diff --git a/Remover/REGS/Antivirus_d.reg b/Remover/REGS/Antivirus_d.reg index 768b9f2..f185ec7 100644 --- a/Remover/REGS/Antivirus_d.reg +++ b/Remover/REGS/Antivirus_d.reg @@ -1,38 +1,7 @@ Windows Registry Editor Version 5.00 -; Remove Windows SmartScreen Assoc. - -[-HKEY_CURRENT_USER\Software\Classes\ms-cxh] - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection] -"value"=dword:00000000 - [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "PUAProtection"=dword:00000000 -"DisableRoutinelyTakingAction"=dword:00000001 -"ServiceKeepAlive"=dword:00000000 -"AllowFastServiceStartup"=dword:00000000 -"DisableLocalAdminMerge"=dword:00000001 -"DisableAntiSpyware"=dword:00000001 -"RandomizeScheduleTaskTimes"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowArchiveScanning] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowCloudProtection] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowEmailScanning] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanOnMappedNetworkDrives] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowFullScanRemovableDriveScanning] -"value"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIntrusionPreventionSystem] "value"=dword:00000000 @@ -41,13 +10,7 @@ Windows Registry Editor Version 5.00 "value"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowRealtimeMonitoring] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScanningNetworkFiles] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowScriptScanning] -"value"=dword:00000001 +"value"=dword:0000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowUserUIAccess] "value"=dword:00000000 @@ -55,9 +18,6 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor] "value"=dword:00000032 -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CheckForSignaturesBeforeRunningScan] -"value"=dword:00000000 - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\CloudBlockLevel] "value"=dword:00000000 @@ -67,17 +27,7 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DaysToRetainCleanedMalware] "value"=dword:00000000 -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupFullScan] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\DisableCatchupQuickScan] -"value"=dword:00000001 - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableControlledFolderAccess] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableLowCPUPriority] -"value"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\EnableNetworkProtection] "value"=dword:00000000 @@ -85,18 +35,6 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\PUAProtection] "value"=dword:00000000 -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\RealTimeScanDirection] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScanParameter] -"value"=dword:00000002 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanDay] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\ScheduleScanTime] -"value"=dword:00000000 - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\SignatureUpdateInterval] "value"=dword:000000018 @@ -120,52 +58,6 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager] "DisableScanningNetworkFiles"=dword:00000001 -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] -"DisableRealtimeMonitoring"=dword:00000001 -"DisableBehaviorMonitoring"=dword:00000001 -"DisableOnAccessProtection"=dword:00000001 -"DisableScanOnRealtimeEnable"=dword:00000001 -"DisableIOAVProtection"=dword:00000001 -"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 -"LocalSettingOverrideRealtimeScanDirection"=dword:00000000 -"LocalSettingOverrideDisableIOAVProtection"=dword:00000000 -"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 -"LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000 -"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 -"RealtimeScanDirection"=dword:00000002 -"IOAVMaxSize"=dword:00000512 -"DisableInformationProtectionControl"=dword:00000001 -"DisableIntrusionPreventionSystem"=dword:00000001 -"DisableRawWriteNotification"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Scan] -"LowCpuPriority"=dword:00000001 -"DisableRestorePoint"=dword:00000001 -"DisableArchiveScanning"=dword:00000000 -"DisableScanningNetworkFiles"=dword:00000000 -"DisableCatchupFullScan"=dword:00000000 -"DisableCatchupQuickScan"=dword:00000001 -"DisableEmailScanning"=dword:00000000 -"DisableHeuristics"=dword:00000001 -"DisableReparsePointScanning"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] -"SignatureDisableNotification"=dword:00000001 -"RealtimeSignatureDelivery"=dword:00000000 -"ForceUpdateFromMU"=dword:00000000 -"DisableScheduledSignatureUpdateOnBattery"=dword:00000001 -"UpdateOnStartUp"=dword:00000000 -"SignatureUpdateCatchupInterval"=dword:00000002 -"DisableUpdateOnStartupWithoutEngine"=dword:00000001 -"ScheduleTime"=dword:00001440 -"DisableScanOnUpdate"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] -"DisableBlockAtFirstSeen"=dword:00000001 -"LocalSettingOverrideSpynetReporting"=dword:00000000 -"SpynetReporting"=dword:00000000 -"SubmitSamplesConsent"=dword:00000002 - [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration] "SuppressRebootNotification"=dword:00000001 @@ -173,21 +65,7 @@ Windows Registry Editor Version 5.00 "EnableControlledFolderAccess"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] -"EnableNetworkProtection"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender] -"DisableRoutinelyTakingAction"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware] -"ServiceKeepAlive"=dword:00000000 -"AllowFastServiceStartup"=dword:00000000 -"DisableRoutinelyTakingAction"=dword:00000001 -"DisableAntiSpyware"=dword:00000001 -"DisableAntiVirus"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet] -"SpyNetReporting"=dword:00000000 -"LocalSettingOverrideSpyNetReporting"=dword:00000000 +"EnableNetworkProtection"=dword:0000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting] "DisableEnhancedNotifications"=dword:00000001 @@ -196,8 +74,4 @@ Windows Registry Editor Version 5.00 "WppTracingComponents"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy] -"VerifiedAndReputablePolicyState"=dword:00000000 - - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowIOAVProtection] -"value"=dword:00000000 \ No newline at end of file +"VerifiedAndReputablePolicyState"=dword:00000000 \ No newline at end of file diff --git a/Remover/REGS/Disable Antivirus Protection.reg b/Remover/REGS/Disable Antivirus Protection.reg new file mode 100644 index 0000000..3035a4b --- /dev/null +++ b/Remover/REGS/Disable Antivirus Protection.reg @@ -0,0 +1,34 @@ +Windows Registry Editor Version 5.00 + +; disabling Antivirus + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] +"DisableRoutinelyTakingAction"=dword:00000001 +"ServiceKeepAlive"=dword:00000000 +"AllowFastServiceStartup"=dword:00000000 +"DisableLocalAdminMerge"=dword:00000001 + +; disable overwriting real time protection settings + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection] +"LocalSettingOverrideDisableOnAccessProtection"=dword:00000000 +"LocalSettingOverrideRealtimeScanDirection"=dword:00000000 +"LocalSettingOverrideDisableIOAVProtection"=dword:00000000 +"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000 +"LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000000 +"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000 +"DisableIOAVProtection"=dword:00000001 +"DisableRealtimeMonitoring"=dword:00000001 +"DisableBehaviorMonitoring"=dword:00000001 +"DisableOnAccessProtection"=dword:00000001 +"DisableScanOnRealtimeEnable"=dword:00000001 +"RealtimeScanDirection"=dword:00000002 +"DisableInformationProtectionControl"=dword:00000001 +"DisableIntrusionPreventionSystem"=dword:00000001 +"DisableRawWriteNotification"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AllowBehaviorMonitoring] +"value"=dword:00000000 + +[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender] +"DisableRoutinelyTakingAction"=dword:00000001 \ No newline at end of file diff --git a/Remover/REGS/Disable Defender and Security Center Notifications.reg b/Remover/REGS/Disable Defender and Security Center Notifications.reg index 2cd3522..bb42bba 100644 --- a/Remover/REGS/Disable Defender and Security Center Notifications.reg +++ b/Remover/REGS/Disable Defender and Security Center Notifications.reg @@ -16,8 +16,13 @@ Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] +"FirstRunDisabled"=dword:00000001 +"AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 +"AntiVirusOverride"=dword:00000001 +"FirewallOverride"=dword:00000001 +"UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications] "DisableEnhancedNotifications"=dword:00000001 diff --git a/Remover/REGS/Security Health.reg b/Remover/REGS/Disable Maintenance Task reporting in Security Health UI.reg similarity index 95% rename from Remover/REGS/Security Health.reg rename to Remover/REGS/Disable Maintenance Task reporting in Security Health UI.reg index 5ac53fd..87b36a1 100644 --- a/Remover/REGS/Security Health.reg +++ b/Remover/REGS/Disable Maintenance Task reporting in Security Health UI.reg @@ -1,5 +1,7 @@ Windows Registry Editor Version 5.00 +; disables reporting of things from Maintenance Task in Windows Security App + [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health] [-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health] diff --git a/Remover/REGS/Disable SpyNet Telemetry.reg b/Remover/REGS/Disable SpyNet Telemetry.reg new file mode 100644 index 0000000..578a24d --- /dev/null +++ b/Remover/REGS/Disable SpyNet Telemetry.reg @@ -0,0 +1,11 @@ +Windows Registry Editor Version 5.00 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet] +"DisableBlockAtFirstSeen"=dword:00000001 +"LocalSettingOverrideSpynetReporting"=dword:00000000 +"SpynetReporting"=dword:00000000 +"SubmitSamplesConsent"=dword:00000002 + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet] +"SpyNetReporting"=dword:00000000 +"LocalSettingOverrideSpyNetReporting"=dword:00000000 \ No newline at end of file diff --git a/Remover/REGS/Disable UAC.reg b/Remover/REGS/Disable UAC.reg index 162c636..ed99fde 100644 --- a/Remover/REGS/Disable UAC.reg +++ b/Remover/REGS/Disable UAC.reg @@ -6,13 +6,14 @@ Windows Registry Editor Version 5.00 "EnableLUA"=dword:00000000 "ConsentPromptBehaviorAdmin"=dword:00000000 "ConsentPromptBehaviorUser"=dword:00000003 -"FilterAdministratorToken"=- +"FilterAdministratorToken"=dword:00000001 "EnableUIADesktopToggle"=dword:00000000 "ValidateAdminCodeSignatures"=dword:00000000 "EnableInstallerDetection"=dword:00000000 "EnableSecureUIAPaths"=dword:00000000 "DelayedDesktopSwitchTimemout"=dword:00000000 "PromptOnSecureDesktop"=dword:00000000 +"LocalAccountTokenFilterPolicy"=dword:00000001 ; Fix mouse cursor dissapeiring diff --git a/Remover/REGS/Exploit Guard_d.reg b/Remover/REGS/Exploit Guard_d.reg index 1e63ee2..da01d6b 100644 --- a/Remover/REGS/Exploit Guard_d.reg +++ b/Remover/REGS/Exploit Guard_d.reg @@ -11,9 +11,6 @@ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR] "ExploitGuard_ASR_Rules"=dword:00000000 -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection] -"DisallowExploitProtectionOverride"=dword:00000001 - [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection] "EnableNetworkProtection"=- diff --git a/Remover/REGS/LockDown Windows Defender Security Center.reg b/Remover/REGS/LockDown Windows Defender Security Center.reg deleted file mode 100644 index 07f713a..0000000 --- a/Remover/REGS/LockDown Windows Defender Security Center.reg +++ /dev/null @@ -1,54 +0,0 @@ -Windows Registry Editor Version 5.00 - -; Remove UIs in Windows Defender Security Center App (UWP) - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableAccountProtectionUI] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health] -"UILockdown"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device security] -"UILockdown"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableAccountProtectionUI] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableAppBrowserUI] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableClearTpmButton] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableDeviceSecurityUI] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableFamilyUI] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableHealthUI] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableTpmFirmwareUpdateWarning] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisableVirusUI] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\DisallowExploitProtectionOverride] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\EnableCustomizedToasts] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\EnableInAppCustomization] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideRansomwareDataRecovery] -"value"=dword:00000000 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideSecureBoot] -"value"=dword:00000001 - -[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsDefenderSecurityCenter\HideTPMTroubleshooting] -"value"=dword:00000001 diff --git a/Remover/REGS/Remove Signature Updates.reg b/Remover/REGS/Remove Signature Updates.reg new file mode 100644 index 0000000..34d4fab --- /dev/null +++ b/Remover/REGS/Remove Signature Updates.reg @@ -0,0 +1,14 @@ +Windows Registry Editor Version 5.00 + +; this file disables Signature Updates in Windows Defender + +[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates] +"SignatureDisableNotification"=dword:00000001 +"RealtimeSignatureDelivery"=dword:00000000 +"ForceUpdateFromMU"=dword:00000000 +"DisableScheduledSignatureUpdateOnBattery"=dword:00000001 +"UpdateOnStartUp"=dword:00000000 +"SignatureUpdateCatchupInterval"=dword:00000002 +"DisableUpdateOnStartupWithoutEngine"=dword:00000001 +"ScheduleTime"=dword:00001440 +"DisableScanOnUpdate"=dword:00000001