@freddie-o This is the best permanent disabling of Defender with the ability to enable it at any time. Disable Defender Run cmd script as admin. NSudoLC.exe in same folder. Code: pushd "%~dp0" NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide powershell -command "& { Stop-Service -Name 'windefend' }" NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide sc config windefend start=demand reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f sc qc windefend pause Enable Defender Run cmd script as admin. Code: reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f sc start windefend pause Comment 1) sc stop windefend and net stop windefend is detected by Defender Stop-Service in powershell is undetected by Defender 2) It is better to stop the defender (stop service windefend) first and then setting it (start service parameter) 3) windefend start=demand (manual) and DisableAntiSpyware 1 = permanent disable Defender 4) Works on Win 10/11 Defender is possible to disable / enable it at any time
Why is it the best? Elaborate please... Also there's a @BAU 's script to toggle defender. Any difference between them?
At first glance, you know what it does. Not in the Bau script. ... and to restore it to its original state is absolutely trivial (even without a script). Not in the Bau script.
Thank you I will test it out. My intention here is just to toggle Windows Defender I disable a lot more (offline) to permanently disable Windows Defender
Disable Defender doesn't work... Errors Code: E:\>pushd "E:\" E:\>NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide powershell -command "& { Stop-Service -Name 'windefend' }" M2-Team NSudo Launcher 8.2 © M2-Team. All rights reserved. Error: Failed to create a process. For further information, please visit https://m2team.github.io/NSudo. **************************************************************** Sender: NSudoCreateProcess DateTime: 2021-11-07 15:37:45 Process ID: 5472 Thread ID: 7448 UserModeType: 1 PrivilegesModeType: 1 MandatoryLabelType: 0 ProcessPriorityClassType: 2 ShowWindowModeType: 2 WaitInterval: -1 CreateNewConsole: 1 CommandLine: powershell -command "& { Stop-Service -Name 'windefend' }" CurrentDirectory: E: **************************************************************** Sender: NSudoCreateProcess DateTime: 2021-11-07 15:37:45 Process ID: 5472 Thread ID: 7448 Enable the SeDebugPrivilege for the context access token failed, returns -2147023596. **************************************************************** E:\>NSudoLC -U:T -P:E -Wait -ShowWindowMode:Hide sc config windefend start=demand M2-Team NSudo Launcher 8.2 © M2-Team. All rights reserved. Error: Failed to create a process. For further information, please visit https://m2team.github.io/NSudo. **************************************************************** Sender: NSudoCreateProcess DateTime: 2021-11-07 15:37:45 Process ID: 8624 Thread ID: 7572 UserModeType: 1 PrivilegesModeType: 1 MandatoryLabelType: 0 ProcessPriorityClassType: 2 ShowWindowModeType: 2 WaitInterval: -1 CreateNewConsole: 1 CommandLine: sc config windefend start=demand CurrentDirectory: E: **************************************************************** Sender: NSudoCreateProcess DateTime: 2021-11-07 15:37:45 Process ID: 8624 Thread ID: 7572 Enable the SeDebugPrivilege for the context access token failed, returns -2147023596. **************************************************************** E:\>reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f ERROR: Access is denied. E:\>sc qc windefend [SC] QueryServiceConfig SUCCESS SERVICE_NAME: windefend TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Microsoft Defender Antivirus Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem E:\>powershell (New-Object -ComObject Wscript.Shell).Popup("""Operation Completed""",0,"""Done""",0x0) 1 E:\>pause Press any key to continue . . .
I already tried this method before Code: reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f and it didn't work After restarting the PC, the WinDefend service restarts, the Registry key gets deleted and Windows Defender gets re-enabled. So I ended up with Code: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /f You have to keep the WinDefend service from restarting if you want to keep Windows Defender disabled
@freddie-o "E:\>pushd "E:\" ... and "Access is denied" ... probably run as user I wrote: "Run cmd script as admin." It would be there: C:\Windows\System32>pushd "E:\" DisableAntiSpyware 1 works if windefend is demand or disable ... and these settings are made when the windefend service is turned off as described in my script It works even after restarting Windows (...and to enable the defender, simply start the windefend service) Deleting WinDefend Start seems dirty to me, but also a possible variant I think "windefend start=demand (manual) and DisableAntiSpyware 1" is cleaner Comment "windefend start=demand (manual) and DisableAntiSpyware 1" also uses Defender Control. "sc qc windefend" is for verification only. It is possible that enabling Defender will work without reg delete Defender Policies (or delete DisableAntiSpyware) (the key deletes Defender when the Defender service starts).
I will just forget about disabling Windows Defender "permanently" and just stay with "Toggle Windows Defender Temporarily". There's more to consider when wanting to permanently disable Windows Defender
I think if you want to disable Windows Defender "permanently" you have to also include SmartScreen and Malicious Software Removal Tool I can only accomplish this offline without errors as TrustedInstaller Code: rem == disable microsoft defender, notifications, updates and malicious software removal tool == reg load HKLM\SOFTHIVE mount\Windows\System32\config\SOFTWARE reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d "1" /f reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe" /f rem == delete scheduled tasks == reg delete "HKLM\SOFTHIVE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender" /f rem == disable smartscreen == reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen" /v "value" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Off" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "1" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t REG_SZ /d "Anywhere" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "Enabled" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV8" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f reg add "HKLM\SOFTHIVE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3" /v "2301" /t REG_DWORD /d "3" /f reg unload HKLM\SOFTHIVE rem == delete WinDefend services == reg load HKLM\SYSHIVE mount\Windows\System32\config\SYSTEM reg delete "HKLM\SYSHIVE\ControlSet001\Services\WinDefend" /f reg unload HKLM\SYSHIVE rem == disable smartscreen for store and apps == reg load HKLM\NTUSER mount\Users\Default\NTUSER.DAT reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t REG_DWORD /d "1" /f reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t REG_DWORD /d "0" /f rem == disable smartscreen for microsoft edge == reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d "0" /f reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d "0" /f reg add "HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d "0" /f reg unload HKLM\NTUSER
Yes, but I only comment on turning off the Defender service itself. So the common ground. You don't have to write me the settings, I know them https://krakatoa.www3.cz/win10aio.php (... and I think it will work in online windows as well)
My method is just temporary. I havent used Defender Control in a very long time because I stopped using Windows Defender but it's supposed to be permanent.
So yours is something similar to @BAU 's toggle defender script. Same goal (temporary) different approach?
BAU's and wtarkan's are similar i think. They both toggle Windows Defender but permanently until you enable it again. While with mine Windows Defender gets enabled again when Windows restarts
@Mr.X freddie-o wtarkan DC BAU my recommendation now elevation TI PowerRun internal ps NSudo stop windefend sc stop internal net1 stop in ps wsf vbscript in cmd deactivation of windefend start disabled start demand MpCmdRun DisableService start demand Preventing self-starting (permanent disabling) - reg DisableAntiSpyware 1 reg DisableAntiSpyware 1 + depend RpcSs-TOGGLE reg DisableAntiSpyware 1 permanent disabling No Yes Yes Yes detected by Defender Yes Yes No No
@zucrin Defender Control https://forums.mydigitallife.net/threads/defender-control-v1-7.72444/ Mr.X wrote about him.
I'm interested in permanency and the possibility to toggle easily and run again Defender, so it is @BAU 's script or yours, which one to pick. Here's the dilemma.