From bade7f762a137d270e0478abb67344d9fe14eafd Mon Sep 17 00:00:00 2001 From: Michael Campagnaro Date: Sun, 1 Feb 2026 18:36:52 -0500 Subject: [PATCH] Some improvements to the defender disable/enable scripts --- .aliases | 4 +-- dotfiles/bin/antimalware-service-disable.bat | 37 +++++++++++++------- dotfiles/bin/antimalware-service-enable.bat | 35 +++++++++++------- 3 files changed, 49 insertions(+), 27 deletions(-) diff --git a/.aliases b/.aliases index 776a5ae..bed458e 100644 --- a/.aliases +++ b/.aliases @@ -1140,8 +1140,8 @@ alias yt-1440-shortname='download_youtube_vid "620+234" $SHORTNAME_OFF $TRANSC alias yt-1080p='download_youtube_vid "616+234" $SHORTNAME_OFF $TRANSCRIBE_OFF' alias yt-1080p-shortname='download_youtube_vid "616+234" $SHORTNAME_ON $TRANSCRIBE_OFF' # Normal -alias yt-1080='download_youtube_vid "270+234" $SHORTNAME_OFF $TRANSCRIBE_OFF' -alias yt-1080-shortname='download_youtube_vid "270+234" $SHORTNAME_ON $TRANSCRIBE_OFF' +alias yt-1080='download_youtube_vid "137+ba[ext=m4a]" $SHORTNAME_OFF $TRANSCRIBE_OFF' +alias yt-1080-shortname='download_youtube_vid "137+ba[ext=m4a]" $SHORTNAME_ON $TRANSCRIBE_OFF' alias yt-720='download_youtube_vid "136+234" $SHORTNAME_OFF $TRANSCRIBE_OFF' alias yt-720-shortname='download_youtube_vid "136+234" $SHORTNAME_ON $TRANSCRIBE_OFF' diff --git a/dotfiles/bin/antimalware-service-disable.bat b/dotfiles/bin/antimalware-service-disable.bat index c49ad56..51c81c7 100644 --- a/dotfiles/bin/antimalware-service-disable.bat +++ b/dotfiles/bin/antimalware-service-disable.bat @@ -1,22 +1,32 @@ -@setlocal enableextensions enabledelayedexpansion @echo off - -rem Make sure we're running as admin. Got this garbage from https://stackoverflow.com/a/40388766 -if not "%1"=="am_admin" ( - powershell -Command "Start-Process -Verb RunAs -FilePath '%0' -ArgumentList 'am_admin'" - exit /b -) +setlocal enableextensions enabledelayedexpansion rem NOTE: Defender may see this file as malware, so you might need to exclude this before things can be disabled. -rem -rem Modified version of -rem https://raw.githubusercontent.com/mattreecebentley/win10_disable_defender/main/win10_enable_defender.bat -rem https://gist.github.com/xezrunner/a7a42dbc1096a40b0c78f09488fe5a2b + +rem Modified version of: +rem https://github.com/ggannann/win10_disable_defender +rem https://gist.github.com/xezrunner/a7a42dbc1096a40b0c78f09488fe5a2b (as of Jan 2026 this seems to have been deleted or made private) + +rem ============================ +rem Self-elevate via UAC if needed +rem - Detect admin by checking membership in Administrators (SID S-1-5-32-544) +rem - Relaunch this script elevated using PowerShell Start-Process -Verb RunAs +rem ============================ +rem Test for membership in Administrators group +whoami /groups | find "S-1-5-32-544" >nul +if errorlevel 1 ( + echo Requesting administrative privileges... + rem Relaunch the same script elevated, preserving args and working directory + powershell -NoProfile -Command ^ + "Start-Process -FilePath '%~f0' -ArgumentList '%*' -Verb RunAs -WorkingDirectory (Get-Location).Path" + exit /b +) +echo Running with administrative privileges. +echo. reg query HKLM\SYSTEM\Setup /v DisabledDefenderServices | find "0x1" if %errorlevel% == 0 goto already_patched -echo. echo Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled. echo This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then, pause @@ -103,4 +113,5 @@ echo Defender has already been disabled by this script. :eof echo. -pause \ No newline at end of file +pause + diff --git a/dotfiles/bin/antimalware-service-enable.bat b/dotfiles/bin/antimalware-service-enable.bat index dc9c08e..e077b82 100644 --- a/dotfiles/bin/antimalware-service-enable.bat +++ b/dotfiles/bin/antimalware-service-enable.bat @@ -1,17 +1,11 @@ -@setlocal enableextensions enabledelayedexpansion @echo off +setlocal enableextensions enabledelayedexpansion -rem Make sure we're running as admin. Got this garbage from https://stackoverflow.com/a/40388766 -if not "%1"=="am_admin" ( - powershell -Command "Start-Process -Verb RunAs -FilePath '%0' -ArgumentList 'am_admin'" - exit /b -) +rem NOTE: Defender may see this file as malware, so you might need to exclude this before things can be disabled. -rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! -rem -rem Modified version of -rem https://raw.githubusercontent.com/mattreecebentley/win10_disable_defender/main/win10_enable_defender.bat -rem https://gist.github.com/xezrunner/a7a42dbc1096a40b0c78f09488fe5a2b +rem Modified version of: +rem https://github.com/ggannann/win10_disable_defender +rem https://gist.github.com/xezrunner/a7a42dbc1096a40b0c78f09488fe5a2b (as of Jan 2026 this seems to have been deleted or made private) rem rem Resources: rem https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps @@ -19,7 +13,23 @@ rem https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender- rem https://github.com/AndyFul/ConfigureDefender rem https://github.com/AndyFul/Hard_Configurator +rem ============================ +rem Self-elevate via UAC if needed +rem - Detect admin by checking membership in Administrators (SID S-1-5-32-544) +rem - Relaunch this script elevated using PowerShell Start-Process -Verb RunAs +rem ============================ +rem Test for membership in Administrators group +whoami /groups | find "S-1-5-32-544" >nul +if errorlevel 1 ( + echo Requesting administrative privileges... + rem Relaunch the same script elevated, preserving args and working directory + powershell -NoProfile -Command ^ + "Start-Process -FilePath '%~f0' -ArgumentList '%*' -Verb RunAs -WorkingDirectory (Get-Location).Path" + exit /b +) +echo Running with administrative privileges. echo. + echo Enabling Windows Defender reg query HKLM\SYSTEM\Setup /v DisabledDefenderServices | find "0x0" if %errorlevel% == 0 goto already_patched @@ -105,4 +115,5 @@ echo Defender has already been enabled by this script. :eof echo. -pause \ No newline at end of file +pause +