Impossible de désactiver Antimalware Service Executable

Lehaze -  
fabul Messages postés 42132 Date d'inscription   Statut Modérateur Dernière intervention   -

Bonjour,
Je n'arrive pas à désactiver ce programme qui bouffe une quantité de ram phénoménale. J'ai essayé plusieurs astuces comme l'invité de commande, taskschd.msc, regedit, installer un autre antivirus, désactiver windows defender, auto exclure le programme mais rien ne fonctionne ! Il reste intact même avec redémarrage. Pouvez-vous m'aider svp ?

2 réponses

  1. fabul Messages postés 42132 Date d'inscription   Statut Modérateur Dernière intervention   6 061
     

    Salut,

    Crées un fichier .bat et utilises le en l'exécutant après pour le "désactiver":

    À partir du texte et du bloc notes en enregistrant sous : Type > Tous les fichiers

    Avec .bat plutôt que .txt à la fin du nom Ex: DisableEnableDefender.bat

    Désactives la protection en temps réel Defender avant de lancer le script.

     

    :: How to Permanently Disable Windows Defender Antivirus in Windows 11 
    
    @Echo Off & Cls 
    
    net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)
    
    :_Start
    Cls & Mode CON  LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
    Echo.
    Echo.       
    Echo         Type (D) letter to Disable Windows Defender  
    Echo.       
    Echo.
    Echo.
    Echo.         
    Echo         Type (E) letter to Enable Windows Defender    
    Echo.        
    
    
    
    Set /p input=^> 
    If /i  Not %input%==D (Goto :_Ex) Else (Goto :_Disable)
    
    :_Ex
    If /i  Not %input%==E  (Goto :_Start) Else (Goto :_Enable)
    
    
    
    
    
    :_Disable
    
    PowerShell Checkpoint-Computer -Description "Enable Windows Defender" -RestorePointType "MODIFY_SETTINGS"
    
    
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
    
    
    Cls & Mode CON  LINES=5 COLS=48 & Color 04 & Title - WARNING -
     Echo.
     Echo. 
     Echo            Windows Defender Disabled
    Ping -n 5  localhost > Nul
    
    Goto :Reboot
    
    
    :_Enable
     
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware"  /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring"  /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus"  /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction"  /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"  /f
    Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"  /f
    
    
    
    
    
    Cls & Mode CON  LINES=5 COLS=48 & Color E0 & Title - WARNING -
     Echo.
     Echo. 
     Echo            Windows Defender Enabled
    
    Ping -n 5  localhost > Nul
    
    
    :Reboot
    Cls & Mode CON  LINES=11 COLS=42 & Color 0E & Title FreeBooter 
    Echo.
    Echo.
    Echo    THIS COMPUTER WILL REBOOT 
    Echo.
    Echo.
    Echo    PLEASE SAVE ALL WORK IN PROGRESS
    Echo. 
    Echo.
    Echo    PRESS 'ENTER' KEY TO RESTART COMPUTER
    Pause >Nul
    
    Shutdown  -r  -t 5  -c "REBOOTING SYSTEM" 2>&1 > Nul
    
    Exit
    0
  2. fabul Messages postés 42132 Date d'inscription   Statut Modérateur Dernière intervention   6 061
     

    Si tu veux aller encore plus loin, et le supprimer carrément les services Defender du démarrage, lances ce fichier .cmd à partir de PowerRun

    https://www.sordum.org/9416/powerrun-v1-6-run-with-highest-privileges/

    reg delete "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /f
    reg delete "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /f
    reg delete "HKLM\SYSTEM\ControlSet001\Services\Sense" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI" /t REG_DWORD /d "0" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI_ProviderSet" /t REG_DWORD /d "0" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
    Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
    Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
    Reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
    SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
    SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
    SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
    SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification"
    
    0