Impossible de désactiver Antimalware Service Executable

Salut,

Crées un fichier .bat et utilises le en l'exécutant après pour le "désactiver":

À partir du texte et du bloc notes en enregistrant sous : Type > Tous les fichiers

Avec .bat plutôt que .txt à la fin du nom Ex: DisableEnableDefender.bat

Désactives la protection en temps réel Defender avant de lancer le script.

 

:: How to Permanently Disable Windows Defender Antivirus in Windows 11 

@Echo Off & Cls 

net sess>nul 2>&1||(powershell start cmd -ArgumentList """/c %~0""" -verb Runas & exit)

:_Start
Cls & Mode CON  LINES=11 COLS=60 & Color 0E &Title Created By FreeBooter
Echo.
Echo.       
Echo         Type (D) letter to Disable Windows Defender  
Echo.       
Echo.
Echo.
Echo.         
Echo         Type (E) letter to Enable Windows Defender    
Echo.        



Set /p input=^> 
If /i  Not %input%==D (Goto :_Ex) Else (Goto :_Disable)

:_Ex
If /i  Not %input%==E  (Goto :_Start) Else (Goto :_Enable)





:_Disable

PowerShell Checkpoint-Computer -Description "Enable Windows Defender" -RestorePointType "MODIFY_SETTINGS"


Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "ForceUpdateFromMU" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f


Cls & Mode CON  LINES=5 COLS=48 & Color 04 & Title - WARNING -
 Echo.
 Echo. 
 Echo            Windows Defender Disabled
Ping -n 5  localhost > Nul

Goto :Reboot


:_Enable
 
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRealtimeMonitoring"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableRoutinelyTakingAction"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ServiceStartStates" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"  /f
Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"  /f





Cls & Mode CON  LINES=5 COLS=48 & Color E0 & Title - WARNING -
 Echo.
 Echo. 
 Echo            Windows Defender Enabled

Ping -n 5  localhost > Nul


:Reboot
Cls & Mode CON  LINES=11 COLS=42 & Color 0E & Title FreeBooter 
Echo.
Echo.
Echo    THIS COMPUTER WILL REBOOT 
Echo.
Echo.
Echo    PLEASE SAVE ALL WORK IN PROGRESS
Echo. 
Echo.
Echo    PRESS 'ENTER' KEY TO RESTART COMPUTER
Pause >Nul

Shutdown  -r  -t 5  -c "REBOOTING SYSTEM" 2>&1 > Nul

Exit

Si tu veux aller encore plus loin, et le supprimer carrément les services Defender du démarrage, lances ce fichier .cmd à partir de PowerRun

https://www.sordum.org/9416/powerrun-v1-6-run-with-highest-privileges/

reg delete "HKLM\SYSTEM\ControlSet001\Services\WinDefend" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\WdNisSvc" /f
reg delete "HKLM\SYSTEM\ControlSet001\Services\Sense" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\AppHVSI" /v "AllowAppHVSI_ProviderSet" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen" /v "ConfigureAppInstallControlEnabled" /t REG_DWORD /d "0" /f
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
Reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup"
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"
SCHTASKS /Change /DISABLE /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification"