@setlocal enableextensions enabledelayedexpansion @echo off rem Make sure we're running as admin. Got this garbage from https://stackoverflow.com/a/40388766 if not "%1"=="am_admin" ( powershell -Command "Start-Process -Verb RunAs -FilePath '%0' -ArgumentList 'am_admin'" exit /b ) rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! rem NOTE: Defender may see this file as malware, so you will likely need to exclude this before things can be disabled. rem rem Modified version of rem https://raw.githubusercontent.com/mattreecebentley/win10_disable_defender/main/win10_enable_defender.bat rem https://gist.github.com/xezrunner/a7a42dbc1096a40b0c78f09488fe5a2b reg query HKLM\SYSTEM\Setup /v DisabledDefenderServices | find "0x1" if %errorlevel% == 0 goto already_patched echo. echo Please note that Defender can only be disabled in Win10 v2004 and upwards if Tamper Protection is disabled. echo This setting can be found in Window settings (hint: search for 'tamper'). Please do this now and then, pause echo. echo Disabling Windows Defender rem from: https://pastebin.com/kYCVzZPz rem Disable Tamper Protection First - on WIn10 vers which allow for this (not from 2004 onwards) reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d "0" /f rem To disable System Guard Runtime Monitor Broker rem reg add "HKLM\System\CurrentControlSet\Services\SgrmBroker" /v "Start" /t REG_DWORD /d "4" /f rem To disable Windows Defender Security Center include this rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f echo. echo Disable Real-time protection reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f echo. echo Disable Logging reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f echo. echo Disable WD Tasks schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable echo. echo Disable WD systray icon reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f echo. echo Remove WD context menu reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f echo. echo Disable WD services reg add HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\wdFilter" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f reg add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f echo. echo Disable Security system tray icon reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray" /v "HideSystray" /t REG_DWORD /d "1" /f echo. echo Finishing up... reg add HKLM\SYSTEM\Setup /v DisabledDefenderServices /t REG_DWORD /d 1 /f echo. echo Windows Defender has (hopefully) been disabled. echo You should still be able to scan files going forward. Also, the Antimalware Service Executable should immediately stop using CPU cycles. echo Please restart your computer to see all changes. goto eof :already_patched echo Defender has already been disabled by this script. :eof echo. pause