You can use this batch script to toggle (enable-disable) Windows Defender temporarily This script starts | stops the "WinDefend" service Windows Defender will be enabled when you run the script again or when you restart your computer. Note When you run the script for the first time, Windows Defender will block the script from running. You will have to allow the script to run. Spoiler TrustedInstaller privileges * Starting | Stopping the WinDefend service needs TrustedInstaller privileges Download PowerRun Credits @wtarkan for PowerRun @Thomas Dubreuil for helping out Script * Put this batch script and PowerRun in the same folder. Code: @echo off WHOAMI /USER | FINDSTR "S-1-5-18" >nul || "%~dp0PowerRun_x64.exe" /SW:0 "%~0" &&exit sc query WinDefend | find "STATE" | find "RUNNING" &&goto :stop >nul :start sc config WinDefend start= auto & sc start WinDefend >nul powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Defender is enabled!')&exit :stop sc config WinDefend start= disabled & sc stop WinDefend >nul powershell -nop -c Add-Type -As PresentationFramework;[System.Windows.MessageBox]::Show('Windows Defender is disabled!')&exit
* For more "permanent" methods of disabling Windows Defender follow the discussion starting here... https://forums.mydigitallife.net/threads/discussion-toggle-windows-defender.78962/page-4
Maybe written like this... Code: powershell.exe -Command " '$preferences = Get-MpPreference' ; Start-Process powershell -ArgumentList '-Command \"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\" ' -verb RunAs -WindowStyle Hidden" and shortened Code: powershell -c "'$preferences = Get-MpPreference'; Start-Process powershell -ArgumentList '-c \"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\"' -verb RunAs -Window Hidden" ps: just need to copy this in "command" folder (default value data) Do you know what is the code to enable back? edit: This also works... Code: powershell -c "Start-Process powershell -ArgumentList '-c \"Set-MpPreference -DisableRealtimeMonitoring $true\"' -verb RunAs -Window Hidden" You can also use 1 (or any other number) for $true and 0 for $false So, your "final" reg file would be like that: Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle] "MUIVerb"="Windows Defender Toggle" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll" "Position"="Bottom" "SubCommands"="" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\01_Off] "MUIVerb"="Toggle Defender Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,5" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\01_Off\command] @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"Set-MpPreference -DisableRealtimeMonitoring 1\\\"' -verb RunAs -Window Hidden\"" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\02_On] "MUIVerb"="Toggle Defender On" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "CommandFlags"=dword:00000020 [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\02_On\command] @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"Set-MpPreference -DisableRealtimeMonitoring 0\\\"' -verb RunAs -Window Hidden\"" Bonus tip: for a complete "silent" solution (hiding PS window), you can use NSudo, with /U=P to get admin elevation and /ShowWindowMode=Hide. Code: "YourNSudoFolderPath\NSudoG.exe" -U:P -P:E -ShowWindowMode=Hide powershell /c "Start-Process powershell -ArgumentList '-c \"Set-MpPreference -DisableRealtimeMonitoring 1\"' -Window Hidden" ps: For info NSudo accepts both "/" or "-" , and ":" or "=" ( /U= is the same as -U: )
Thanks. My powershell script works fine from the context menu. It's the Batch script that toggles Defender Control that's not working from the context menu. But your reg file works too--it's another option P.S The beauty of my toggle scripts is that it automatically enables or disables Defender when you run it. Another advantage of converting the .Bat or .Ps1 to .Exe is you have the option to hide the script's window.
I thought would be nice to have a window with a "done" message for the toggle, because powershell is so slow... so made my context menu like that for now... Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle] "MUIVerb"="Windows Defender Toggle" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "Position"="Bottom" "SubCommands"="" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\01_Off] "MUIVerb"="Toggle Defender Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,5" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\01_Off\command] @="\"C:\\Program Files\\System Tools\\System Utilities\\Nsudo\\NSudoG.exe\" -U:P -P:E -ShowWindowMode=Hide powershell /c \"Start-Process powershell -ArgumentList '-c mode 48,2; \\\"Set-MpPreference -DisableRealtimeMonitoring 1\\\"; Write-Host -n -f White Real Time Protection has been` ; Write-Host -n -f R Disabled.; Start-Sleep -s 4'\"" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\02_On] "MUIVerb"="Toggle Defender On" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "CommandFlags"=dword:00000020 [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\shell\02_On\command] @="\"C:\\Program Files\\System Tools\\System Utilities\\Nsudo\\NSudoG.exe\" -U:P -P:E -ShowWindowMode=Hide powershell /c \"Start-Process powershell -ArgumentList '-c mode 48,2; \\\"Set-MpPreference -DisableRealtimeMonitoring 0\\\"; Write-Host -n -f White Real Time Protection has been` ; Write-Host -n -f Gree Enabled.; Start-Sleep -s 4'\""
Don't you want to create a reg file that automatically toggles Defender with just one click? Like so...
ok, you mean in one button, I did it with 2 "subcommands" Then it simply is Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle] "MUIVerb"="Toggle Defender On or Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "Position"="Bottom" [HKEY_CLASSES_ROOT\DesktopBackground\Shell\WinDefenderToggle\Command] @="powershell -c \"Start-Process powershell -ArgumentList '-c \\\"$preferences = Get-MpPreference\\\" ; \\\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\\\"' -verb RunAs -Window Hidden\"" your icon is "native one" or?
No I added the icon when converting the PS1 to EXE. You reg file is better... no need to create a powershell script, convert it then add it to the context menu. Still shows a PS window though
you could use NSudo to hide first window... like this: Code: "C:\NSudoFolderPath\NSudoG.exe" -U:P -P:E -ShowWindowMode=Hide powershell -c "Start-Process powershell -ArgumentList '-c \"$preferences = Get-MpPreference\" ; \"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\"' -Window Hidden"
I think so...because you need to parse in 2 commands to run it elevated (it won't work if not elevated) so either powershell opening powershell or nsudo opening powershell (kind of)
If you like I can post your reg file in the OP as another option. Crediting you of course. Just need to test it out first
I prefer "Directory\Background" to "DesktopBackground". This way you can still disable Defender from inside Windows Explorer. What do you think? Code: [HKEY_CLASSES_ROOT\Directory\Background\shell\WinDefenderToggle]
Cannot make it work with NSudo. In NSudoG.exe it says... "To ensure the best experience, NSudoC does not support context menu." But I was able to make it work with PowerRun
By the way, we can also take out the first "-c" , because when we don't specify "-File" argument, -Command (abreviated to -c) is always the default. We can add another -WindowStyle Hidden too, but still windows will open shell for 1s before executing the "Hidden" command... So it would look like this : Code: powershell -Window Hidden "Start-Process powershell -ArgumentList '-c \"$preferences = Get-MpPreference\";\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\"' -verb RunAs -Window Hidden" and in reg: Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\Background\shell\WinDefenderToggle] "MUIVerb"="Toggle Defender On or Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "Position"="Bottom" [HKEY_CLASSES_ROOT\Directory\Background\shell\WinDefenderToggle\Command] @="powershell -Window Hidden \"Start-Process powershell -ArgumentList '-c \\\"$preferences = Get-MpPreference\\\";\\\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\\\"' -verb RunAs -Window Hidden\"" I like also the option to show a small "Disabled/Enabled" Window...Because the PS command is quite slow and you not sure if command worked (or if state is disabled or enabled)... With NSudo it looks like this: Code: "C:\YourNSudoFolderPath\NSudoG.exe" -U:P -P:E -ShowWindowMode=Hide powershell "Start-Process powershell -ArgumentList '-c mode 48,2;\"$preferences = Get-MpPreference\";\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\";Write-Host -n -f White Real Time Protection has been` ;\"if (!$preferences.DisableRealtimeMonitoring -eq $true) {Write-Host -n -f R Disabled.} else {Write-Host -n -f Gree Enabled.}\";Start-Sleep -s 3'" and in reg, again: Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\Background\shell\WinDefenderToggle] "MUIVerb"="Toggle Defender On or Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "Position"="Bottom" [HKEY_CLASSES_ROOT\Directory\Background\shell\WinDefenderToggle\Command] @="C:\\YourNSudoFolderPath\\NSudoG.exe\" -U:P -P:E -ShowWindowMode=Hide powershell \"Start-Process powershell -ArgumentList '-c mode 48,2;\\\"$preferences = Get-MpPreference\\\";\\\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\\\";Write-Host -n -f White Real Time Protection has been` ;\\\"if (!$preferences.DisableRealtimeMonitoring -eq $true) {Write-Host -n -f R Disabled.} else {Write-Host -n -f Gree Enabled.}\\\";Start-Sleep -s 3'\"" ps tested and working, maybe you got wrong path... oh I see you edited, so it works