ToggleDickfender yessss! Please please open a dedicated thread. I love the Disable - Enable approach. Simple...Beautiful... Zero complications.
I've toyed a bit with it, it used to be Yes for Disable and No for Enable, not that great in retrospective - thanks to @freddie-o for suggesting a more intuitive form!
Volatile Environment (there is actually only one entry, HKCU is just a link to one of the HKU entries) goes away after reboot. Keeping the entry there is a compromise for sys-admins, since the whole script is no longer logged in Microsoft-Windows-PowerShell/Operational. But sure, I will consider it. Removing UAC bypass does not significantly slims or clears the script. Plus, it's a statement. I want all UAC bypasses, specially ones so easy to pull off, patched and back-ported to all windows versions. Malware have been actively using such bypasses with impunity, taking advantage of the fact that most windows users do not use a limited account. If you did not know, Defender actually has a detection rule for DiskCleanup UAC bypass. But it only tackles one use case, via schtasks - it's absolutely maddening. Script also ends with couple lines of code that can be un-commented to patch this specific bypass and I would not want to let go of that. Script used to toggle a lot more defender features, but now only stops auto-actions. No AV should first delete stuff and then tell you about. Specially when Defender has so many fake positives for stuff Microsoft dislikes, but not actually malicious. Too many times have I seen it do that, and then it was impossible to recover the file / force closed my file manager or running scripts leading to loss of work. There's no easy way for a user to toggle that, so the script helps with it. But on this point I agree it's debatable. I also should comment the whole tweaks section, as is it resets a few policies. And that might not be a bad thing per-se, I've lately seen many reports of defender not working anymore and even in-place repairs not fixing it because policies survive that. Definitely not my script.
Having a native feedback of Defender state is actually a cool feature of the script, specially since notifications on toggle are hidden. Best-practice is to always show all icons in the systray, but you can hide it individually via Taskbar settings, or comment it in the script at line #16
Windows Defender is worse than a virus I try to disable it in Windows 10 version 2004 from a friend and I can't do it at all. I disable tamper protection and use group policy but the entry in registry for the GP is not created correctly. I create the entry manually and it is deleted Version 2004 is more buggy than hell I don't know how you guys can use it.
Well, the Bahrain shady investment group did not manage to touch any asset from Avira, as they were given an offer they can't refuse by Broadcom last week. Spoiler: offer It probably went something along the lines of sell it to us, or we can't guarantee a drone won't misfire around your location.. And yes, Broadcom supposedly has ties with the NSA. I pretty much trust NSA more than all the other data-hoarding entities combined, tough. Broadcom earlier this year also bought Symantec (Norton), so now the newly re-listed company NortonLifeLock = Norton + Avira. But since Norton reached scareware level (almost fake av) on it's last legs, I don't see how that would mix with a product 10x better that was Avira. The obvious conclusion is that Broadcom was only after home users and companies data with this purchase. The future looks grim for consumers and business in these veritable world data wars. For now, you can trust Bitdefender and Eset, or stick with the subpar Defender. @shhnedo, I'm more ambitious than that, I want a forum section
Warning, don't try this unless you are cool with holding down the power button to reboot your system. Want to see something funny? Grab ProcessExplorer (or any tool with the same functionality). Right click MsMpEng.exe and select 'Kill Process'. You will get an access denied warning. Now right click MsMpEng.exe again and select 'Suspend', then close ProcessExplorer. Now try to do literally anything with your system. Effectively Defender is waiting for new execution attempts to clear a security check and the suspended process prevents that from ever happening.
Avira was once the best and only good antivirus free but over time it got heavy and irritating so I abandoned it. I currently believe that only paid antivirus is good. My favorite since the time of Windows XP is ESET super light and efficient
Microsoft Security Essentials is not supposed to disable itself when other antivirus's gets installed. However, we can still kill its services to disable it the same as we can do with windows defender. In another scenario, if we install two av's, such as Kaspersky and Bitdefender (whose services can't be killed), we can pause one av and continue to use other. By this, I suppose WD shouldn't have to allow anything to kill itself, just so that it can disable itself when needed. I don't have any idea why WD in 2020 doesn't have basic protection to stop itself from being killed, just like almost all 3rd party AV software has. Because of this, on more than 50% of PC's, any software can do something like this without any fuss, - Kill WD - Extract/download malware/ransomware - Execute it Are they fu*king nuts?
It feels like WD is the only antivirus that i dont feel impact on my pc performance. I did not test eset but im pretty sure WD is the most optimized antivirus for windows pc's when it comes to impacting performance.