- Downloaded
- 57.6 GB
- Uploaded
- 16 TB
- Ratio
- 285.11
- Seedbonus
- 329,011
- Upload Count
- 83 (96)
Member for 6 years
Review
The script will eradicate the Windows Defender completely, and it cannot be reinstall. After modifying folders and registry keys, the computer will be restarted automatically in 10 seconds to complete the process. Be ready to restart the PC before running the script, close all running windows and save projects.
How to use script:
1. Run the command line file;
2. Follow the instructions;
3. Enjoy!
What is new in version 4.1 (Released on April 18, 2020):
What is new in version 4.0:
- Removed: Tweak that force Windows to use the latest version of Microsoft .NET Framework;
- Fixed: Issue with Windows updates;
- Added new entries to remove leftovers of Windows Advanced Threat Protection (19H1, 19H2, 20H1);
- Added new entries to remove leftovers of Windows Defender IOfficeAntiVirus implementation (20H1);
- Added new entries to remove leftovers of Windows Security Cryptography Certificates (20H1).
What is new in version 4.0:
- RemoveDefender v4.0 now works both Online and Offline and completely removes Windows Defender from user OS.
- Offline works automatically with:
- Easy to use:
- Choose Online if working with already installed Operating System; or
- Choose Offline if working with an image file;
- User's image file will be recognized, and dealt with automatically;
- The image will be saved to user desktop.
- Script now uses powershell to remove Windows Defender packages;
- Remove/tweak Windows Defender related folders and registry keys by using install_wim_tweak tool.
- Updated Nsudo.exe;
- Added files, folders, and registry entries for removal:
- Removes following folders and file:
- Windows\System32\Tasks\Microsoft\Windows\Windows Defender
- Windows\System32\Tasks_Migrated\Microsoft\Windows\Windows Defender
- WINDOWS\system32\SecurityHealthService.exe
- Removes following driver files:
- Windows\System32\drivers\WdBoot.sys
- Windows\System32\drivers\WdFilter.sys
- Windows\System32\drivers\WdNisDrv.sys
- Removes following registry folders:
- HKEY_CLASSES_ROOT\windowsdefender
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WindowsDefender
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
- HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sense
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
- Removes following folders and file:
- Some minor coding changes.
takeown /f "%PROGRAMFILES%\Windows Defender" >nul 2>&1
icacls "%PROGRAMFILES%\Windows Defender" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMFILES%\Windows Defender" >nul 2>&1
takeown /f "%PROGRAMFILES%\Windows Defender Advanced Threat Protection" >nul 2>&1
icacls "%PROGRAMFILES%\Windows Defender Advanced Threat Protection" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMFILES%\Windows Defender Advanced Threat Protection" >nul 2>&1
takeown /f "%ProgramFiles(x86)%\Windows Defender" >nul 2>&1
icacls "%ProgramFiles(x86)%\Windows Defender" /grant "Everyone":F >nul 2>&1
rd /q /s "%ProgramFiles(x86)%\Windows Defender" >nul 2>&1
takeown /f "%PROGRAMDATA%\Microsoft\Windows Defender Advanced Threat Protection" >nul 2>&1
icacls "%PROGRAMDATA%\Microsoft\Windows Defender Advanced Threat Protection" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMDATA%\Microsoft\Windows Defender Advanced Threat Protection" >nul 2>&1
takeown /f "%PROGRAMDATA%\Microsoft\Windows Security Health" >nul 2>&1
icacls "%PROGRAMDATA%\Microsoft\Windows Security Health" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMDATA%\Microsoft\Windows Security Health" >nul 2>&1
takeown /f "%PROGRAMDATA%\Microsoft\Windows Defender" >nul 2>&1
icacls "%PROGRAMDATA%\Microsoft\Windows Defender" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMDATA%\Microsoft\Windows Defender" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Microsoft.Windows.Defender" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Microsoft.Windows.Defender" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Microsoft.Windows.Defender" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityCenter" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityCenter" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityCenter" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender.SecurityCenter" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender.SecurityCenter" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender.SecurityCenter" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}" /f >nul 2>&1
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender" /f >nul 2>&1
CLS
icacls "%PROGRAMFILES%\Windows Defender" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMFILES%\Windows Defender" >nul 2>&1
takeown /f "%PROGRAMFILES%\Windows Defender Advanced Threat Protection" >nul 2>&1
icacls "%PROGRAMFILES%\Windows Defender Advanced Threat Protection" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMFILES%\Windows Defender Advanced Threat Protection" >nul 2>&1
takeown /f "%ProgramFiles(x86)%\Windows Defender" >nul 2>&1
icacls "%ProgramFiles(x86)%\Windows Defender" /grant "Everyone":F >nul 2>&1
rd /q /s "%ProgramFiles(x86)%\Windows Defender" >nul 2>&1
takeown /f "%PROGRAMDATA%\Microsoft\Windows Defender Advanced Threat Protection" >nul 2>&1
icacls "%PROGRAMDATA%\Microsoft\Windows Defender Advanced Threat Protection" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMDATA%\Microsoft\Windows Defender Advanced Threat Protection" >nul 2>&1
takeown /f "%PROGRAMDATA%\Microsoft\Windows Security Health" >nul 2>&1
icacls "%PROGRAMDATA%\Microsoft\Windows Security Health" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMDATA%\Microsoft\Windows Security Health" >nul 2>&1
takeown /f "%PROGRAMDATA%\Microsoft\Windows Defender" >nul 2>&1
icacls "%PROGRAMDATA%\Microsoft\Windows Defender" /grant "Everyone":F >nul 2>&1
rd /q /s "%PROGRAMDATA%\Microsoft\Windows Defender" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{6D40A6F9-3D32-4FCB-8A86-BE992E03DC76}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Microsoft.Windows.Defender" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Microsoft.Windows.Defender" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Microsoft.Windows.Defender" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityCenter" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityCenter" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityCenter" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender.SecurityCenter" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender.SecurityCenter" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppUserModelId\Windows.Defender.SecurityCenter" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{F2102C37-90C3-450C-B3F6-92BE1693BDF2}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" /f >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}" -ot reg -actn setowner -ownr "n:Administrators" >nul 2>&1
SetACL.exe -on "HKEY_CLASSES_ROOT\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}" -ot reg -actn ace -ace "n:Administrators;p:full" >nul 2>&1
Reg.exe delete "HKEY_CLASSES_ROOT\AppID\{2EB6D15C-5239-41CF-82FB-353D20B816CF}" /f >nul 2>&1
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender" /f >nul 2>&1
CLS
Tested on Windows 10 Enterprise LTSC and Windows 10 Enterprise LTSC N.
New tests conducted on Windows 10 Pro Build 18363.419 and Windows 10 Enterprise Build 19041.172
New tests conducted on Windows 10 Pro Build 18363.419 and Windows 10 Enterprise Build 19041.172
Screenshots:
Virus free! No virus signature! 100% clean!
All credits go to the dhjohns who shared the script with us!
Kind regards,
@Mirkec
in collaboration with TeamOS
Version 4.1:
File: RemoveDefender.v4.1.7z
You must be registered for see links
10/61MD5: DDDCCF0D2CC8AEB42DE765B4F1C265A8
SHA1: 8CBE2E8C3C673FB23324E4F3B10516CF5DA13CC8
SHA256: 93F56F6716F4330B3282B694319419497EC30A6C0769B23751D4588600BE8CA9
Version 4.0:
File: RemoveDefender.v4.0.7z
You must be registered for see links
5/58MD5: 5527C67AA165EF6A967C65CD41420F82
SHA1: 63DD4AFC5D71C11520387BFEDFBCA9760C333120
SHA256: 6F95273935144910376695331F5D1B80034C194206DBB69EF92D870B76AEECF9
Version 3.2: File: RemoveDefender.exe
You must be registered for see links
7/67MD5: 937ED8F9CC74D5B1A731881049872911
SHA1: 7B02958D8F4802FD99C7069F5DF510DDCF268BD2
SHA256: D8BD0C405FADDD836C8732DF4C128ED1313FE5E6D70B23FEA8808196496724F8
MD5-without-overlay: 0B1E62602E4F0F71B32942CDEF635C34
SHA1-without-overlay: EDFA07D6636D117B86D24C543EFC91BEFE54BC2D
SHA256-without-overlay: 61192AD7272DDDB27D9CF64D819B26B71F8FA9660E7C9BD72DB22C6CB5DAA993
Version 3.0: File: Start.cmd
You must be registered for see links
0/58MD5: 2A0726E10403C79A693CBC278F208B54
SHA1: 9A867A655D8B1A14623E3DE39D9B068065CC8B78
SHA256: 3C4AD7E21F8B73E852DB27B1BCE769D21F96A66002208581F3B26FC327E407DA
ALTERNATIVE:
You must be registered for see links
Download links - version 4.1 (Size: 2.16 MB):
You must be registered for see links
You must be registered for see links
You must be registered for see links
You must be registered for see links
Download links - version 4.0 (Size: 2.16 MB):
You must be registered for see links
You must be registered for see links
You must be registered for see links
You must be registered for see links
Download links - version 3.2 (Size: 538.05 KB):
You must be registered for see links
You must be registered for see links
You must be registered for see links
You must be registered for see links
Download links - version 3.0 (Size: 593.73 KB):
You must be registered for see links
You must be registered for see links
You must be registered for see links
You must be registered for see links
Last edited: