disabling remote UAC and removed UILockdown in Windows Security App

ionuttbara · Sep 10, 2023 · 2f18fe4 · 2f18fe4
1 parent d208467
commit 2f18fe4
Show file tree

Hide file tree

Showing 9 changed files with 71 additions and 187 deletions.
diff --git a/Remover/REGS/Antivirus_d.reg b/Remover/REGS/Antivirus_d.reg
@@ -1,38 +1,7 @@
 Windows Registry Editor Version 5.00
 
-; Remove Windows SmartScreen Assoc.
-
-[-HKEY_CURRENT_USER\Software\Classes\ms-cxh]
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection]
-"value"=dword:00000000
-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
 "PUAProtection"=dword:00000000
-"DisableRoutinelyTakingAction"=dword:00000001
-"ServiceKeepAlive"=dword:00000000
-"AllowFastServiceStartup"=dword:00000000
-"DisableLocalAdminMerge"=dword:00000001
-"DisableAntiSpyware"=dword:00000001
-"RandomizeScheduleTaskTimes"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning]
-"value"=dword:00000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem]
 "value"=dword:00000000
@@ -41,23 +10,14 @@ Windows Registry Editor Version 5.00
 "value"=dword:00000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning]
-"value"=dword:00000001
+"value"=dword:0000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess]
 "value"=dword:00000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor]
 "value"=dword:00000032
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan]
-"value"=dword:00000000
-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudBlockLevel]
 "value"=dword:00000000
 
@@ -67,36 +27,14 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware]
 "value"=dword:00000000
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan]
-"value"=dword:00000001
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan]
-"value"=dword:00000001
-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority]
-"value"=dword:00000001
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection]
 "value"=dword:00000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\PUAProtection]
 "value"=dword:00000000
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter]
-"value"=dword:00000002
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay]
-"value"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanTime]
-"value"=dword:00000000
-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval]
 "value"=dword:000000018
 
@@ -120,74 +58,14 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
 "DisableScanningNetworkFiles"=dword:00000001
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
-"DisableRealtimeMonitoring"=dword:00000001
-"DisableBehaviorMonitoring"=dword:00000001
-"DisableOnAccessProtection"=dword:00000001
-"DisableScanOnRealtimeEnable"=dword:00000001
-"DisableIOAVProtection"=dword:00000001
-"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000
-"LocalSettingOverrideRealtimeScanDirection"=dword:00000000
-"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
-"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000
-"LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000
-"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
-"RealtimeScanDirection"=dword:00000002
-"IOAVMaxSize"=dword:00000512
-"DisableInformationProtectionControl"=dword:00000001
-"DisableIntrusionPreventionSystem"=dword:00000001
-"DisableRawWriteNotification"=dword:00000001
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan]
-"LowCpuPriority"=dword:00000001
-"DisableRestorePoint"=dword:00000001
-"DisableArchiveScanning"=dword:00000000
-"DisableScanningNetworkFiles"=dword:00000000
-"DisableCatchupFullScan"=dword:00000000
-"DisableCatchupQuickScan"=dword:00000001
-"DisableEmailScanning"=dword:00000000
-"DisableHeuristics"=dword:00000001
-"DisableReparsePointScanning"=dword:00000001
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
-"SignatureDisableNotification"=dword:00000001
-"RealtimeSignatureDelivery"=dword:00000000
-"ForceUpdateFromMU"=dword:00000000
-"DisableScheduledSignatureUpdateOnBattery"=dword:00000001
-"UpdateOnStartUp"=dword:00000000
-"SignatureUpdateCatchupInterval"=dword:00000002
-"DisableUpdateOnStartupWithoutEngine"=dword:00000001
-"ScheduleTime"=dword:00001440
-"DisableScanOnUpdate"=dword:00000001
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
-"DisableBlockAtFirstSeen"=dword:00000001
-"LocalSettingOverrideSpynetReporting"=dword:00000000
-"SpynetReporting"=dword:00000000
-"SubmitSamplesConsent"=dword:00000002
-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration]
 "SuppressRebootNotification"=dword:00000001
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
 "EnableControlledFolderAccess"=dword:00000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
-"EnableNetworkProtection"=dword:00000000
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender]
-"DisableRoutinelyTakingAction"=dword:00000001
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware]
-"ServiceKeepAlive"=dword:00000000
-"AllowFastServiceStartup"=dword:00000000
-"DisableRoutinelyTakingAction"=dword:00000001
-"DisableAntiSpyware"=dword:00000001
-"DisableAntiVirus"=dword:00000001
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet]
-"SpyNetReporting"=dword:00000000
-"LocalSettingOverrideSpyNetReporting"=dword:00000000
+"EnableNetworkProtection"=dword:0000000
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting]
 "DisableEnhancedNotifications"=dword:00000001
@@ -196,8 +74,4 @@ Windows Registry Editor Version 5.00
 "WppTracingComponents"=dword:00000000
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy]
-"VerifiedAndReputablePolicyState"=dword:00000000
-
-
-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection]
-"value"=dword:00000000
+"VerifiedAndReputablePolicyState"=dword:00000000
diff --git a/Remover/REGS/Disable Antivirus Protection.reg b/Remover/REGS/Disable Antivirus Protection.reg
@@ -0,0 +1,34 @@
+Windows Registry Editor Version 5.00
+
+; disabling Antivirus
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
+"DisableRoutinelyTakingAction"=dword:00000001
+"ServiceKeepAlive"=dword:00000000
+"AllowFastServiceStartup"=dword:00000000
+"DisableLocalAdminMerge"=dword:00000001
+
+; disable overwriting real time protection settings
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
+"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000
+"LocalSettingOverrideRealtimeScanDirection"=dword:00000000
+"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
+"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000
+"LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000
+"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
+"DisableIOAVProtection"=dword:00000001
+"DisableRealtimeMonitoring"=dword:00000001
+"DisableBehaviorMonitoring"=dword:00000001
+"DisableOnAccessProtection"=dword:00000001
+"DisableScanOnRealtimeEnable"=dword:00000001
+"RealtimeScanDirection"=dword:00000002
+"DisableInformationProtectionControl"=dword:00000001
+"DisableIntrusionPreventionSystem"=dword:00000001
+"DisableRawWriteNotification"=dword:00000001
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring]
+"value"=dword:00000000
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender]
+"DisableRoutinelyTakingAction"=dword:00000001
diff --git a/Remover/REGS/Disable Defender and Security Center Notifications.reg b/Remover/REGS/Disable Defender and Security Center Notifications.reg
@@ -16,8 +16,13 @@ Windows Registry Editor Version 5.00
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
+"FirstRunDisabled"=dword:00000001
+"AntiVirusDisableNotify"=dword:00000001
 "FirewallDisableNotify"=dword:00000001
 "UpdatesDisableNotify"=dword:00000001
+"AntiVirusOverride"=dword:00000001
+"FirewallOverride"=dword:00000001
+"UpdatesDisableNotify"=dword:00000001
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications]
 "DisableEnhancedNotifications"=dword:00000001

diff --git a/Remover/REGS/Security Health.reg → ... Task reporting in Security Health UI.reg b/Remover/REGS/Security Health.reg → ... Task reporting in Security Health UI.reg
@@ -1,5 +1,7 @@
 Windows Registry Editor Version 5.00
 
+; disables reporting of things from Maintenance Task in Windows Security App
+
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health]
 
 [-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health]

diff --git a/Remover/REGS/Disable SpyNet Telemetry.reg b/Remover/REGS/Disable SpyNet Telemetry.reg
@@ -0,0 +1,11 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
+"DisableBlockAtFirstSeen"=dword:00000001
+"LocalSettingOverrideSpynetReporting"=dword:00000000
+"SpynetReporting"=dword:00000000
+"SubmitSamplesConsent"=dword:00000002
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet]
+"SpyNetReporting"=dword:00000000
+"LocalSettingOverrideSpyNetReporting"=dword:00000000
diff --git a/Remover/REGS/Disable UAC.reg b/Remover/REGS/Disable UAC.reg
@@ -6,13 +6,14 @@ Windows Registry Editor Version 5.00
 "EnableLUA"=dword:00000000
 "ConsentPromptBehaviorAdmin"=dword:00000000
 "ConsentPromptBehaviorUser"=dword:00000003
-"FilterAdministratorToken"=-
+"FilterAdministratorToken"=dword:00000001
 "EnableUIADesktopToggle"=dword:00000000
 "ValidateAdminCodeSignatures"=dword:00000000
 "EnableInstallerDetection"=dword:00000000
 "EnableSecureUIAPaths"=dword:00000000
 "DelayedDesktopSwitchTimemout"=dword:00000000
 "PromptOnSecureDesktop"=dword:00000000
+"LocalAccountTokenFilterPolicy"=dword:00000001
 
 ; Fix mouse cursor dissapeiring
 

diff --git a/Remover/REGS/Exploit Guard_d.reg b/Remover/REGS/Exploit Guard_d.reg
@@ -11,9 +11,6 @@ Windows Registry Editor Version 5.00
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
 "ExploitGuard_ASR_Rules"=dword:00000000
 
-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection]
-"DisallowExploitProtectionOverride"=dword:00000001
-
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
 "EnableNetworkProtection"=-
 

diff --git a/Remover/REGS/LockDown Windows Defender Security Center.reg b/Remover/REGS/LockDown Windows Defender Security Center.reg
diff --git a/Remover/REGS/Remove Signature Updates.reg b/Remover/REGS/Remove Signature Updates.reg
@@ -0,0 +1,14 @@
+Windows Registry Editor Version 5.00
+
+; this file disables Signature Updates in Windows Defender
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates]
+"SignatureDisableNotification"=dword:00000001
+"RealtimeSignatureDelivery"=dword:00000000
+"ForceUpdateFromMU"=dword:00000000
+"DisableScheduledSignatureUpdateOnBattery"=dword:00000001
+"UpdateOnStartUp"=dword:00000000
+"SignatureUpdateCatchupInterval"=dword:00000002
+"DisableUpdateOnStartupWithoutEngine"=dword:00000001
+"ScheduleTime"=dword:00001440
+"DisableScanOnUpdate"=dword:00000001