Skip to content

Instantly share code, notes, and snippets.

@hung1001
Last active February 11, 2024 19:19
Show Gist options
  • Save hung1001/1c5167781f7492498b6e379a78d8d3ec to your computer and use it in GitHub Desktop.
Save hung1001/1c5167781f7492498b6e379a78d8d3ec to your computer and use it in GitHub Desktop.
:: Made by Hoang Hung
@echo off
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if "%errorlevel%" NEQ "0" (
echo: Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo: UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs" & exit
)
if exist "%temp%\getadmin.vbs" del /f /q "%temp%\getadmin.vbs"
Title Remove Windows Defender
for /f "tokens=2*" %%e in ('reg query "HKEY_CLASSES_ROOT\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" /v "Version"') do set vers=%%f
if %PROCESSOR_ARCHITECTURE% EQU AMD64 (set arc=amd64) else (set arc=x86)
echo.
echo Deleting key in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications"
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications\Microsoft.Windows.SecHealthUI_%vers%_neutral_neutral_cw5n1h2txyewy" /f >nul 2>&1
reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1
reg delete "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1
reg delete "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1
set pack=(Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Client-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-CloudClean-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Group-Policy-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Nis-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Shield-Provider-Core-Package~31bf3856ad364e35~%arc%~~%vers%)
for /d %%b in %pack% do (
echo ========================================================================
echo Deleting key in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%%b\Owners"
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%%b\Owners" /f >nul 2>&1
)
set packremove=(Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Client-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Group-Policy-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Shield-Provider-Core-Package~31bf3856ad364e35~%arc%~~%vers%)
for /d %%c in %packremove% do (
echo ========================================================================
echo Removing package %%c...
dism /online /remove-package /packagename:%%c /NoRestart
)
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f >nul 2>&1
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender" /f >nul 2>&1
echo ========================================================================
pause
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment