works against 22h2 .\SU64 /w /s powershell "SP HKLM:\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Security.SmartScreen.AppReputationService ActivationType -V 1"
i disable smartscreen.exe the same way i disable searchhost.exe with permissions, i use a batch to take ownership, then remove it's permissions and then deny. so nothing can run it. i do the same with the wu notification that keeps popping up in the tray. for defender i use toggle defender, off github. CU's seem to renable some of the services so i just run it again if i notice the processes running again.
And you get sfc error not acceptable for me As to wu just go to svchost in regedit then netsvcs open it and remove usosvc reboot and wu won't offer you anything anymore but you can still install updates manually or use wumt to install updates.
I guess there may not be anything finalized here yet.. But my question is how can you temporarily disable Windows Defender in Windows 11 23H2? simply that it can be deactivated and after the desktop has started it can be activated.