A full PS window appears then becomes small to show the Disabled/Enabled notice. So we don't need NSudo anymore?
This is what I did to make it work... Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\Background\Shell\WinDefenderToggle] "MUIVerb"="Toggle Defender On or Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "Position"="Bottom" [HKEY_CLASSES_ROOT\Directory\Background\Shell\WinDefenderToggle\Command] @="C:\\YourNSudoFolderPath\\NSudoG.exe -ShowWindowMode:Hide -U:T -P:E C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -c \"Start-Process powershell -ArgumentList '-c \\\"$preferences = Get-MpPreference\\\" ; \\\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\\\"' -verb RunAs -Window Hidden\""
ok, you probably miss Powershell folder in your system environment variables path, it should be there by default... Nice one...didn't think of it I don't have because I disabled the systray icon from startup and prefer to have the minimum apps running at startup. Windows Server 2019 but that doesn't really matter it's almost the same as W10. As a side note, not sure it is necessary to use -T switch for Nsudo, it is Trusted Installer token and it's always safer to run with the least privilege... in this case -P (current process), as in my example gives you administrator rights and that should work (it does for me). Also you don't need the -Verb RunAs argument anymore with NSudo.
I did just the opposite. I use Server 2019 but used this reg file to show the tray icon Code: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray] "HideSystray"=dword:00000000
That would be another option, re-adding the RunAs at the end, but then we have a 1st window for 1sec, then a 2nd one which resizes to a 3rd one...not so fancy Code: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\background\shell\WinDefenderToggle] "MUIVerb"="Toggle Defender On or Off" "Icon"="%ProgramFiles%\\Windows Defender\\EppManifest.dll,4" "Position"="Bottom" [HKEY_CLASSES_ROOT\Directory\background\shell\WinDefenderToggle\Command] @="powershell -Window Hidden \"Start-Process powershell -ArgumentList '-c mode 48,2;\\\"$preferences = Get-MpPreference\\\";\\\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\\\";Write-Host -n -f White Real Time Protection has been` ;\\\"if (!$preferences.DisableRealtimeMonitoring -eq $true) {Write-Host -n -f R Disabled.} else {Write-Host -n -f Gree Enabled.}\\\";Start-Sleep -s 3' -Verb RunAs\"" but all solutions work anyway... have a good night, had fun to participate
Added: Make Windows Defender detect and block Potentially Unwanted Programs (PUP), Potentially Unwanted Applications (PUA) and Potentially Unwanted Software (PUS) in real-time.
for NSudo in same folder you need to write Code: "%~dp0NSudoG.exe" NSudoG (alone) will only work if NSudo is in your system environment variables path (under windows for ex. or NSudo path added manually there). So in the script; either enter NSudoG.exe full path, or copy NSudoG.exe app to windir (or add NSudo path to system environment path) and you can write NSudoG (short), or write Code: "%~dp0NSudoG.exe" if in same folder as .bat. Also, for option 2, you can simplify: -verb runas is not needed, as you already launch PS as admin (with NSudo), also I believe -c (shortened -command argument) can be taken out, because -command is default (when nothing is specified). This is shorter and should work the same: Code: [HKEY_CLASSES_ROOT\Directory\Background\Shell\ToggleDefender\Command] @="\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:P -P:E -ShowWindowMode:Hide powershell \"Start-Process powershell -ArgumentList '\\\"$preferences = Get-MpPreference\\\" ; \\\"Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)\\\"' -Window Hidden\"" edit: tested now and working. Note: differently as above we can't write (short) NSudoG in context menu entries, we need full path. ps: I personally ended up with an hybrid solution Code: @="\"C:\\Program Files\\System Tools\\System Utilities\\Nsudo\\NSudoG.exe\" -U:P -P:E -ShowWindowMode=Hide powershell -File \"C:\\Program Files\\System Tools\\System Utilities\\Scripts\\WinDefenderToggle.ps1\"" as it is much faster on my system: when running as admin, launching powershell directly is always faster than launching powershell commands through command line. edit2 : Now tested this one with success, inspired from your .bat script. It is the fastest of all...it's a different method as it stops service instead of toggle real time protection but ends up being faster. Code: [HKEY_CLASSES_ROOT\Directory\Background\Shell\ToggleDefender\Command] @="cmd.exe /c \"sc query WinDefend | find /I \"STATE\" | find \"STOPPED\" && (\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:T -ShowWindowMode:Hide sc start WinDefend & exit/b) || (\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:T -ShowWindowMode:Hide sc stop WinDefend)\"" and if you want to hide the "blinking for 1micro second" cmd window, as usual, you can use Nsudo... Code: [HKEY_CLASSES_ROOT\Directory\Background\Shell\ToggleDefender\Command] @="\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:P -ShowWindowMode:Hide cmd /c \"sc query WinDefend | find /I \"STATE\" | find \"STOPPED\" && (\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:T -ShowWindowMode:Hide sc start WinDefend & exit/b) || (\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:T -ShowWindowMode:Hide sc stop WinDefend)\""
Updated Option 2 "%~dp0NSudoG.exe" does not work. Actually either NSudo or NSudoG (alone) works even if NSudo is not in the System.
NSudo alone does work indeed, nice! But it won't in older windows editions/versions. So, for compatibility I think it's better to write it, either: Code: cd /d "%~dp0" NSudoG.exe or Code: "%~dp0NSudoG.exe" (tested and working, as it should, %~dp0 = script path)
Neither of them work in my system. It worked a couple of times, took a long time too, and then it stopped working The only one that works flawlessly for me is Code: NSudo
It should, you can ask the (many) "script masters" here, they'll sure know better than me. Anyway, with the latest reg file solution you don't need that batch script anymore.
But this one, as you said, works fast. Code: [HKEY_CLASSES_ROOT\Directory\Background\Shell\ToggleDefender\Command] @="\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:P -ShowWindowMode:Hide cmd /c \"sc query WinDefend | find /I \"STATE\" | find \"STOPPED\" && (\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:T -ShowWindowMode:Hide sc start WinDefend & exit/b) || (\"C:\\YOUR\\NSUDO\\FOLDER\\NSudoG.exe\" -U:T -ShowWindowMode:Hide sc stop WinDefend)\"" Is it OK I add it as another option?
of course, I'm glad if it can help others. for the related script, you could maybe remove because ends up being redundant options. But if you like to keep I would anyway add script path in the beginning (and simplify it a bit): Code: @echo off cd /d "%~dp0" sc query WinDefend | find "STATE" | find "RUNNING" && goto :stop :start NSudoG.exe -U:T -ShowWindowMode:Hide sc start WinDefend & exit /b :stop NSudoG.exe -U:T -ShowWindowMode:Hide sc stop WinDefend & exit /b
It looks like the thing that was causing problems with me was Code: NSudoG But with Code: NSudo everything runs smoothly.