Last active
February 11, 2024 19:19
-
-
Save hung1001/1c5167781f7492498b6e379a78d8d3ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Made by Hoang Hung | |
| @echo off | |
| >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" | |
| if "%errorlevel%" NEQ "0" ( | |
| echo: Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs" | |
| echo: UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs" | |
| "%temp%\getadmin.vbs" & exit | |
| ) | |
| if exist "%temp%\getadmin.vbs" del /f /q "%temp%\getadmin.vbs" | |
| Title Remove Windows Defender | |
| for /f "tokens=2*" %%e in ('reg query "HKEY_CLASSES_ROOT\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" /v "Version"') do set vers=%%f | |
| if %PROCESSOR_ARCHITECTURE% EQU AMD64 (set arc=amd64) else (set arc=x86) | |
| echo. | |
| echo Deleting key in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications" | |
| reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications\Microsoft.Windows.SecHealthUI_%vers%_neutral_neutral_cw5n1h2txyewy" /f >nul 2>&1 | |
| reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1 | |
| reg delete "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1 | |
| reg delete "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1 | |
| set pack=(Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Client-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-CloudClean-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Group-Policy-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Nis-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Shield-Provider-Core-Package~31bf3856ad364e35~%arc%~~%vers%) | |
| for /d %%b in %pack% do ( | |
| echo ======================================================================== | |
| echo Deleting key in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%%b\Owners" | |
| reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%%b\Owners" /f >nul 2>&1 | |
| ) | |
| set packremove=(Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Client-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Group-Policy-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Shield-Provider-Core-Package~31bf3856ad364e35~%arc%~~%vers%) | |
| for /d %%c in %packremove% do ( | |
| echo ======================================================================== | |
| echo Removing package %%c... | |
| dism /online /remove-package /packagename:%%c /NoRestart | |
| ) | |
| reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f >nul 2>&1 | |
| reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender" /f >nul 2>&1 | |
| echo ======================================================================== | |
| pause |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment