Fix disabling of Microsoft Defender $170
- Change naming from Windows Defender to Microsoft Defender to match latest branding. - Add more extensive documentation. - Add more scripts extending ways to disable Defender. - Disable "Windows Security Center Service" - Add missing `SetMpPreference` commands - New disabling: - Disabling of Windows features related to Defender. - Disable Antimalware Scan Interface (AMSI) TODO: Soft delete Defender directories, like `$env:programdata\Microsoft\Windows Defender` TODO: Add from here: https://learn.microsoft.com/en-us/mem/intune/protect/antivirus-security-experience-windows-settings New scripts: - Disable "Windows Security Center" service - Kill SmartScreen process - Disable "Microsoft Security Core Boot" service Improved scripts: - Disable Intrusion Prevention System (IPS): Add CLI command to disable it. TODO: These to separate commit TODO: - Improve disabling of `RenameSystemFile` AsTrustedInstaller and get back all commented out code.
This commit is contained in:
undergroundwires
16
test.ps1
Normal file
16
test.ps1
Normal file
@@ -0,0 +1,16 @@
|
||||
|
||||
|
||||
|
||||
# (Command only avalable in Windows Server)
|
||||
# name: Uninstall Windows Defender from Windows Server
|
||||
# docs: https://web.archive.org/web/20210926064024/https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide
|
||||
|
||||
# Do
|
||||
Uninstall-WindowsFeature -Name Windows-Defender
|
||||
Uninstall-WindowsFeature -Name Windows-Defender-GUI
|
||||
|
||||
# Revert:
|
||||
Install-WindowsFeature -Name Windows-Defender
|
||||
Install-WindowsFeature -Name Windows-Defender-GUI
|
||||
|
||||
|
||||
Reference in New Issue
Block a user