Impossible de désactiver Antimalware Service Executable
fabul Messages postés 40812 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Je n'arrive pas à désactiver ce programme qui bouffe une quantité de ram phénoménale. J'ai essayé plusieurs astuces comme l'invité de commande, taskschd.msc, regedit, installer un autre antivirus, désactiver windows defender, auto exclure le programme mais rien ne fonctionne ! Il reste intact même avec redémarrage. Pouvez-vous m'aider svp ?
2 réponses
Salut,
Crées un fichier .bat et utilises le en l'exécutant après pour le "désactiver":
À partir du texte et du bloc notes en enregistrant sous : Type > Tous les fichiers
Avec .bat plutôt que .txt à la fin du nom Ex: DisableEnableDefender.bat
Désactives la protection en temps réel Defender avant de lancer le script.
:: How to Permanently Disable Windows Defender Antivirus in Windows 11
@Echo Off & Cls
net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)
:_Start
Cls & Mode CON LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
Echo.
Echo.
Echo Type (D) letter to Disable Windows Defender
Echo.
Echo.
Echo.
Echo.
Echo Type (E) letter to Enable Windows Defender
Echo.
Set /p input=^>
If /i Not %input%==D (Goto :_Ex) Else (Goto :_Disable)
:_Ex
If /i Not %input%==E (Goto :_Start) Else (Goto :_Enable)
:_Disable
PowerShell Checkpoint-Computer -Description "Enable Windows Defender" -RestorePointType "MODIFY_SETTINGS"
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
Cls & Mode CON LINES=5 COLS=48 & Color 04 & Title - WARNING -
Echo.
Echo.
Echo Windows Defender Disabled
Ping -n 5 localhost > Nul
Goto :Reboot
:_Enable
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f
Cls & Mode CON LINES=5 COLS=48 & Color E0 & Title - WARNING -
Echo.
Echo.
Echo Windows Defender Enabled
Ping -n 5 localhost > Nul
:Reboot
Cls & Mode CON LINES=11 COLS=42 & Color 0E & Title FreeBooter
Echo.
Echo.
Echo THIS COMPUTER WILL REBOOT
Echo.
Echo.
Echo PLEASE SAVE ALL WORK IN PROGRESS
Echo.
Echo.
Echo PRESS 'ENTER' KEY TO RESTART COMPUTER
Pause >Nul
Shutdown -r -t 5 -c "REBOOTING SYSTEM" 2>&1 > Nul
Exit
Si tu veux aller encore plus loin, et le supprimer carrément les services Defender du démarrage, lances ce fichier .cmd à partir de PowerRun
https://www.sordum.org/9416/powerrun-v1-6-run-with-highest-privileges/
reg delete "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\Sense" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI_ProviderSet" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
Reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification"