Code: AMEngineVersion : 0.0.0.0 AMProductVersion : 4.18.25010.6 AMRunningMode : Not running AMServiceEnabled : False AMServiceVersion : 0.0.0.0 AntispywareEnabled : False AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : AntispywareSignatureVersion : AntivirusEnabled : False AntivirusSignatureAge : 65535 AntivirusSignatureLastUpdated : AntivirusSignatureVersion : BehaviorMonitorEnabled : False ComputerID : 20203F34-D295-416D-88FF-16B8E14CEF30 ComputerState : 0 DefenderSignaturesOutOfDate : False DeviceControlDefaultEnforcement : Unknown DeviceControlPoliciesLastUpdated : 01/01/1601 01:00:00 DeviceControlState : Unknown FullScanAge : 4294967295 FullScanEndTime : FullScanOverdue : False FullScanRequired : False FullScanSignatureVersion : FullScanStartTime : InitializationProgress : AbortServiceIsStopping IoavProtectionEnabled : False IsTamperProtected : False IsVirtualMachine : True LastFullScanSource : 0 LastQuickScanSource : 0 NISEnabled : False NISEngineVersion : 0.0.0.0 NISSignatureAge : 65535 NISSignatureLastUpdated : NISSignatureVersion : OnAccessProtectionEnabled : False ProductStatus : 1 QuickScanAge : 4294967295 QuickScanEndTime : QuickScanOverdue : False QuickScanSignatureVersion : QuickScanStartTime : RealTimeProtectionEnabled : False RealTimeScanDirection : 0 RebootRequired : False SmartAppControlExpiration : SmartAppControlState : TamperProtectionSource : UI TDTCapable : N/A TDTMode : N/A TDTSiloType : N/A TDTStatus : N/A TDTTelemetry : N/A TroubleShootingDailyMaxQuota : TroubleShootingDailyQuotaLeft : TroubleShootingEndTime : TroubleShootingExpirationLeft : TroubleShootingMode : TroubleShootingModeSource : TroubleShootingQuotaResetTime : TroubleShootingStartTime : PSComputerName : Start-MpScan : Errors were encountered when attempted to scan your device. Au caractère Ligne:1 : 22 + Get-MpComputerStatus;Start-MpScan -ScanType QuickScan;Update-MpSignat ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpScan:ROOT\Microsoft\...der\MSFT_MpScan) [Start-MpScan], CimExcepti on + FullyQualifiedErrorId : HRESULT 0x80004003,Start-MpScan Update-MpSignature : Virus and spyware definitions update was completed with errors. Au caractère Ligne:1 : 55 + ... terStatus;Start-MpScan -ScanType QuickScan;Update-MpSignature;$null = ... + ~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature], CimException + FullyQualifiedErrorId : HRESULT 0x80004003,Update-MpSignature Good job !
As mentioned in the post, this work is inspired by the script from TairikuOkami, which, in my humble opinion, used the safest approach to disable Defender without impacting the core functionality of the system. I essentially copied the relevant part of his script and applied it, and it worked for me. Regarding your question, the method is more for those who either prefer not to use Windows Defender at all or have opted for a third-party antivirus instead. As you mentioned, simply disabling DisableAntiSpyware on Windows 10 can often be enough to stop Defender from running. If you're not seeing Defender in your system, then you're probably good without going further into the UI, tray icon, or logging adjustments. That said, for people who want to ensure Defender is entirely out of the picture, these extra steps might be necessary. Hope that clarifies things!
Spared some time in refining the batch scripts to manage services, registry, and scheduled tasks more effectively and seamlessly. The updates focus on enhancing error handling, optimizing performance, and improving overall stability. Here’s a preview of the logs generated by the scripts, highlighting these improvements. They still require thorough testing and a bit of fine-tuning to ensure reliability and robustness. Spoiler: poc Spoiler: when verbose set to 0 Code: [05-04-2025 23:28:26.83] ===== Starting service management process at 23:28:26.78 ===== [05-04-2025 23:28:32.20] [SUCCESS] Service WinDefend stopped successfully [05-04-2025 23:28:32.25] [SUCCESS] Service WinDefend successfully disabled [05-04-2025 23:28:32.37] [SUCCESS] Service WdNisSvc successfully disabled [05-04-2025 23:28:32.51] [SUCCESS] Service WdNisDrv successfully disabled [05-04-2025 23:28:33.14] [SUCCESS] Service WdFilter stopped successfully [05-04-2025 23:28:33.18] [SUCCESS] Service WdFilter successfully disabled [05-04-2025 23:28:33.28] ===== Service management completed at 23:28:33.25 ===== [05-04-2025 23:28:33.28] EXECUTION TIME: 7 seconds [05-04-2025 23:28:33.29] SUMMARY: Processed 5 services - Success: 4, Failed: 0, Skipped: 1 [05-04-2025 23:28:33.31] ERRORS: None Code: [05-04-2025 23:28:33.42] ===== Starting registry modification process at 23:28:33.40 ===== [05-04-2025 23:28:33.47] [SUCCESS] Default User registry hive loaded successfully [05-04-2025 23:28:33.51] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /f [05-04-2025 23:28:33.61] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v AllowFastServiceStartup /t REG_DWORD /d 0 /f [05-04-2025 23:28:33.67] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableAntiSpyware /t REG_DWORD /d 1 /f [05-04-2025 23:28:33.75] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableAntiVirus /t REG_DWORD /d 1 /f [05-04-2025 23:28:33.82] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableSpecialRunningModes /t REG_DWORD /d 1 /f [05-04-2025 23:28:33.89] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v ServiceKeepAlive /t REG_DWORD /d 0 /f [05-04-2025 23:28:33.97] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine /v MpEnablePus /t REG_DWORD /d 0 /f [05-04-2025 23:28:34.07] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.15] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableIOAVProtection /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.23] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableOnAccessProtection /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.31] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.39] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.47] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.54] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.62] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f [05-04-2025 23:28:34.68] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v SpynetReporting /t REG_DWORD /d 0 /f [05-04-2025 23:28:34.75] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v SubmitSamplesConsent /t REG_DWORD /d 2 /f [05-04-2025 23:28:34.81] [SUCCESS] Registry Add operation successful: HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderApiLogger /v Start /t REG_DWORD /d 0 /f [05-04-2025 23:28:34.87] [SUCCESS] Registry Add operation successful: HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger /v Start /t REG_DWORD /d 0 /f [05-04-2025 23:28:34.93] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications /v DisableNotifications /t REG_DWORD /d 1 /f [05-04-2025 23:28:35.01] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f [05-04-2025 23:28:35.07] [SUCCESS] Registry Add operation successful: HKU\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance /v Enabled /t REG_DWORD /d 0 /f [05-04-2025 23:28:35.12] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SecurityHealth /f [05-04-2025 23:28:35.17] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f [05-04-2025 23:28:35.22] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EPP /f [05-04-2025 23:28:35.25] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EPP /f [05-04-2025 23:28:35.29] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\EPP /f [05-04-2025 23:28:35.34] [SUCCESS] Default User registry hive unloaded successfully [05-04-2025 23:28:35.37] ===== Registry modification completed at 23:28:35.34 ===== [05-04-2025 23:28:35.37] EXECUTION TIME: 2 seconds [05-04-2025 23:28:35.37] SUMMARY: Processed 29 operations - Success: 29, Failed: 0, Skipped: 0 [05-04-2025 23:28:35.39] ERRORS: None Code: [05-04-2025 23:29:30.56] ===== Starting scheduled task management process ===== [05-04-2025 23:29:31.25] [SUCCESS] Task Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh stopped successfully (now in Ready state) [05-04-2025 23:29:31.37] [SUCCESS] Task Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh successfully disabled [05-04-2025 23:29:31.58] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance successfully disabled [05-04-2025 23:29:31.77] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Cleanup successfully disabled [05-04-2025 23:29:31.94] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan successfully disabled [05-04-2025 23:29:32.14] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Verification successfully disabled [05-04-2025 23:29:32.17] ===== Scheduled task management completed ===== [05-04-2025 23:29:32.17] SUMMARY: Processed 5 tasks - Success: 5, Failed: 0 [05-04-2025 23:29:32.19] ERRORS: None [05-04-2025 23:29:32.19] EXECUTION TIME: 1.61 seconds Spoiler: when verbose set to 1 Code: [05-04-2025 21:55:33.84] ===== Starting service management process at 21:55:33.82 ===== [05-04-2025 21:55:33.87] [INFO] Processing service: WinDefend [START] [05-04-2025 21:55:33.91] [INFO] Service WinDefend exists, checking status [05-04-2025 21:55:33.96] [INFO] Service WinDefend is running, stopping it [05-04-2025 21:55:39.15] [SUCCESS] Service WinDefend stopped successfully [05-04-2025 21:55:39.17] [INFO] Disabling service WinDefend [05-04-2025 21:55:39.21] [SUCCESS] Service WinDefend successfully disabled [05-04-2025 21:55:39.23] [INFO] Processing service: WinDefend [END - Status: SUCCESS] [05-04-2025 21:55:39.24] [INFO] Processing service: WdNisSvc [START] [05-04-2025 21:55:39.27] [INFO] Service WdNisSvc exists, checking status [05-04-2025 21:55:39.29] [INFO] Service WdNisSvc is not running, disabling it [05-04-2025 21:55:39.31] [INFO] Disabling service WdNisSvc [05-04-2025 21:55:39.35] [SUCCESS] Service WdNisSvc successfully disabled [05-04-2025 21:55:39.37] [INFO] Processing service: WdNisSvc [END - Status: SUCCESS] [05-04-2025 21:55:39.38] [INFO] Processing service: WdNisDrv [START] [05-04-2025 21:55:39.40] [INFO] Service WdNisDrv exists, checking status [05-04-2025 21:55:39.43] [INFO] Service WdNisDrv is not running, disabling it [05-04-2025 21:55:39.45] [INFO] Disabling service WdNisDrv [05-04-2025 21:55:39.49] [SUCCESS] Service WdNisDrv successfully disabled [05-04-2025 21:55:39.49] [INFO] Processing service: WdNisDrv [END - Status: SUCCESS] [05-04-2025 21:55:39.51] [INFO] Processing service: WdFilter [START] [05-04-2025 21:55:39.54] [INFO] Service WdFilter exists, checking status [05-04-2025 21:55:39.56] [INFO] Service WdFilter is running, stopping it [05-04-2025 21:55:40.20] [SUCCESS] Service WdFilter stopped successfully [05-04-2025 21:55:40.20] [INFO] Disabling service WdFilter [05-04-2025 21:55:40.24] [SUCCESS] Service WdFilter successfully disabled [05-04-2025 21:55:40.26] [INFO] Processing service: WdFilter [END - Status: SUCCESS] [05-04-2025 21:55:40.27] [INFO] Processing service: MDCoreSvc [START] [05-04-2025 21:55:40.29] [INFO] Service MDCoreSvc does not exist, skipping [05-04-2025 21:55:40.31] [INFO] Processing service: MDCoreSvc [END - Status: SKIPPED] [05-04-2025 21:55:40.34] ===== Service management completed at 21:55:40.31 ===== [05-04-2025 21:55:40.34] EXECUTION TIME: 7 seconds [05-04-2025 21:55:40.35] SUMMARY: Processed 5 services - Success: 4, Failed: 0, Skipped: 1 [05-04-2025 21:55:40.35] ERRORS: None Code: [05-04-2025 21:55:40.46] ===== Starting registry modification process at 21:55:40.45 ===== [05-04-2025 21:55:40.48] [INFO] Loading Default User registry hive [05-04-2025 21:55:40.51] [SUCCESS] Default User registry hive loaded successfully [05-04-2025 21:55:40.52] [INFO] Registry Delete operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /f [05-04-2025 21:55:40.56] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /f [05-04-2025 21:55:40.60] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v AllowFastServiceStartup /t REG_DWORD /d 0 /f [05-04-2025 21:55:40.63] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v AllowFastServiceStartup /t REG_DWORD /d 0 /f [05-04-2025 21:55:40.68] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableAntiSpyware /t REG_DWORD /d 1 /f [05-04-2025 21:55:40.70] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableAntiSpyware /t REG_DWORD /d 1 /f [05-04-2025 21:55:40.73] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableAntiVirus /t REG_DWORD /d 1 /f [05-04-2025 21:55:40.76] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableAntiVirus /t REG_DWORD /d 1 /f [05-04-2025 21:55:40.81] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableSpecialRunningModes /t REG_DWORD /d 1 /f [05-04-2025 21:55:40.82] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v DisableSpecialRunningModes /t REG_DWORD /d 1 /f [05-04-2025 21:55:40.85] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v ServiceKeepAlive /t REG_DWORD /d 0 /f [05-04-2025 21:55:40.88] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender /v ServiceKeepAlive /t REG_DWORD /d 0 /f [05-04-2025 21:55:40.92] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine /v MpEnablePus /t REG_DWORD /d 0 /f [05-04-2025 21:55:40.93] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine /v MpEnablePus /t REG_DWORD /d 0 /f [05-04-2025 21:55:40.99] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.01] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.06] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableIOAVProtection /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.07] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableIOAVProtection /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.12] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableOnAccessProtection /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.15] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableOnAccessProtection /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.18] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.20] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.26] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.27] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.32] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.34] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.38] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.40] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.45] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.46] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.51] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v SpynetReporting /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.52] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v SpynetReporting /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.57] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v SubmitSamplesConsent /t REG_DWORD /d 2 /f [05-04-2025 21:55:41.60] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet /v SubmitSamplesConsent /t REG_DWORD /d 2 /f [05-04-2025 21:55:41.63] [INFO] Registry Add operation: HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderApiLogger /v Start /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.66] [SUCCESS] Registry Add operation successful: HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderApiLogger /v Start /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.71] [INFO] Registry Add operation: HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger /v Start /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.73] [SUCCESS] Registry Add operation successful: HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger /v Start /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.77] [INFO] Registry Add operation: HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications /v DisableNotifications /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.79] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications /v DisableNotifications /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.84] [INFO] Registry Add operation: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.85] [SUCCESS] Registry Add operation successful: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f [05-04-2025 21:55:41.90] [INFO] Registry Add operation: HKU\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance /v Enabled /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.93] [SUCCESS] Registry Add operation successful: HKU\DefaultUser\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance /v Enabled /t REG_DWORD /d 0 /f [05-04-2025 21:55:41.96] [INFO] Registry Delete operation: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SecurityHealth /f [05-04-2025 21:55:41.98] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SecurityHealth /f [05-04-2025 21:55:42.01] [INFO] Registry Delete operation: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f [05-04-2025 21:55:42.02] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f [05-04-2025 21:55:42.06] [INFO] Registry Delete operation: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EPP /f [05-04-2025 21:55:42.07] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\EPP /f [05-04-2025 21:55:42.09] [INFO] Registry Delete operation: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EPP /f [05-04-2025 21:55:42.12] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EPP /f [05-04-2025 21:55:42.13] [INFO] Registry Delete operation: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\EPP /f [05-04-2025 21:55:42.15] [SUCCESS] Registry Delete operation successful: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\EPP /f [05-04-2025 21:55:42.16] [INFO] Unloading Default User registry hive [05-04-2025 21:55:42.18] [SUCCESS] Default User registry hive unloaded successfully [05-04-2025 21:55:42.21] ===== Registry modification completed at 21:55:42.20 ===== [05-04-2025 21:55:42.23] EXECUTION TIME: 2 seconds [05-04-2025 21:55:42.23] SUMMARY: Processed 29 operations - Success: 29, Failed: 0, Skipped: 0 [05-04-2025 21:55:42.24] ERRORS: None Code: [05-04-2025 21:56:37.01] ===== Starting scheduled task management process ===== [05-04-2025 21:56:37.03] [INFO] Processing task: Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh [START] [05-04-2025 21:56:37.07] [INFO] Task Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh exists, checking status [05-04-2025 21:56:37.17] [INFO] Current status of Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh is: Ready [05-04-2025 21:56:37.17] [INFO] Task Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh is not running, proceeding to disable [05-04-2025 21:56:37.18] [INFO] Disabling task Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh [05-04-2025 21:56:37.28] [SUCCESS] Task Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh successfully disabled [05-04-2025 21:56:37.28] [INFO] Processing task: Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh [END - Status: SUCCESS] [05-04-2025 21:56:37.29] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance [START] [05-04-2025 21:56:37.32] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance exists, checking status [05-04-2025 21:56:37.39] [INFO] Current status of Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance is: Ready [05-04-2025 21:56:37.39] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance is not running, proceeding to disable [05-04-2025 21:56:37.41] [INFO] Disabling task Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance [05-04-2025 21:56:37.48] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance successfully disabled [05-04-2025 21:56:37.50] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance [END - Status: SUCCESS] [05-04-2025 21:56:37.51] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Cleanup [START] [05-04-2025 21:56:37.56] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Cleanup exists, checking status [05-04-2025 21:56:37.64] [INFO] Current status of Microsoft\Windows\Windows Defender\Windows Defender Cleanup is: Ready [05-04-2025 21:56:37.65] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Cleanup is not running, proceeding to disable [05-04-2025 21:56:37.65] [INFO] Disabling task Microsoft\Windows\Windows Defender\Windows Defender Cleanup [05-04-2025 21:56:37.76] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Cleanup successfully disabled [05-04-2025 21:56:37.78] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Cleanup [END - Status: SUCCESS] [05-04-2025 21:56:37.79] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan [START] [05-04-2025 21:56:37.82] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan exists, checking status [05-04-2025 21:56:37.87] [INFO] Current status of Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan is: Ready [05-04-2025 21:56:37.89] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan is not running, proceeding to disable [05-04-2025 21:56:37.89] [INFO] Disabling task Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan [05-04-2025 21:56:37.96] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan successfully disabled [05-04-2025 21:56:37.96] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan [END - Status: SUCCESS] [05-04-2025 21:56:37.98] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Verification [START] [05-04-2025 21:56:38.01] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Verification exists, checking status [05-04-2025 21:56:38.06] [INFO] Current status of Microsoft\Windows\Windows Defender\Windows Defender Verification is: Ready [05-04-2025 21:56:38.06] [INFO] Task Microsoft\Windows\Windows Defender\Windows Defender Verification is not running, proceeding to disable [05-04-2025 21:56:38.07] [INFO] Disabling task Microsoft\Windows\Windows Defender\Windows Defender Verification [05-04-2025 21:56:38.14] [SUCCESS] Task Microsoft\Windows\Windows Defender\Windows Defender Verification successfully disabled [05-04-2025 21:56:38.15] [INFO] Processing task: Microsoft\Windows\Windows Defender\Windows Defender Verification [END - Status: SUCCESS] [05-04-2025 21:56:38.17] ===== Scheduled task management completed ===== [05-04-2025 21:56:38.17] SUMMARY: Processed 5 tasks - Success: 5, Failed: 0 [05-04-2025 21:56:38.18] ERRORS: None [05-04-2025 21:56:38.18] EXECUTION TIME: 1.15 seconds
Scripts to safely disable services and scheduled tasks during Windows OS setup. Spoiler: disable_services.cmd Code: @echo off setlocal enabledelayedexpansion REM ===== Configuration ===== set "VERBOSE=0" REM 0 for critical logs only, 1 for comprehensive logs set "MAX_RETRIES=2" set "STOP_TIMEOUT=10" set "POWERSHELL_TIMEOUT=15" REM ===== Create log directory if it doesn't exist ===== set "LogDir=%SystemRoot%\Setup\Scripts\Logs" set "LogFile=%LogDir%\Disable_services_log.txt" if not exist "%LogDir%" mkdir "%LogDir%" REM ===== Define error constants ===== set "ERR_STOP_TIMEOUT=1" set "ERR_DISABLE_FAILED=2" set "ERR_RETRY_FAILED=3" set "ERR_POWERSHELL_FAILED=4" REM ===== Initialize tracking variables ===== set "TOTAL_SERVICES=0" set "SUCCESSFUL_SERVICES=0" set "FAILED_SERVICES=0" set "SKIPPED_SERVICES=0" set "ERROR_LIST=" REM ===== Start execution time tracking ===== set "START_TIME=%time%" call :log_critical "===== Starting service management process at %START_TIME% =====" REM ===== Check PowerShell availability ===== call :check_powershell_available if "%POWERSHELL_AVAILABLE%"=="1" ( call :log_info "PowerShell is available - will use as primary method" ) else ( call :log_warning "PowerShell is not available - will use traditional methods only" ) REM ===== Services to manage ===== set "services=WinDefend WdNisSvc WdNisDrv WdFilter MDCoreSvc" for %%s in (%services%) do ( set /a TOTAL_SERVICES+=1 call :process_service "%%s" ) REM ===== End execution time tracking ===== set "END_TIME=%time%" call :calculate_execution_time "%START_TIME%" "%END_TIME%" REM ===== Report final status ===== call :log_critical "===== Service management completed at %END_TIME% =====" call :log_critical "EXECUTION TIME: %EXECUTION_TIME_SEC% seconds" call :log_critical "SUMMARY: Processed %TOTAL_SERVICES% services - Success: %SUCCESSFUL_SERVICES%, Failed: %FAILED_SERVICES%, Skipped: %SKIPPED_SERVICES%" if defined ERROR_LIST ( call :log_critical "ERRORS: %ERROR_LIST%" ) else ( call :log_critical "ERRORS: None" ) exit /b 0 :check_powershell_available set "POWERSHELL_AVAILABLE=0" powershell.exe -Command "exit 0" >nul 2>&1 if %ERRORLEVEL% EQU 0 ( set "POWERSHELL_AVAILABLE=1" ) exit /b 0 :process_service set "service_name=%~1" set "service_status=SUCCESS" call :log_info "Processing service: %service_name% [START]" REM ===== Check if service exists ===== sc query %service_name% >nul 2>&1 if %ERRORLEVEL% NEQ 0 ( call :log_info "Service %service_name% does not exist, skipping" set "service_status=SKIPPED" set /a SKIPPED_SERVICES+=1 goto :service_complete ) call :log_info "Service %service_name% exists, checking status" REM ===== Check if service is running ===== sc query %service_name% | find "RUNNING" >nul 2>&1 if %ERRORLEVEL% EQU 0 ( call :log_info "Service %service_name% is running, attempting to stop it" REM ===== Try PowerShell method first if available ===== if "%POWERSHELL_AVAILABLE%"=="1" ( call :stop_service_powershell "%service_name%" if "!stop_success!"=="true" ( goto :disable_service ) else ( call :log_warning "PowerShell method failed for %service_name%, trying fallback method" ) ) REM ===== Fallback to traditional method ===== call :stop_service_traditional "%service_name%" ) else ( call :log_info "Service %service_name% is not running, proceeding to disable" set "stop_success=true" ) REM ===== Only proceed to disable if stopping was successful ===== if "%stop_success%"=="false" ( goto :service_complete ) :disable_service REM ===== Disable the service ===== call :log_info "Disabling service %service_name%" set "disable_success=false" set "retry_count=0" :retry_disable sc config %service_name% start= disabled >nul 2>&1 REM ===== Verify service is disabled ===== sc qc %service_name% | find "START_TYPE" | find "4" >nul 2>&1 if %ERRORLEVEL% EQU 0 ( call :log_success "Service %service_name% successfully disabled" set "disable_success=true" ) else ( REM Capture the actual error message set "error_output=" for /f "tokens=*" %%e in ('sc config %service_name% start= disabled 2^>^&1') do ( set "error_output=!error_output! %%e" ) call :log_error "Failed to disable service %service_name%: !error_output!" REM Check if we should retry set /a "retry_count+=1" if !retry_count! LEQ %MAX_RETRIES% ( call :log_warning "Retrying disable operation for %service_name% (attempt !retry_count! of %MAX_RETRIES%)" goto :retry_disable ) else ( call :log_error "Maximum retries reached for disabling %service_name%" set "service_status=ERROR_%ERR_DISABLE_FAILED%" ) ) :service_complete call :log_info "Processing service: %service_name% [END - Status: %service_status%]" REM ===== Update counters ===== if "%service_status%"=="SUCCESS" ( set /a SUCCESSFUL_SERVICES+=1 ) else if "%service_status%"=="SKIPPED" ( REM Skipped services are now counted separately ) else ( set /a FAILED_SERVICES+=1 if defined ERROR_LIST ( set "ERROR_LIST=!ERROR_LIST!, %service_name%:%service_status%" ) else ( set "ERROR_LIST=%service_name%:%service_status%" ) ) exit /b 0 :stop_service_powershell set "service_name=%~1" set "stop_success=false" set "retry_count=0" call :log_info "Attempting to stop %service_name% using PowerShell method" :retry_powershell_stop REM ===== Create PowerShell command to stop service with comprehensive error handling ===== set "ps_command=try { $service = Get-Service -Name '%service_name%' -ErrorAction Stop; if ($service.Status -eq 'Running') { $service.Stop(); $service.WaitForStatus('Stopped', [System.TimeSpan]::FromSeconds(%POWERSHELL_TIMEOUT%)); Write-Output 'SUCCESS: Service stopped'; } else { Write-Output 'INFO: Service already stopped'; } } catch [System.ServiceProcess.TimeoutException] { Write-Output 'TIMEOUT: Service stop timeout'; exit 1; } catch [Microsoft.PowerShell.Commands.ServiceCommandException] { Write-Output 'SERVICE_ERROR: Service command failed'; exit 2; } catch { Write-Output 'GENERAL_ERROR: ' + $_.Exception.Message; exit 3; }" REM ===== Execute PowerShell command and capture output ===== set "ps_output=" set "ps_exit_code=0" for /f "usebackq tokens=*" %%i in (`powershell.exe -ExecutionPolicy Bypass -Command "%ps_command%" 2^>^&1`) do ( set "ps_output=%%i" ) REM ===== Check PowerShell execution result ===== if "!ps_output:~0,7!"=="SUCCESS" ( call :log_success "PowerShell successfully stopped service %service_name%" set "stop_success=true" goto :powershell_stop_complete ) else if "!ps_output:~0,4!"=="INFO" ( call :log_info "PowerShell reports service %service_name% was already stopped" set "stop_success=true" goto :powershell_stop_complete ) else if "!ps_output:~0,7!"=="TIMEOUT" ( call :log_warning "PowerShell timeout stopping service %service_name% (attempt !retry_count!)" ) else if "!ps_output:~0,13!"=="SERVICE_ERROR" ( call :log_error "PowerShell service command error for %service_name%: !ps_output!" ) else if "!ps_output:~0,13!"=="GENERAL_ERROR" ( call :log_error "PowerShell general error for %service_name%: !ps_output!" ) else ( call :log_error "PowerShell unexpected response for %service_name%: !ps_output!" ) REM ===== Retry logic for PowerShell method ===== set /a "retry_count+=1" if !retry_count! LEQ %MAX_RETRIES% ( call :log_warning "Retrying PowerShell stop for %service_name% (attempt !retry_count! of %MAX_RETRIES%)" timeout /t 2 >nul goto :retry_powershell_stop ) else ( call :log_warning "PowerShell method failed after %MAX_RETRIES% attempts for %service_name%" set "stop_success=false" ) :powershell_stop_complete exit /b 0 :stop_service_traditional set "service_name=%~1" set "stop_success=false" set "retry_count=0" call :log_info "Using traditional method to stop %service_name%" :retry_traditional_stop REM Redirect service stop messages to null to prevent log clutter net stop %service_name% /y >nul 2>&1 REM ===== Wait for service to stop ===== set "counter=0" :wait_loop_traditional timeout /t 1 >nul set /a "counter+=1" REM Check if service has stopped sc query %service_name% | find "STOPPED" >nul 2>&1 if %ERRORLEVEL% EQU 0 ( call :log_success "Traditional method successfully stopped service %service_name%" set "stop_success=true" goto :traditional_stop_complete ) REM Check if we've reached timeout if !counter! GEQ %STOP_TIMEOUT% ( call :log_error "Traditional method timed out waiting for service %service_name% to stop (attempt !retry_count!)" REM Check if we should retry set /a "retry_count+=1" if !retry_count! LEQ %MAX_RETRIES% ( call :log_warning "Retrying traditional stop for %service_name% (attempt !retry_count! of %MAX_RETRIES%)" goto :retry_traditional_stop ) else ( call :log_error "Traditional method: Maximum retries reached for stopping %service_name%" set "service_status=ERROR_%ERR_STOP_TIMEOUT%" set "stop_success=false" goto :traditional_stop_complete ) ) goto wait_loop_traditional :traditional_stop_complete exit /b 0 :calculate_execution_time REM ===== Calculate execution time ===== set "start=%~1" set "end=%~2" REM Extract hours, minutes, seconds from start time for /f "tokens=1-4 delims=:," %%a in ("%start%") do ( set /a "start_h=%%a" set /a "start_m=%%b" set /a "start_s=%%c" set /a "start_cs=%%d" ) REM Extract hours, minutes, seconds from end time for /f "tokens=1-4 delims=:," %%a in ("%end%") do ( set /a "end_h=%%a" set /a "end_m=%%b" set /a "end_s=%%c" set /a "end_cs=%%d" ) REM Calculate total seconds set /a "start_total_s=(start_h*3600)+(start_m*60)+start_s" set /a "end_total_s=(end_h*3600)+(end_m*60)+end_s" REM Handle midnight crossover if %end_total_s% LSS %start_total_s% ( set /a "end_total_s+=86400" ) REM Calculate difference in seconds set /a "EXECUTION_TIME_SEC=end_total_s-start_total_s" exit /b 0 :log_critical set "message=%~1" echo [%date% %time%] %message% echo [%date% %time%] %message% >> "%LogFile%" exit /b 0 :log_success set "message=%~1" echo [%date% %time%] [SUCCESS] %message% echo [%date% %time%] [SUCCESS] %message% >> "%LogFile%" exit /b 0 :log_error set "message=%~1" echo [%date% %time%] [ERROR] %message% echo [%date% %time%] [ERROR] %message% >> "%LogFile%" exit /b 0 :log_warning set "message=%~1" echo [%date% %time%] [WARNING] %message% echo [%date% %time%] [WARNING] %message% >> "%LogFile%" exit /b 0 :log_info set "message=%~1" echo [%date% %time%] [INFO] %message% if "%VERBOSE%"=="1" ( echo [%date% %time%] [INFO] %message% >> "%LogFile%" ) exit /b 0 Spoiler: setupcomplete.cmd Code: @echo off setlocal enabledelayedexpansion REM Create log directory if it doesn't exist set "LogDir=%SystemRoot%\Setup\Scripts\Logs" set "LogFile=%LogDir%\SetupComplete_log.txt" if not exist "%LogDir%" mkdir "%LogDir%" REM Define error constants set "ERR_TASK_STOP_FAILED=1" set "ERR_TASK_DISABLE_FAILED=2" set "ERR_RETRY_FAILED=3" REM Initialize error tracking variables set "TOTAL_TASKS=0" set "SUCCESSFUL_TASKS=0" set "FAILED_TASKS=0" set "ERROR_LIST=" REM Configuration set "MAX_RETRIES=2" set "STOP_TIMEOUT=5" set "VERBOSE=0" REM 0=Only critical logs, 1=Comprehensive logs REM Record start time set "START_TIME=%time%" for /f "tokens=1-4 delims=:.," %%a in ("%START_TIME%") do ( set /a "START_SECONDS=(((%%a*60)+%%b)*60)+%%c" set "START_CENTISECONDS=%%d" ) REM Initialize log call :log_critical "===== Starting scheduled task management process =====" REM Define tasks to process set "tasks[0]=Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" set "tasks[1]=Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" set "tasks[2]=Microsoft\Windows\Windows Defender\Windows Defender Cleanup" set "tasks[3]=Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" set "tasks[4]=Microsoft\Windows\Windows Defender\Windows Defender Verification" REM Process each task set /a count=0 :process_tasks if defined tasks[%count%] ( call :process_task "!tasks[%count%]!" set /a count+=1 goto process_tasks ) REM Calculate execution time set "END_TIME=%time%" for /f "tokens=1-4 delims=:.," %%a in ("%END_TIME%") do ( set /a "END_SECONDS=(((%%a*60)+%%b)*60)+%%c" set "END_CENTISECONDS=%%d" ) set /a "ELAPSED_SECONDS=END_SECONDS-START_SECONDS" set /a "ELAPSED_CENTISECONDS=END_CENTISECONDS-START_CENTISECONDS" if %ELAPSED_CENTISECONDS% lss 0 ( set /a "ELAPSED_CENTISECONDS+=100" set /a "ELAPSED_SECONDS-=1" ) if %ELAPSED_SECONDS% lss 0 set /a "ELAPSED_SECONDS+=86400" REM Report final status call :log_critical "===== Scheduled task management completed =====" call :log_critical "SUMMARY: Processed %TOTAL_TASKS% tasks - Success: %SUCCESSFUL_TASKS%, Failed: %FAILED_TASKS%" if defined ERROR_LIST ( call :log_critical "ERRORS: %ERROR_LIST%" ) else ( call :log_critical "ERRORS: None" ) call :log_critical "EXECUTION TIME: %ELAPSED_SECONDS%.%ELAPSED_CENTISECONDS% seconds" exit /b 0 :process_task set "task_name=%~1" set "task_status=SUCCESS" set /a TOTAL_TASKS+=1 call :log_info "Processing task: %task_name% [START]" REM Check if the task exists schtasks /Query /TN "%task_name%" >nul 2>&1 if %ERRORLEVEL% NEQ 0 ( call :log_warning "Task %task_name% does not exist, skipping" set "task_status=SKIPPED" goto :task_complete ) call :log_info "Task %task_name% exists, checking status" REM Check current task status using LIST format (more reliable than CSV for complex task names) set "current_status=" for /f "tokens=* delims=" %%a in ('schtasks /Query /TN "%task_name%" /FO LIST ^| findstr /C:"Status:"') do ( set "current_status=%%a" set "current_status=!current_status:~8!" set "current_status=!current_status: =!" ) REM Handle case where status might not be available if "!current_status!"=="" ( set "current_status=Unknown" ) call :log_info "Current status of %task_name% is: !current_status!" REM Check if the task is already disabled if /i "!current_status!"=="Disabled" ( call :log_info "Task %task_name% is already disabled, skipping disable operation" goto :task_complete ) REM Only stop the task if it's actually running if /i "!current_status!"=="Running" ( call :log_info "Task %task_name% is running, stopping it" call :stop_task "%task_name%" if !ERRORLEVEL! NEQ 0 ( set "task_status=ERROR_TASK_STOP_FAILED" goto :task_complete ) ) else ( call :log_info "Task %task_name% is not running, proceeding to disable" ) REM Disable the task call :disable_task "%task_name%" if !ERRORLEVEL! NEQ 0 ( set "task_status=ERROR_TASK_DISABLE_FAILED" ) :task_complete call :log_info "Processing task: %task_name% [END - Status: %task_status%]" REM Update counters if "%task_status%"=="SUCCESS" ( set /a SUCCESSFUL_TASKS+=1 ) else if "%task_status%"=="SKIPPED" ( set /a TOTAL_TASKS-=1 ) else ( set /a FAILED_TASKS+=1 if defined ERROR_LIST ( set "ERROR_LIST=!ERROR_LIST!, %task_name%:%task_status%" ) else ( set "ERROR_LIST=%task_name%:%task_status%" ) ) exit /b 0 :stop_task set "task_name=%~1" set "stop_success=false" set "retry_count=0" :retry_stop schtasks /End /TN "%task_name%" >nul 2>&1 set "stop_result=%ERRORLEVEL%" set "counter=0" :wait_loop timeout /t 1 >nul set /a "counter+=1" REM Check status using LIST format (more reliable) set "verify_status=" for /f "tokens=* delims=" %%a in ('schtasks /Query /TN "%task_name%" /FO LIST ^| findstr /C:"Status:"') do ( set "verify_status=%%a" set "verify_status=!verify_status:~8!" set "verify_status=!verify_status: =!" ) REM Handle case where status might not be available if "!verify_status!"=="" ( set "verify_status=Unknown" ) if /i NOT "!verify_status!"=="Running" ( call :log_success "Task %task_name% stopped successfully (now in !verify_status! state)" set "stop_success=true" exit /b 0 ) if !counter! GEQ %STOP_TIMEOUT% ( call :log_error "Timed out waiting for task %task_name% to stop (attempt !retry_count!)" set /a "retry_count+=1" if !retry_count! LEQ %MAX_RETRIES% ( call :log_warning "Retrying stop operation for %task_name% (attempt !retry_count! of %MAX_RETRIES%)" goto :retry_stop ) else ( call :log_error "Maximum retries reached for stopping %task_name%" exit /b 1 ) ) goto wait_loop :disable_task set "task_name=%~1" set "disable_success=false" set "retry_count=0" :retry_disable call :log_info "Disabling task %task_name%" schtasks /Change /TN "%task_name%" /Disable >nul 2>&1 set "disable_result=%ERRORLEVEL%" if %disable_result% EQU 0 ( REM Verify the task is actually disabled set "verify_status=" for /f "tokens=* delims=" %%a in ('schtasks /Query /TN "%task_name%" /FO LIST ^| findstr /C:"Status:"') do ( set "verify_status=%%a" set "verify_status=!verify_status:~8!" set "verify_status=!verify_status: =!" ) REM Handle case where status might not be available if "!verify_status!"=="" ( set "verify_status=Unknown" ) if /i "!verify_status!"=="Disabled" ( call :log_success "Task %task_name% successfully disabled" set "disable_success=true" exit /b 0 ) ) REM If we got here, there was an error - capture details set "error_output=" for /f "tokens=*" %%e in ('schtasks /Change /TN "%task_name%" /Disable 2^>^&1') do ( set "error_output=!error_output! %%e" ) call :log_error "Failed to disable task %task_name%: !error_output!" set /a "retry_count+=1" if !retry_count! LEQ %MAX_RETRIES% ( call :log_warning "Retrying disable operation for %task_name% (attempt !retry_count! of %MAX_RETRIES%)" goto :retry_disable ) else ( call :log_error "Maximum retries reached for disabling %task_name%" exit /b 1 ) :log_critical set "message=%~1" echo [%date% %time%] %message% >> "%LogFile%" echo [%date% %time%] %message% exit /b 0 :log_success set "message=%~1" echo [%date% %time%] [SUCCESS] %message% >> "%LogFile%" if "%VERBOSE%"=="1" ( echo [%date% %time%] [SUCCESS] %message% ) exit /b 0 :log_error set "message=%~1" echo [%date% %time%] [ERROR] %message% >> "%LogFile%" echo [%date% %time%] [ERROR] %message% exit /b 0 :log_warning set "message=%~1" echo [%date% %time%] [WARNING] %message% >> "%LogFile%" echo [%date% %time%] [WARNING] %message% exit /b 0 :log_info set "message=%~1" if "%VERBOSE%"=="1" ( echo [%date% %time%] [INFO] %message% >> "%LogFile%" echo [%date% %time%] [INFO] %message% ) exit /b 0
L Latest script are not this ? https://forums.mydigitallife.net/th...ows-10-installation.88040/page-5#post-1873444 Or https://forums.mydigitallife.net/th...ows-10-installation.88040/page-5#post-1873444 + from this post
The scripts I shared above are intended for general-purpose use to disable any services and scheduled tasks. However, in my testing, I focused only on those related to Microsoft Defender Antivirus.
Specialize.cmd runs during the early setup phase, but to use it, you have to specify it in the unattend.xml file. On the other hand, SetupComplete.cmd runs automatically after setup is done, right before you see the login screen and the Out-of-Box Experience (OOBE). You don’t need to add anything to unattend.xml for this one—just drop the script into "sources\$OEM$\Setup\Scripts\" and it’ll run. Also, while specialize scripts usually pop up a command window you can see, SetupComplete.cmd runs invisibly in the background.