These scripts can be freely shared on forums / websites / file hostings, but only in case where there's no any profit & in clear must not be used for any type of benefits ie money & or user is not allowed to change the title as well as msg popup in the scripts. Win10 Tweaker: Included in Complete $OEM$ Pack Code: @echo off & Title Win10 Tweaker & color 17 :: ---------------------------------------------------------- echo Get Admin Privilege :: ---------------------------------------------------------- REM --> Check for permissions >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" REM --> If error flag set, we do not have admin. if '%errorlevel%' NEQ '0' ( echo Requesting administrative privileges... goto UACPrompt) else ( goto gotAdmin ) :UACPrompt echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" "%temp%\getadmin.vbs" exit /B :gotAdmin :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Creating System Restore Point Before Doing any Change :: ---------------------------------------------------------- Powershell -Command "Enable-ComputerRestore -Drive $env:SystemDrive" Powershell -Command "New-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore' -Name SystemRestorePointCreationFrequency -PropertyType DWord -Value 0 -Force" Powershell -Command "Checkpoint-Computer -Description 'SystemRestore' -RestorePointType MODIFY_SETTINGS" Powershell -Command "New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore' -Name SystemRestorePointCreationFrequency -PropertyType DWord -Value 8640000 -Force" Powershell -Command "Disable-ComputerRestore -Drive $env:SystemDrive" :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Remove This PC Libraries reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{0DB7E03F-FC29-4DC6-9020-FF41B59E513A}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" /f reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" /f :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- TakeOwnership of WaasMedic and Remove Logs takeown /f %SystemRoot%\Logs\waasmedic /R /D y icacls %SystemRoot%\Logs\waasmedic /grant administrators:F /T RD /S /Q "%SystemRoot%\Logs\waasmedic" :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Remove WindowsApps for Current User --- Powershell -Command "Get-AppxProvisionedPackage -Online | Out-GridView -PassThru -Title 'Select Provisioned Apps to Remove' | Remove-AppxProvisionedPackage -Online -Verbose" echo. echo --- Remove SystemApps for Current User --- Powershell -Command "Get-AppxPackage | Out-GridView -PassThru -Title 'Select Current User System Apps to Remove' | Remove-AppxPackage -ErrorAction SilentlyContinue -Verbose" echo. echo --- Remove SystemApps for All Users --- Powershell -Command "Get-AppxPackage -AllUsers | Out-GridView -PassThru -Title 'Select All Users System Apps to Remove' | Remove-AppxPackage -ErrorAction SilentlyContinue -Verbose" :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Remove Firewall Rules --- Powershell -Command "Get-NetFirewallRule | Out-GridView -PassThru -Title 'Delete Firewall Rules' | Remove-NetFirewallRule -Confirm:$False -Verbose" echo. echo --- Allow SVCHOST Outbound Connection in Firewall --- Powershell -Command "New-NetFirewallRule -DisplayName 'Host Process for Windows Services (svchost.exe)' -Direction Outbound -Program '%SystemRoot%\System32\svchost.exe' -Action Allow -Verbose" :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Apply Best Autologger Policy --- Powershell -Command "Get-AutologgerConfig | Out-GridView -PassThru -Title 'Select Autologger and Click OK to Stop' | Set-AutologgerConfig -Start 0 -InitStatus 0 -Confirm:$False -ErrorAction SilentlyContinue -Verbose" :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Remove Scheduled Tasks --- Powershell -Command "Get-Scheduledtask | Out-GridView -PassThru -Title 'Select Scheduled Tasks to Delete' | Unregister-ScheduledTask -Confirm:$false -ErrorAction SilentlyContinue -Verbose" :: ---------------------------------------------------------- echo. :: ---------------------------------------------------------- echo --- Clear Windows Product Key from Registry --- cscript //nologo %SystemRoot%\System32\slmgr.vbs /dlv cscript //nologo %SystemRoot%\System32\slmgr.vbs /cpky :: ---------------------------------------------------------- Disable Win10 Extra Services Included in Complete $OEM$ Pack Code: @echo off & title Disable Services & color 17 reg add "HKLM\SYSTEM\CurrentControlSet\Services\CredentialEnrollmentManagerUserSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationBrokerSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\DmWapPushService" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\DoSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\MessagingService" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\sgrmbroker" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f sc stop AarSvc & sc config AarSvc start=disabled sc stop AJRouter & sc config AJRouter start=disabled sc stop ALG & sc config ALG start=disabled sc stop AppMgmt & sc config AppMgmt start=disabled sc stop AppReadiness & sc config AppReadiness start=disabled sc stop BcastDVRUserService & sc config BcastDVRUserService start=disabled sc stop BluetoothUserService & sc config BluetoothUserService start=disabled sc stop BthAvctpSvc & sc config BthAvctpSvc start=disabled sc stop BTAGService & sc config BTAGService start=disabled sc stop bthserv & sc config bthserv start=disabled sc stop CaptureService & sc config CaptureService start=disabled sc stop cbdhsvc & sc config cbdhsvc start=disabled sc stop CDPSvc & sc config CDPSvc start=disabled sc stop CDPUserSvc & sc config CDPUserSvc start=disabled sc stop CertPropSvc & sc config CertPropSvc start=disabled sc stop cldflt & sc config cldflt start=disabled sc stop ConsentUxUserSvc & sc config ConsentUxUserSvc start=disabled sc stop DeviceAssociationService & sc config DeviceAssociationService start=disabled sc stop DevicePickerUserSvc & sc config DevicePickerUserSvc start=disabled sc stop DevicesFlowUserSvc & sc config DevicesFlowUserSvc start=disabled sc stop diagsvc & sc config diagsvc start=disabled sc stop DPS & sc config DPS start=disabled sc stop DsSvc & sc config DsSvc start=disabled sc stop FrameServer & sc config FrameServer start=disabled sc stop HvHost & sc config HvHost start=disabled sc stop icssvc & sc config icssvc start=disabled sc stop InstallService & sc config InstallService start=disabled sc stop lfsvc & sc config lfsvc start=disabled sc stop lmhosts & sc config lmhosts start=disabled sc stop LxpSvc & sc config LxpSvc start=disabled sc stop MapsBroker & sc config MapsBroker start=disabled sc stop MRxDAV & sc config MRxDAV start=disabled sc stop MSiSCSI & sc config MSiSCSI start=disabled sc stop NaturalAuthentication & sc config NaturalAuthentication start=disabled sc stop NcaSvc & sc config NcaSvc start=disabled sc stop NcdAutoSetup & sc config NcdAutoSetup start=disabled sc stop NetBT & sc config NetBT start=disabled sc stop Netlogon & sc config Netlogon start=disabled sc stop PcaSvc & sc config PcaSvc start=disabled sc stop PeerDistSvc & sc config PeerDistSvc start=disabled sc stop PhoneSvc & sc config PhoneSvc start=disabled sc stop PushToInstall & sc config PushToInstall start=disabled sc stop RetailDemo & sc config RetailDemo start=disabled sc stop RpcLocator & sc config RpcLocator start=disabled sc stop SharedAccess & sc config SharedAccess start=disabled sc stop SEMgrSvc & sc config SEMgrSvc start=disabled sc stop SessionEnv & sc config SessionEnv start=disabled sc stop SensorDataService & sc config SensorDataService start=disabled sc stop SensrSvc & sc config SensrSvc start=disabled sc stop SensorService & sc config SensorService start=disabled sc stop SCardSvr & sc config SCardSvr start=disabled sc stop ScDeviceEnum & sc config ScDeviceEnum start=disabled sc stop SCPolicySvc & sc config SCPolicySvc start=disabled sc stop SmsRouter & sc config SmsRouter start=disabled sc stop SNMPTRAP & sc config SNMPTRAP start=disabled sc stop SSDPSRV & sc config SSDPSRV start=disabled sc stop StorSvc & sc config StorSvc start=disabled sc stop SysMain & sc config SysMain start=disabled sc stop TabletInputService & sc config TabletInputService start=disabled sc stop TermService & sc config TermService start=disabled sc stop TrkWks & sc config TrkWks start=disabled sc stop tunnel & sc config tunnel start=disabled sc stop UmRdpService & sc config UmRdpService start=disabled sc stop upnphost & sc config upnphost start=disabled sc stop vmicguestinterface & sc config vmicguestinterface start=disabled sc stop vmicheartbeat & sc config vmicheartbeat start=disabled sc stop vmickvpexchange & sc config vmickvpexchange start=disabled sc stop vmicrdv & sc config vmicrdv start=disabled sc stop vmicshutdown & sc config vmicshutdown start=disabled sc stop vmictimesync & sc config vmictimesync start=disabled sc stop vmicvmsession & sc config vmicvmsession start=disabled sc stop vmicvss & sc config vmicvss start=disabled sc stop wcncsvc & sc config wcncsvc start=disabled sc stop WdiServiceHost & sc config WdiServiceHost start=disabled sc stop WdiSystemHost & sc config WdiSystemHost start=disabled sc stop WebClient & sc config WebClient start=disabled sc stop wercplsupport & sc config wercplsupport start=disabled sc stop WerSvc & sc config WerSvc start=disabled sc stop WinRM & sc config WinRM start=disabled sc stop wisvc & sc config wisvc start=disabled sc stop WpcMonSvc & sc config WpcMonSvc start=disabled sc stop WpnService & sc config WpnService start=disabled sc stop WwanSvc & sc config WwanSvc start=disabled sc stop XblAuthManager & sc config XblAuthManager start=disabled sc stop XblGameSave & sc config XblGameSave start=disabled sc stop XboxGipSvc & sc config XboxGipSvc start=disabled sc stop XboxNetApiSvc & sc config XboxNetApiSvc start=disabled Permanently Disable Defender to Use Thrid Party Antivirus / TotalSecurity [User Needs Both SetACL & PowerRun Next to Script to be Fully Functional] : Included in Complete $OEM$ Pack Code: @echo off & title Disable Defender Permanently & color 17 cd %~dp0 echo ========================================================== echo - Disable Defender - TamperProtection ^& Smartscreen - echo ========================================================== SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn setowner -ownr "n:Administrators" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender" -ot reg -actn ace -ace "n:Administrators;p:full" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn setowner -ownr "n:Administrators" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" -ot reg -actn ace -ace "n:Administrators;p:full" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn setowner -ownr "n:Administrators" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" -ot reg -actn ace -ace "n:Administrators;p:full" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn setowner -ownr "n:Administrators" SetACL -on "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" -ot reg -actn ace -ace "n:Administrators;p:full" reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v "DisableAntiVirus" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtection" /t reg_DWORD /d "4" /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Features" /v "TamperProtectionSource" /t reg_DWORD /d "2" /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration" /v "DisablePrivacyMode" /t reg_DWORD /d "1" /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t reg_DWORD /d "0" /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t reg_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t reg_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Microsoft\RemovalTools\MpGears" /v "SpyNetReportingLocation" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" /v "EnableSmartScreen" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "EnabledV9" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter" /v "PreventOverride" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f reg add "HKCU\SOFTWARE\Policies\Microsoft\Edge" /v "SmartScreenEnabled" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t reg_SZ /d "Off" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t reg_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "PreventOverride" /t reg_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_EdgeSmartScreenOff" /t REG_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AppAndBrowser_StoreAppsSmartScreenOff" /t reg_DWORD /d 0 /f reg add "HKCU\Software\Microsoft\Windows Security Health\State" /v "AccountProtection_MicrosoftAccount_Disconnected" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "RandomizeScheduleTaskTimes" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "PUAProtection" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t reg_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /v "DisableAutoExclusions" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "PurgeItemsAfterDelay" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine" /v "LocalSettingOverridePurgeItemsAfterDelay" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScriptScanning" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleDay" /t reg_DWORD /d "8" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation" /v "Scan_ScheduleTime" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "AdditionalActionTimeOut" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "CriticalFailureTimeOut" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "NonCriticalTimeOut" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericRePorts" /t reg_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "AvgCPULoadFactor" /t reg_DWORD /d "10" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableArchiveScanning" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupFullScan" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableCatchupQuickScan" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRemovableDriveScanning" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableRestorePoint" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningMappedNetworkDrivesForFullScan" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "DisableScanningNetworkFiles" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "PurgeItemsAfterDelay" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleDay" /t reg_DWORD /d 8 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScheduleTime" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanOnlyIfIdle" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan" /v "ScanParameters" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates" /v "FirstAuGracePeriod" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "DisableUpdateOnStartupWithoutEngine" /t reg_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleDay" /t reg_DWORD /d 8 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ScheduleTime" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "SignatureUpdateCatchupInterval" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControl" /t reg_SZ /d "Anywhere" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t reg_DWORD /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReportingLocation" /t reg_MULTI_SZ /d "0" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t reg_DWORD /d "2" /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t reg_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t reg_DWORD /d "1" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /t reg_BINARY /d "030000000000000000000000" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\Sense" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\WdBoot" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\WdFilter" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\WdNisDrv" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\wscsvc" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\WdBoot" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\WdFilter" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisDrv" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\WdNisSvc" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\WinDefend" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v "Start" /t reg_DWORD /d "4" /f PowerRun /SW:0 %Windir%\System32\reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t reg_DWORD /d "4" /f Powershell -Command "Get-MpPreference" echo ========================================================== echo. echo ========================================================== Powershell -Command "$wshell=New-Object -ComObject wscript.shell; $wshell.SendKeys('^a') Powershell -Command "$wshell=New-Object -ComObject wscript.shell; $wshell.SendKeys('^c') Powershell -Command "Get-Clipboard >%UserProfile%\Desktop\DisabledDefender.txt" taskkill /f /im explorer.exe & start explorer.exe echo ========================================================== Please Dont Ask to Re-Enable Defender Again This Way. Use it At Your Own Risk. Win10 SystemApps Removal Tweaker : User Need Both SetACL & SQLite3 Executables next to Script Included in Complete $OEM$ Pack Code: @echo off & title SystemApps Removal Tweaker & color 17 cd %~dp0 echo ------ SystemApps Removal Tweak PowerShell -Command "Get-AppXProvisionedPackage -Online | Out-GridView -PassThru -Title 'Remove Metro Apps' | Remove-AppXProvisionedPackage -Online -AllUsers -ErrorAction SilentlyContinue -Verbose" SetACL -ot "reg" -on "HKLM\SYSTEM\CurrentControlSet\Services\StateRepository" -actn setowner -ownr "n:Administrators" SetACL -ot "reg" -on "HKLM\SYSTEM\CurrentControlSet\Services\StateRepository" -actn ace -ace "n:Administrators;p:full" Powershell -Command "Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\StateRepository' 'Start' 4 -Verbose" Powershell -Command "Stop-Service -Name StateRepository -Force -Verbose" Powershell -Command "Get-Service -Name StateRepository -Verbose" SetACL -ot "file" -on "%ProgramFiles%\WindowsApps" -actn setowner -ownr "n:Administrators" SetACL -ot "file" -on "%ProgramFiles%\WindowsApps" -actn ace -ace "n:Administrators;p:full" SetACL -ot "file" -on "%ProgramData%\Microsoft\Windows\AppRepository" -actn setowner -ownr "n:Administrators" SetACL -ot "file" -on "%ProgramData%\Microsoft\Windows\AppRepository" -actn ace -ace "n:Administrators;p:full" SetACL -ot "file" -on "%ProgramData%\Microsoft\Windows\AppRepository\StateRepository-Machine.srd" -actn setowner -ownr "n:Administrators" SetACL -ot "file" -on "%ProgramData%\Microsoft\Windows\AppRepository\StateRepository-Machine.srd" -actn ace -ace "n:Administrators;p:full" IF EXIST "%ProgramData%\Microsoft\Windows\AppRepository\PackageRepository.edb" del /f /s /q /a "%ProgramData%\Microsoft\Windows\AppRepository\PackageRepository.edb" Powershell -Command "Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\StateRepository' 'Start' 2 -Verbose" Powershell -Command "Start-Service -Name StateRepository -Verbose" Powershell -Command "Get-Service -Name StateRepository -Verbose" TASKLIST /svc /fi "services eq StateRepository" TASKKILL /F /FI "services eq StateRepository" /T SQLite3 "%ProgramData%\Microsoft\Windows\AppRepository\StateRepository-Machine.srd" "DROP TRIGGER TRG_AFTER_UPDATE_Package_SRJournal;" SQLite3 "%ProgramData%\Microsoft\Windows\AppRepository\StateRepository-Machine.srd" "UPDATE Package SET IsInBox=0 WHERE IsInBox=1;" Powershell -Command "Write-Output ':***********************************************************************:' '' ' { Urgent SystemApps Removal }' '' ' Pl Do Not Select [ShellExperienceHost] [ImmersiveControlPanel] [VClibs] ' '' ' Pl Dont Worry as it will Show you Critical Error For Start Menu ' '' ' Drop it Downside Towards Taskbar ' '' ' OpenShell Is the Correct Solution for Start Menu' '' ' Waiting Time is 10 Min Until You Press OK' | MSG "%username%" /TIME:600 /W" Powershell -Command "Get-AppxPackage -AllUsers | Out-GridView -PassThru -Title 'Remove System Apps' | Remove-AppxPackage -AllUsers -ErrorAction SilentlyContinue -Verbose" Set Motherboard Company and Model in My Computer Properties (Save as (anyname).cmd & Run as Admin) Included in Complete $OEM$ Pack Code: @echo off & color 17 & title Set Motherboard Company and Model :: ---------------------------------------------------------- echo --- Set Motherboard Company and Model in My Computer Properties SETLOCAL FOR /F "tokens=3* delims= " %%i in ('reg query HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer') DO (SET BaseBoardManufacturer=%%i %%j) FOR /F "tokens=3* delims= " %%i in ('reg query HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardProduct') DO (SET BaseBoardProduct=%%i %%j) ECHO Manufacturer="%BaseBoardManufacturer%" ECHO Product="%BaseBoardProduct%" reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /t REG_SZ /v Manufacturer /d "%BaseBoardManufacturer%" /f reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation" /t REG_SZ /v Model /d "%BaseBoardProduct%" /f :: ---------------------------------------------------------- KMS38 Activation Based Tweak Script to Remove Registered KMS Machine IP & Port Plus Disable KMS Host Cache Plus Increase Renewal Interval as well as Activation Interval (Wont Affect Win Activation Status in Any Way): Included in Complete $OEM$ Pack Code: @echo off & title KMS38 Activation Tweak Script & color 17 PowerShell -Command "$key = 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f'; Get-ChildItem $key | foreach { Remove-ItemProperty -Path \"$key\$($_.pschildname)\" -Name KeyManagementServiceName -ErrorAction SilentlyContinue -Verbose }" PowerShell -Command "$key = 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\55c92734-d682-4d71-983e-d6ec3f16059f'; Get-ChildItem $key | foreach { Remove-ItemProperty -Path \"$key\$($_.pschildname)\" -Name KeyManagementServicePort -ErrorAction SilentlyContinue -Verbose }" reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "VLActivationInterval" /t REG_DWORD /d 8640000 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "VLRenewalInterval" /t REG_DWORD /d 8640000 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "DisableKeyManagementServiceHostCaching" /t REG_DWORD /d 1 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation" /v "ActivationInterval" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation" /v "Manual" /t REG_DWORD /d 0 /f reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Activation" /v "NotificationDisabled" /t REG_DWORD /d 1 /f Disable Audit Policies in Win10 : Included in Complete $OEM$ Pack Code: @echo off Auditpol /remove /allusers auditpol /clear /y Auditpol /set /category:* /Success:disable /failure:disable Check if Audit Policies are Running ie Enabled or Disabled : Included in Complete $OEM$ Pack Code: @echo off auditpol /get /category:* pause Reset Network Profiles: Included in Complete $OEM$ Pack as an addon to your desktop with name Network.cmd. Code: @echo off & title Reset Network Profiles & color 17 reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures" /f netsh wlan disconnect If you Use Wi-FI then your wireless connection will be disconnected using this script & you have to again connect it using your network icon UI in taskbar . Just see the difference Network Profile Name with 1 2 3 4 5 goes on will be deleted & your network will be conncted with the first Network profile name without any multiples. Special Note : if Network Manager Policy is set to User Domain or Private you have to again select it using your System Network Manager List Policies in Adminstrative Tools Under First Part of Control Panel.
These scripts can be freely shared on forums / websites / file hostings, but only in case where there's no any profit & in clear must not be used for any type of benefits ie money & or user is not allowed to change the title as well as msg popup in the scripts. - Offline Win10 Script to Remove Windows Apps , Remove System Apps , DisableFeatures , RemoveCapabilities , Remove OneDrive & More With Complete $OEM$ Pack -- Spoiler: Win10 ISO Tweaker Latest Win10-ISO-Tweaker June 2021 v3 Modded by [Wilenty] Code: https://www.upload.ee/files/13275659/Windows-ISO-Tweaker.zip.html Spoiler: $OEM$ Pack OEM Pack Updated Second Edition Mid May 2021 Code: https://www.upload.ee/files/13162650/_OEM_.zip.html Users can Generate there own AutoUnattend.xml file online from here Special Note : For Those Users Fighting for how to get $OEM$ Pack Work with Fully Autounattend Install xml . Just Edit your WindowsAFG Generated Autounattend xml file using Notepad & add in last before you see </FirstLogonCommands> plus write your own numerical in <Order>?</Order> next one which is already in Order list of First Logon Commands - Code: <SynchronousCommand wcm:action="add"> <Order>?</Order> <RequiresUserInput>false</RequiresUserInput> <CommandLine>cmd /c %SystemRoot%\Setup\Scripts\SetupComplete.cmd</CommandLine> <Description>SetupComplete First logon</Description> </SynchronousCommand> Credits to all of you & Pleasure is Always Mine
These scripts can be freely shared on forums / websites / file hostings, but only in case where there's no any profit & in clear must not be used for any type of benefits ie money & or user is not allowed to change the title as well as msg popup in the scripts. Extra Firewall Rules for OS Hardening Not Included in Complete $OEM$ Pack [Not needed] Code: @echo off & title Extra Firewall Rules for OS Hardening & color 17 echo ========================================================== echo --- Adding Extra Firewall Rules for OS Hardening echo ========================================================== netsh advfirewall firewall add rule name="Block appvlp.exe" program="%programfiles%\Microsoft Office\root\client\AppVLP.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block appvlp.exe" program="%programfiles(x86)%\Microsoft Office\root\client\AppVLP.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block At.exe" program="%systemroot%\System32\At.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block At.exe" program="%systemroot%\SysWOW64\At.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Attrib.exe" program="%systemroot%\System32\Attrib.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Attrib.exe" program="%systemroot%\SysWOW64\Attrib.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Atbroker.exe" program="%systemroot%\System32\Atbroker.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Atbroker.exe" program="%systemroot%\SysWOW64\Atbroker.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block bash.exe" program="%systemroot%\System32\bash.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block bash.exe" program="%systemroot%\SysWOW64\bash.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block bitsadmin.exe" program="%systemroot%\System32\bitsadmin.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block bitsadmin.exe" program="%systemroot%\SysWOW64\bitsadmin.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block calc.exe" program="%systemroot%\System32\calc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block calc.exe" program="%systemroot%\SysWOW64\calc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block certreq.exe" program="%systemroot%\System32\certreq.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block certreq.exe" program="%systemroot%\SysWOW64\certreq.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block certutil.exe" program="%systemroot%\System32\certutil.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block certutil.exe" program="%systemroot%\SysWOW64\certutil.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block cmdkey.exe" program="%systemroot%\System32\cmdkey.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block cmdkey.exe" program="%systemroot%\SysWOW64\cmdkey.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block cmstp.exe" program="%systemroot%\System32\cmstp.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block cmstp.exe" program="%systemroot%\SysWOW64\cmstp.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block CompatTelRunner.exe" program="%systemroot%\System32\CompatTelRunner.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block CompatTelRunner.exe" program="%systemroot%\SysWOW64\CompatTelRunner.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ConfigSecurityPolicy.exe" program="%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2008.9-0\ConfigSecurityPolicy.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block control.exe" program="%systemroot%\System32\control.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block control.exe" program="%systemroot%\SysWOW64\control.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Csc.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\Csc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Csc.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\Csc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block cscript.exe" program="%systemroot%\System32\cscript.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block cscript.exe" program="%systemroot%\SysWOW64\cscript.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ctfmon.exe" program="%systemroot%\System32\ctfmon.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ctfmon.exe" program="%systemroot%\SysWOW64\ctfmon.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block curl.exe" program="%systemroot%\System32\curl.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block curl.exe" program="%systemroot%\SysWOW64\curl.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block desktopimgdownldr.exe" program="%systemroot%\System32\desktopimgdownldr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block DeviceDisplayObjectProvider.exe" program="%systemroot%\System32\DeviceDisplayObjectProvider.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block DeviceDisplayObjectProvider.exe" program="%systemroot%\SysWOW64\DeviceDisplayObjectProvider.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Dfsvc.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\Dfsvc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Dfsvc.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\Dfsvc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block diskshadow.exe" program="%systemroot%\SysWOW64\diskshadow.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block diskshadow.exe" program="%systemroot%\System32\diskshadow.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Dnscmd.exe" program="%systemroot%\SysWOW64\Dnscmd.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Dnscmd.exe" program="%systemroot%\System32\Dnscmd.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block dwm.exe" program="%systemroot%\SysWOW64\dwm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block dwm.exe" program="%systemroot%\System32\dwm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block eventvwr.exe" program="%systemroot%\SysWOW64\eventvwr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block eventvwr.exe" program="%systemroot%\System32\eventvwr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block esentutl.exe" program="%systemroot%\SysWOW64\esentutl.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block esentutl.exe" program="%systemroot%\System32\esentutl.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block eventvwr.exe" program="%systemroot%\SysWOW64\eventvwr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block eventvwr.exe" program="%systemroot%\SysWOW64\eventvwr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Expand.exe" program="%systemroot%\System32\Expand.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Expand.exe" program="%systemroot%\SysWOW64\Expand.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block explorer.exe" program="%systemroot%\System32\explorer.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block explorer.exe" program="%systemroot%\SysWOW64\explorer.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Extexport.exe" program="%programfiles%\Internet Explorer\Extexport.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Extexport.exe" program="%programfiles(x86)%\Internet Explorer\Extexport.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block extrac32.exe" program="%systemroot%\System32\extrac32.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block extrac32.exe" program="%systemroot%\SysWOW64\extrac32.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block findstr.exe" program="%systemroot%\System32\findstr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block findstr.exe" program="%systemroot%\SysWOW64\findstr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block forfiles.exe" program="%systemroot%\System32\forfiles.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block forfiles.exe" program="%systemroot%\SysWOW64\forfiles.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ftp.exe" program="%systemroot%\System32\ftp.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ftp.exe" program="%systemroot%\SysWOW64\ftp.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block gpscript.exe" program="%systemroot%\System32\gpscript.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block gpscript.exe" program="%systemroot%\SysWOW64\gpscript.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block hh.exe" program="%systemroot%\System32\hh.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block hh.exe" program="%systemroot%\SysWOW64\hh.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ie4uinit.exe" program="%systemroot%\System32\ie4uinit.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ie4uinit.exe" program="%systemroot%\SysWOW64\ie4uinit.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ieexec.exe" program="%systemroot%\Microsoft.NET\Framework\v2.0.50727\ieexec.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ieexec.exe" program="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\ieexec.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ilasm.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ilasm.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Infdefaultinstall.exe" program="%systemroot%\System32\Infdefaultinstall.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Infdefaultinstall.exe" program="%systemroot%\SysWOW64\Infdefaultinstall.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block InstallUtil.exe" program="%systemroot%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block InstallUtil.exe" program="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block InstallUtil.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block InstallUtil.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Jsc.exe" program="%systemroot%\Microsoft.NET\Framework\v2.0.50727\Jsc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Jsc.exe" program="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\Jsc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Jsc.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\Jsc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Jsc.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\Jsc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block lsass.exe" program="%systemroot%\System32\lsass.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block lsass.exe" program="%systemroot%\SysWOW64\lsass.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block makecab.exe" program="%systemroot%\System32\makecab.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block makecab.exe" program="%systemroot%\SysWOW64\makecab.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block mavinject.exe" program="%systemroot%\System32\mavinject.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block mavinject.exe" program="%systemroot%\SysWOW64\mavinject.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Microsoft.Workflow.Compiler.exe" program="%systemroot%\Microsoft.Net\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block mmc.exe" program="%systemroot%\SysWOW64\mmc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block mmc.exe" program="%systemroot%\System32\mmc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block MpCmdRun.exe" program="%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2008.4-0\MpCmdRun.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block MpCmdRun.exe" program="%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2008.7-0\MpCmdRun.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block MpCmdRun.exe" program="%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MpCmdRun.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msbuild.exe" program="%systemroot%\Microsoft.NET\Framework\v2.0.50727\Msbuild.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msbuild.exe" program="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\Msbuild.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msbuild.exe" program="%systemroot%\Microsoft.NET\Framework\v3.5\Msbuild.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msbuild.exe" program="%systemroot%\Microsoft.NET\Framework64\v3.5\Msbuild.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msbuild.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msbuild.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\Msbuild.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block msconfig.exe" program="%systemroot%\System32\msconfig.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msdt.exe" program="%systemroot%\System32\Msdt.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Msdt.exe" program="%systemroot%\SysWOW64\Msdt.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block mshta.exe" program="%systemroot%\System32\mshta.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block mshta.exe" program="%systemroot%\SysWOW64\mshta.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block msiexec.exe" program="%systemroot%\System32\msiexec.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block msiexec.exe" program="%systemroot%\SysWOW64\msiexec.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Netsh.exe" program="%systemroot%\System32\Netsh.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Netsh.exe" program="%systemroot%\SysWOW64\Netsh.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block notepad.exe" program="%systemroot%\system32\notepad.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block notepad.exe " program="%systemroot%\SysWOW64\notepad.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block odbcconf.exe" program="%systemroot%\System32\odbcconf.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block odbcconf.exe" program="%systemroot%\SysWOW64\odbcconf.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block pcalua.exe" program="%systemroot%\System32\pcalua.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block pcalua.exe" program="%systemroot%\SysWOW64\pcalua.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block pcwrun.exe" program="%systemroot%\System32\pcwrun.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block pcwrun.exe" program="%systemroot%\SysWOW64\pcwrun.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block pktmon.exe" program="%systemroot%\System32\pktmon.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block pktmon.exe" program="%systemroot%\SysWOW64\pktmon.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block powershell.exe" program="%systemroot%\System32\WindowsPowerShell\v1.0\powershell.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block powershell.exe" program="%systemroot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block powershell_ise.exe" program="%systemroot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block powershell_ise.exe" program="%systemroot%\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Presentationhost.exe" program="%systemroot%\System32\Presentationhost.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Presentationhost.exe" program="%systemroot%\SysWOW64\Presentationhost.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block print.exe" program="%systemroot%\System32\print.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block print.exe" program="%systemroot%\SysWOW64\print.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block psr.exe" program="%systemroot%\System32\psr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block psr.exe" program="%systemroot%\SysWOW64\psr.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block rasautou.exe" program="%systemroot%\System32\rasautou.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block rasautou.exe" program="%systemroot%\SysWOW64\rasautou.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block reg.exe" program="%systemroot%\System32\reg.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block reg.exe" program="%systemroot%\SysWOW64\reg.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regasm.exe" program="%systemroot%\Microsoft.NET\Framework\v2.0.50727\regasm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regasm.exe" program="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\regasm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regasm.exe" program="%systemroot%\Microsoft.NET\Framework\v4.0.30319\regasm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regasm.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\regasm.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regedit.exe" program="%systemroot%\System32\regedit.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regedit.exe" program="%systemroot%\SysWOW64\regedit.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regini.exe" program="%systemroot%\System32\regini.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regini.exe" program="%systemroot%\SysWOW64\regini.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Register-cimprovider.exe" program="%systemroot%\System32\Register-cimprovider.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block Register-cimprovider.exe" program="%systemroot%\SysWOW64\Register-cimprovider.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regsvcs.exe" program="%systemroot%\System32\regsvcs.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regsvcs.exe" program="%systemroot%\SysWOW64\regsvcs.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regsvr32.exe" program="%systemroot%\System32\regsvr32.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block regsvr32.exe" program="%systemroot%\SysWOW64\regsvr32.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block replace.exe" program="%systemroot%\System32\replace.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block replace.exe" program="%systemroot%\SysWOW64\replace.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block rpcping.exe" program="%systemroot%\System32\rpcping.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block rpcping.exe" program="%systemroot%\SysWOW64\rpcping.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block rundll32.exe" program="%systemroot%\System32\rundll32.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block rundll32.exe" program="%systemroot%\SysWOW64\rundll32.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block runonce.exe" program="%systemroot%\System32\runonce.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block runonce.exe" program="%systemroot%\SysWOW64\runonce.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block services.exe" program="%systemroot%\System32\services.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block services.exe" program="%systemroot%\SysWOW64\services.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block sc.exe" program="%systemroot%\System32\sc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block sc.exe" program="%systemroot%\SysWOW64\sc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block schtasks.exe" program="%systemroot%\System32\schtasks.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block schtasks.exe" program="%systemroot%\SysWOW64\schtasks.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block scriptrunner.exe" program="%systemroot%\System32\scriptrunner.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block scriptrunner.exe" program="%systemroot%\SysWOW64\scriptrunner.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block SyncAppvPublishingServer.exe" program="%systemroot%\System32\SyncAppvPublishingServer.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block SyncAppvPublishingServer.exe" program="%systemroot%\SysWOW64\SyncAppvPublishingServer.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block telnet.exe" program="%systemroot%\System32\telnet.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block telnet.exe" program="%systemroot%\SysWOW64\telnet.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block tftp.exe" program="%systemroot%\System32\tftp.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block tftp.exe" program="%systemroot%\SysWOW64\tftp.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ttdinject.exe" program="%systemroot%\System32\ttdinject.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block ttdinject.exe" program="%systemroot%\SysWOW64\ttdinject.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block tttracer.exe" program="%systemroot%\System32\tttracer.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block tttracer.exe" program="%systemroot%\SysWOW64\tttracer.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block vbc.exe" program="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block vbc.exe" program="%systemroot%\Microsoft.NET\Framework64\v3.5\vbc.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block verclsid.exe" program="%systemroot%\System32\verclsid.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block verclsid.exe" program="%systemroot%\SysWOW64\verclsid.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wab.exe" program="%programfiles%\Windows Mail\wab.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wab.exe" program="%programfiles(x86)%\Windows Mail\wab.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block WerFault.exe" program="%systemroot%\SysWOW64\WerFault.exe" protocol=any dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block WerFault.exe" program="%systemroot%\SysWOW64\WerFault.exe" protocol=any dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wininit.exe" program="%systemroot%\System32\wininit.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wininit.exe" program="%systemroot%\SysWOW64\wininit.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block winlogon.exe" program="%systemroot%\System32\winlogon.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block winlogon.exe" program="%systemroot%\SysWOW64\winlogon.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wmic.exe" program="%systemroot%\System32\wbem\wmic.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wmic.exe" program="%systemroot%\SysWOW64\wbem\wmic.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wordpad.exe" program="%programfiles%\windows nt\accessories\wordpad.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wordpad.exe" program="%programfiles(x86)%\windows nt\accessories\wordpad.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wscript.exe" program="%systemroot%\System32\wscript.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wscript.exe" program="%systemroot%\SysWOW64\wscript.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wsreset.exe" program="%systemroot%\System32\wsreset.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block wsreset.exe" program="%systemroot%\SysWOW64\wsreset.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block xwizard.exe" program="%systemroot%\System32\xwizard.exe" dir=out enable=yes action=block profile=any netsh advfirewall firewall add rule name="Block xwizard.exe" program="%systemroot%\SysWOW64\xwizard.exe" dir=out enable=yes action=block profile=any echo ========================================================== Create System Restore Point before Using Any of My Script so that you will restore to same state as you were before if you dont find something good : Not Included in Complete $OEM$ Pack [Not Needed] Code: @echo off & title Create System Restore Point & color 17 Powershell -Command "Enable-ComputerRestore -Drive $env:SystemDrive -Verbose" Powershell -Command "New-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore' -Name SystemRestorePointCreationFrequency -PropertyType DWord -Value 0 -Force -Verbose" Powershell -Command "Checkpoint-Computer -Description 'SystemRestore' -RestorePointType MODIFY_SETTINGS -Verbose" Powershell -Command "New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore' -Name SystemRestorePointCreationFrequency -PropertyType DWord -Value 8640000 -Force -Verbose" Powershell -Command "Disable-ComputerRestore -Drive $env:SystemDrive -Verbose" Restore System to Earlier Created System Restore Point : Not Included in Complete $OEM$ Pack [Not Needed] Code: @echo off & title Restore System to Earlier State & color 17 Powershell -Command "Enable-ComputerRestore -Drive $env:SystemDrive -Verbose" rstrui exit /b Export Windows drivers to Offline Wim Index : [Not Included in Win10 AIO Tweaker or $OEM$ Pack] Code: Powershell -Command "Export-WindowsDriver -Online -Destination '%UserProfile%\Desktop\Drivers' | Select-Object ClassName, ProviderName, Date, Version | Sort-Object ClassName" Dism /Image:Z:\Mount /Add-Driver /Driver:%UserProfile%\Desktop\Drivers /Recurse /ForceUnsigned
[code]text here[/code] will look like this: Code: @echo off & title Debloat Offline Windows 10 Image by MyDigitallife User dism /Get-ImageInfo /imagefile:%UserProfile%\Desktop\Win10\sources\install.wim pause echo --- Choose your SourceIndex from image as an example i have selected index 6 as Win10 PRO to be exported as single image dism /Export-Image /SourceImageFile:%UserProfile%\Desktop\Win10\sources\install.wim /SourceIndex:6 /DestinationImageFile:%UserProfile%\Desktop\install.wim echo --- Moving Exported image back to its source destination move /y "%UserProfile%\Desktop\install.wim" "%UserProfile%\Desktop\Win10\sources" echo --- Creating Mount directory on your desktop mkdir "%UserProfile%\Desktop\Mount" echo --- Mounting Image to Mount Directory dism /Mount-image /imagefile:%UserProfile%\Desktop\Win10\sources\install.wim /Index:1 /MountDir:%UserProfile%\Desktop\Mount echo --- Disabling UnNeeded Windows Features dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:Internet-Explorer-Optional-amd64 dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:MediaPlayback dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:MicrosoftWindowsPowerShellV2Root dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:MicrosoftWindowsPowerShellV2 dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:MSRDC-Infrastructure dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:printing-Foundation-Features dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:printing-Foundation-InternetPrinting-Client dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:printing-XPSServices-Features dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:SmbDirect dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:SMB1Protocol dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:WorkFolders-Client dism /image:%UserProfile%\Desktop\Mount /disable-feature /featurename:WCF-TCP-PortSharing45 echo --- Disabling UnNeeded Windows Capabilities Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "App.StepsRecorder*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "App.Support.QuickAssist*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Browser.InternetExplorer*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Hello.Face*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Language.Speech*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Language.TextToSpeech*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "MathRecognizer*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Media.WindowsMediaPlayer*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Microsoft.Windows.PowerShell.ISE*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "OneCoreUAP.OneSync*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "OpenSSH.Client*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "OpenSSH.Server*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Print.Fax.Scan*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" Powershell -Command "Get-WindowsCapability -Path %UserProfile%\Desktop\Mount -Name "Print.Management.Console*" | Remove-WindowsCapability -Path %UserProfile%\Desktop\Mount" echo --- Removing All Appx Provisioned Packages Powershell -Command "Get-AppXProvisionedPackage -Path %UserProfile%\Desktop\Mount | Remove-AppxProvisionedPackage -Path %UserProfile%\Desktop\Mount" echo --- Clearing Winsxs Components and Reset Base on Image dism /Image:%UserProfile%\Desktop\Mount /Cleanup-Image /StartComponentCleanup /ResetBase echo --- Saving and Unmounting Final Debloated Image dism /Unmount-Image /MountDir:%UserProfile%\Desktop\Mount /Commit /CheckIntegrity echo --- Exporting Final Image Again to Desktop to clear stale files created inside dism /Export-Image /SourceImageFile:%UserProfile%\Desktop\Win10\sources\install.wim /SourceIndex:1 /DestinationImageFile:%UserProfile%\Desktop\install.wim echo --- Moving Back Exported Image to its Source Destination move /y "%UserProfile%\Desktop\install.wim" "%UserProfile%\Desktop\Win10\sources" echo --- Removing Mount Directory Created on Your Desktop rd /s /q "%UserProfile%\Desktop\Mount" echo --- Creating Updated ISO cd "%UserProfile%\Desktop\Win10" %UserProfile%\Desktop\oscdimg.exe -bootdata:2#p0,e,b".\boot\etfsboot.com"#pEF,e,b".\efi\microsoft\boot\efisys.bin" -o -m -u2 -udfver102 -l . "%UserProfile%\Desktop\Win10.iso" echo --- Finished Offline Image Servicing. echo ------ Enjoy Debloated Win10 Iso Using a Single Script. pause
Unfortunately, I don't know anything about Powershell. I'm on Windows 7, your script probably won't even work here.
That's the reason - i have given users an option via selecting the packages they want to remove from offline win10 iso wim so that there's no any changes made by batch script itself to the main ISO. choice is user side itself via selecting the packages they want to remove or disable from grid view menu shown as in images uploaded via myself. yes you can revert all the changes after installation : yes you can install capabilities again via : settings-apps-manage optional features-add a feature yes you can enable windows optional features again via: control panel-programs & features-turn windows features on or off-click the features needed-apply-restart machine. yes you can install provisioned appx packages again via: downloading packages-ms store adguard repo https://store.rg-adguard.net -Install needed appx packages to OS again via dism. that's all.
For thouse people who doubting what to remove, I can adivse check the "Save to remove" Guide from "Optimize-Offline" project Optimize-Offline Guide (P.S. The main disadvantage of the "Optimize-Offline" project - you have no ability to work with non-English OS installed and non-English OS images)
For me do not appear the Grid View to Select Windows Apps to Be Removed , Windows Optional Features to be Disabled, Windows Capabilities [Packages] to be Removed Nothing Else. Made the ISO with install.wim and install.esd automatically. Why..?? Spoiler What I'm doing wrong..??