Impossible de désactiver Antimalware Service Executable
fabul Messages postés 42132 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Je n'arrive pas à désactiver ce programme qui bouffe une quantité de ram phénoménale. J'ai essayé plusieurs astuces comme l'invité de commande, taskschd.msc, regedit, installer un autre antivirus, désactiver windows defender, auto exclure le programme mais rien ne fonctionne ! Il reste intact même avec redémarrage. Pouvez-vous m'aider svp ?
2 réponses
-
Salut,
Crées un fichier .bat et utilises le en l'exécutant après pour le "désactiver":
À partir du texte et du bloc notes en enregistrant sous : Type > Tous les fichiers
Avec .bat plutôt que .txt à la fin du nom Ex: DisableEnableDefender.bat
Désactives la protection en temps réel Defender avant de lancer le script.
:: How to Permanently Disable Windows Defender Antivirus in Windows 11 @Echo Off & Cls net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit) :_Start Cls & Mode CON LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter Echo. Echo. Echo Type (D) letter to Disable Windows Defender Echo. Echo. Echo. Echo. Echo Type (E) letter to Enable Windows Defender Echo. Set /p input=^> If /i Not %input%==D (Goto :_Ex) Else (Goto :_Disable) :_Ex If /i Not %input%==E (Goto :_Start) Else (Goto :_Enable) :_Disable PowerShell Checkpoint-Computer -Description "Enable Windows Defender" -RestorePointType "MODIFY_SETTINGS" Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f Cls & Mode CON LINES=5 COLS=48 & Color 04 & Title - WARNING - Echo. Echo. Echo Windows Defender Disabled Ping -n 5 localhost > Nul Goto :Reboot :_Enable Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /f Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f Cls & Mode CON LINES=5 COLS=48 & Color E0 & Title - WARNING - Echo. Echo. Echo Windows Defender Enabled Ping -n 5 localhost > Nul :Reboot Cls & Mode CON LINES=11 COLS=42 & Color 0E & Title FreeBooter Echo. Echo. Echo THIS COMPUTER WILL REBOOT Echo. Echo. Echo PLEASE SAVE ALL WORK IN PROGRESS Echo. Echo. Echo PRESS 'ENTER' KEY TO RESTART COMPUTER Pause >Nul Shutdown -r -t 5 -c "REBOOTING SYSTEM" 2>&1 > Nul Exit -
Si tu veux aller encore plus loin, et le supprimer carrément les services Defender du démarrage, lances ce fichier .cmd à partir de PowerRun
https://www.sordum.org/9416/powerrun-v1-6-run-with-highest-privileges/reg delete "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /f reg delete "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /f reg delete "HKLM\SYSTEM\ControlSet001\Services\Sense" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI" /t REG_DWORD /d "0" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI_ProviderSet" /t REG_DWORD /d "0" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f Reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification"