Clean File Quarantine from downloaded files
This category configures macOS using 2 scripts. The category includes 2 subscripts.
This category configures macOS using 2 scripts. The category includes 2 subscripts.
This script configures macOS using Bash (Shell script). It runs "find ~/Downloads \\ -type f ...".
This script configures macOS using Bash (Shell script). It runs "db_file=~/Library/Preferences/com.apple.LaunchS...".
These scripts configures Attachment Manager included in Windows that takes further actions for files that you receive or download such as storing classification metadata and notifying other software.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables the "ExploitGuard MDM policy Refresh" scheduled task. The task is originally described in the Task Scheduler as: "Task for applying changes to the machine's Exploit Protection settings". Windows Defender Exploit Guard is a security feature in Windows, designed to prevent potential intrusions. It encompasses various components such as "Attack Surface Reduction (ASR)", "Network protection", "Controlled folder access", and "Exploit protection". Specifically, the "ExploitGuard M...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script hides the "Firewall & network protection" section in the "Windows Security" interface. Previously, this interface was called "Windows Defender Security Center". The "Firewall & network protection" section provides details about the device's firewalls and network connections. It shows the status of both the Windows Defender Firewall and any other third-party firewalls. However, after using this script, users will no longer see this section in the "Windows Security" interface. This scr...
This script prevents Microsoft's Malicious Software Reporting Tool (MSRT) from transmitting diagnostic data. Malicious Software Reporting Tool is a component of the Malicious Software Removal Tool (MSRT). The MSRT is designed to detect and remove specific, prevalent malware from Windows computers. The tool is integrated into Defender Antivirus. It's also downloaded and run automatically by Windows Update in the background. This tool raises significant privacy concerns: to track citiz...
https://web.archive.org/web/20240314062056/https://batcmd.com/windows/10/services/wdnisdrv/ • https://web.archive.org/web/20240609145030/https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide Overview of default service statuses - | OS Version | Status | Start type | | ---------- | -------| ---------- | | Windows 10 (≥ 22H2) | 🟢 Running | Manual | | Windows 11 (≥ 23H2) | 🔴 Stopped | Manual |
This script disables the "PerformRemediation" scheduled task in Windows. This task performs recovery actions for update-related services to ensure they run in a supported configuration. Disabling this task enhances privacy by reducing automatic system changes and limiting data collection related to updates. It enhances control over system settings, letting users manage update configuration tasks without being overridden by the system. It improves performance by preventing unnecessary background ...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables the "Report policies" scheduled task. This task might be responsible for reporting policy-related information to Windows Update or other system management tools. According to the Task Scheduler, this task executes "%SYSTEMROOT%\\System32\\UsoClient.exe ReportPolicies". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\Report policies": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🟢 Ready | | Windows 11 22H2 ...
This script disables the "RestoreDevice" scheduled task. This task is involved in restoring device settings or drivers as part of update processes. Overview of default task statuses - "\\Microsoft\\Windows\\InstallService\\RestoreDevice": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🟡 N/A (missing) | | Windows 11 22H2 | 🟡 N/A (missing) | | Windows 11 23H2 | 🟢 Ready |
This script disables the "ScanForUpdates" scheduled task. This task is responsible for performing update scans. Microsoft officially documents this task as part of the Windows updates process. Microsoft suggests disabling this task as a measure to reduce data collection and improve performance. This recommendation is also supported by Citrix for optimization purposes. Overview of default task statuses - "\\Microsoft\\Windows\\InstallService\\ScanForUpdates": | OS Version | Default status | | -...
This script disables the "ScanForUpdatesAsUser" scheduled task. This task is responsible for performing update scans under user-specific contexts. Microsoft officially documents this task as part of the Windows updates process. Microsoft suggests disabling this task as a measure to reduce data collection and improve performance. This recommendation is also supported by Citrix for optimization purposes. Overview of default task statuses - "\\Microsoft\\Windows\\InstallService\\ScanForUpdatesAsUser": ...
This script disables the "Schedule Maintenance Work" scheduled task. This task is responsible for performing maintenance activities related to Windows Update, such as cleanup operations or preparation steps for update installations. According to the Task Scheduler, this task executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartMaintenanceWork". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Maintenance Work": | OS Version | Default status | | ------------...
This script disables the "Schedule Scan Static Task" scheduled task. This task is responsible for running update scans at static, predefined intervals. According to the Task Scheduler, this task conducts a scheduled Windows Update scan. It executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartScan". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan Static Task": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🟢 Ready | ...
This script disables the "Schedule Scan" scheduled task. This task responsible for periodically scanning for Windows updates. According to the Task Scheduler, this task executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartScan". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Scan": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🟢 Ready | | Windows 11 22H2 | 🟢 Ready | | Windows 11 23H2 | 🟢 Ready |
This script disables the "Schedule Wake To Work" scheduled task. This task is responsible for waking the computer from sleep or low-power mode to perform Windows updates. According to the Task Scheduler, this task executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartWork". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Wake To Work": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🔴 Disabled | | Windows 11 22H2 | 🔴 Disa...
This script disables the "Schedule Work" scheduled task. This task is responsible for scheduling and initiating Windows updates processes at predetermined times. According to the Task Scheduler, this task executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartWork". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\Schedule Work": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🔴 Disabled | | Windows 11 22H2 | 🔴 Disabled | | Windows ...
This script disables the "Scheduled Start" scheduled task. This task initiates the Windows Update service at predetermined times or under specific conditions to perform tasks like checking for and installing updates. According to the Task Scheduler, this task initiates the Windows Update service for scheduled operations like scans. It executes "%SYSTEMROOT%\\System32\\sc.exe start wuauserv". Overview of default task statuses - "\\Microsoft\\Windows\\WindowsUpdate\\Scheduled Start": | OS Version ...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables the "SmartRetry" scheduled task. This task handles the automatic retrying of failed updates, attempting to redownload or reinstall updates that didn't install successfully on the first try. Microsoft officially documents this task as part of the Windows updates process. Microsoft suggests disabling this task as a measure to reduce data collection and improve performance. This recommendation is also supported by Citrix for optimization purposes. Overview of default task statu...
This script disables the "Start Oobe Expedite Work" scheduled task. This task is responsible for performing tasks related to the "out-of-box experience" (OOBE) in Windows, such as updating system settings, applications, or features soon after a system update or initial setup. According to the Task Scheduler, its purpose is to perform a scheduled Windows Update scan. It executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartWork". Overview of default task statuses - `\\Microsoft\\Windows\\UpdateOrchestr...
This script disables the "StartOobeAppsScanLicenseAccepted" scheduled task. This task is responsible for initiating a scan of applications as part of the OOBE process, after a license agreement is accepted, verifying that apps are up-to-date. According to the Task Scheduler, its purpose is to perform a scheduled Windows Update scan. It executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartOobeAppsScan". Overview of default task statuses - `\\Microsoft\\Windows\\UpdateOrchestrator\\StartOobeAppsScanLi...
This script disables the "StartOobeAppsScanOobeAppReady" scheduled task. This task is responsible for scanning applications during the OOBE phase, verifying that apps are ready for use after system updates. According to the Task Scheduler, it performs a scheduled Windows Update scan. It executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartOobeAppsScan". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\StartOobeAppsScanOobeAppReady": | OS Version | Default status |...
This script disables the "StartOobeAppsScanAfterUpdate" scheduled task. This task is responsible for scanning applications following a system update, as part of the OOBE process, to verify that all applications are compatible with the new update. According to the Task Scheduler, it performs a scheduled Windows Update scan. It executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartOobeAppsScanAfterUpdate". Overview of default task statuses - `\\Microsoft\\Windows\\UpdateOrchestrator\\StartOobeAppsScanAft...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables the Update Orchestrator Service, also known as "Update Orchestrator Service for Windows Update". This service is in charge of managing the download and installation of Windows updates. By default, the service is enabled and set to start up manually. While updates can be crucial for the security of your system, this service can sometimes install them without your approval. This lack of control can pose risks to your privacy, as data might be sent from your system without your...
This script disables the "UpdateModelTask Work" scheduled task. This task is responsible for updating Machine Learning (ML) models related to Windows Updates. According to the Task Scheduler, its purpose is to update ML models and it executes "%SYSTEMROOT%\\System32\\UsoClient.exe StartModelUpdates". Microsoft suggests disabling it for performance optimization and reduced data collection. Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\UpdateModelTask": | OS Version ...
This script disables the "USO_UxBroker" scheduled task. This task is related to the User Experience (UX) Broker process in Windows, managing user notifications or interactions required after an update. According to the Task Scheduler, this task is responsible for triggering a system reboot following update installations. It executes "%SYSTEMROOT%\\System32\\MusNotification.exe". Disabling this task is recommended to reduce data collection and enhance system performance. Overview of default task st...
This script disables the "UUS Failover Task" scheduled task. This task is responsible for the failover mechanism for updates, designed to handle scenarios where a primary update process fails or encounters issues. According to the Task Scheduler, this task is responsible for performing a scheduled Windows Update scan. It executes "%SYSTEMROOT%\\System32\\UsoClient.exe HandleUusFailoverSignal". Overview of default task statuses - "\\Microsoft\\Windows\\UpdateOrchestrator\\UUS Failover Task": | OS Versi...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables the "WakeUpAndContinueUpdates" scheduled task. This task is responsible for waking the computer from sleep to continue or complete pending updates. Overview of default task statuses - "\\Microsoft\\Windows\\InstallService\\WakeUpAndContinueUpdates": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🔴 Disabled | | Windows 11 22H2 | 🔴 Disabled | | Windows 11 23H2 | 🔴 Disabled |
This script disables the "WakeUpAndScanForUpdates" scheduled task. This task is responsible for waking up the system at scheduled times to check for Windows updates. Overview of default task statuses - "\\Microsoft\\Windows\\InstallService\\WakeUpAndScanForUpdates": | OS Version | Default status | | ---------------- | ------ | | Windows 10 22H2 | 🔴 Disabled | | Windows 11 22H2 | 🔴 Disabled | | Windows 11 23H2 | 🔴 Disabled |
https://web.archive.org/web/20240314091443/https://batcmd.com/windows/10/services/sense/ Overview of default service statuses - | OS Version | Status | Start type | | ---------- | -------| ---------- | | Windows 10 (≥ 22H2) | 🔴 Stopped | Manual | | Windows 11 (≥ 23H2) | 🔴 Stopped | Manual |
This script disables the Windows Defender Firewall Authorization Driver service. This service is a kernel mode driver crucial for inspecting network traffic entering and exiting your computer. Disabling this service can enhance privacy by reducing Microsoft's capability to monitor and analyze your network traffic. It also improves system performance by decreasing background resource consumption. The driver is identified by the file "mpsdrv.sys". This file is a component of Microsoft Protec...
This script disables the Windows Defender Firewall service (identified as "MpsSvc"). This component acts as a gatekeeper for your computer, filtering incoming and outgoing network traffic based on established security rules to prevent unauthorized access. This service runs the firewall component of Windows. It starts automatically and runs the "%SYSTEMROOT%\\System32\\MPSSVC.dll" driver. This file is also referred to as Microsoft Protection Service. Beyond firewall functionality, it plays ...
This script disables the Windows Security Health Host. The Windows Security Health Host monitors and reports on the Windows operating system's security status. It continuously checks system security aspects like Defender antivirus, firewall status, and the presence of the latest security patches. It automatically starts with Windows and runs in the background. By disabling this process, the script may improve privacy by preventing the constant monitoring and reporting of system security status. ...
This script disables the Security Health Service's COM objects, which prevents the Windows Security Center from running. Security Health Service is also known as Windows Security Service or Windows Security Health Service. It is a fundamental component of Windows security features. The script disables various Component Object Model (COM) objects related to this service. COM (Component Object Model) is a system enabling interaction between software components in Windows. Disabling the...
This script disables the Windows Security Service, a component that manages various Windows security features. This service is known as Windows Security Service, "SecurityHealthService" or Windows Security Health Service. It provides device protection and system health information. This service is part of the Windows Security interface. Windows Security is a centralized interface managing various Windows security features. In earlier Windows versions, this interface was called ...
This script disables the Windows Security APIs, which are used by Windows and third-party security software to report system security status. These APIs are known as Windows Security APIs, or Windows Security Center APIs. They allow security software to communicate with the Windows Security app. This app monitors the system's security status and provides alerts about potential vulnerabilities. Disabling these APIs can improve privacy by preventing the collection and reporting of security...
This script disables the Windows Update Medic Service ("WaaSMedicSvc") and removes its associated files and registry entries. This service runs continuously in the background and maintains Windows Update components. Disabling this service prevents it from reverting your Windows Update settings, such as re-enabling automatic updates without your permission. This gives you more control over your system's update behavior and settings. This script enhances your privacy by reducing data transmission ...
This script turns off the Windows Update service, which is technically known as Windows Update Agent. By disabling this service, the automatic detection, download, and installation of updates for both Windows and other installed programs are halted. Update can often come bundled with changes that could affect your privacy settings or introduce features that collect more of your data. Taking control of when and how updates are applied provides you with the opportunity to review any changes before...
This script disables all Security and Maintenance notifications in Windows, potentially enhancing privacy but also reducing system security awareness. Security and Maintenance was formerly called Action Center. This interface manages and centralizes Windows security and maintenance settings It notifies users about key system events, security risks, and maintenance issues. Windows automatically checks for security and maintenance issues and sends notifications by default. This script disa...
This script disables all notifications generated by Windows Security. Windows Security is a built-in Windows feature that offers a unified interface for various security products, including Defender Antivirus. This interface was previously called Security Center. By default, local users are notified by Windows Security. This script blocks these notifications. This script may enhance your privacy by reducing visible security-related information on your screen. It may also slightly imp...
This category configures Windows using 2 scripts. The category includes 2 subscripts.
This category contains scripts that disable various components of the Antimalware Scan Interface (AMSI) in Windows. AMSI is a standard interface that allows applications and services to integrate with antimalware products on Windows systems. It functions as an interception engine, enabling software to work with Defender and other antivirus solutions to detect potentially malicious scripts and content. Key features of AMSI include: Scanning scripts and macros for malicious content before executio...
This script disables the Antimalware Scan Interface (AMSI) for the current user, preventing the integration of applications and services with antimalware products. AMSI is a standard interface that integrates applications and services with antimalware products on Windows machines. It helps detect potentially malicious scripts, such as harmful PowerShell commands or Microsoft Office macros, even if they are obfuscated. When AMSI is enabled, antivirus programs can scan scripts before they run. If ...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category configures Windows using 5 scripts. The category includes 5 subscripts.
This script disables automatic app updates from the App Store. It prevents automatic installation of application updates as soon as they become available from Apple. Thus, applications are updated only when you choose to do so. Disabling automatic updates prevents unexpected app behavior or settings changes. It helps you to maintain your current app configurations and privacy settings. It also protects against potential zero-day vulnerabilities in your apps. This gives you the ability to choose ...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures macOS using Bash (Shell script).It can be restored. It runs "# For OS X Yosemite and newer (>= 10.10) sudo...".
This script stops Windows from automatically installing updates every day. By doing so, you gain control over when update happen on your computer. By default, Windows is set to automatically update every day. Having control over the update timing allows you to review what is being changed, thereby protecting your privacy and enhancing your system's security. Technically, what the script does is remove a specific setting in the computer's system registry, the "ScheduledInstallDay" key from `HKLM\\...
This script configures macOS using Bash (Shell script).It can be restored. It runs "# For OS X Yosemite and newer (>= 10.10) sudo...".
This script configures macOS using Bash (Shell script).It can be restored. It runs "# For OS X Yosemite and newer (>= 10.10) sudo...".
This script stops automatic installations of critical updates, including security and system data file updates. It improves privacy by providing: Users can review updates before installation to ensure they meet privacy standards and do not introduce unwanted telemetry or changes. Reduces how often it connects to update servers, potentially protection user information. Control Over Update Timing: • Reduced External Communications: The script configures the `/Library/Preferences/com.apple....
This script stops macOS from automatically installing updates. This script improves privacy by reducing unwanted data collection and ensuring updates don't change settings or data without your approval. The Center for Internet Security (CIS) advises against automatic updates in scenarios where changes require thorough testing and approval processes to avoid operational disruptions. This script configures following to stop macOS from installing updates automatically: 1. `/Library/Preferences/com....
This script changes how your Windows computer handles automatic updates by modifying the "AUOptions" registry key. After running this script, your computer will notify you before downloading any updates. In the default setup, your Windows system is configured to download and install updates automatically without notifying you. This means that new updates could be installed on your system without your explicit approval. By forcing Windows to notify you before downloading updates, this script hand...
This category contains scripts to disable automatic operating system updates. Disabling automatic updates gives users full control over when and which updates are applied to their system. It improves privacy by preventing unwanted data collection, new vulnerabilities and unapproved changes to system settings.
Disabling automatic updates is often considered counterintuitive when it comes to securing your system. However, there are substantial arguments to consider this option if you're privacy-centric: 1. Patching and Pre-Approval: Manual control over update deployment allows for pre-emptive approval of patches. This strategy is useful in environments requiring the highest level of security. For instance, military agencies frequently employ air-gapped systems that mandate careful review of each up...
This script disables the Automatic Updates feature on Windows. Automatic Updates downloads and installs updates without requiring explicit user permission. When enabled, it automatically checks for updates from the Windows Update website whenever you are online. By default, Automatic Updates is enabled. Disabling Automatic Updates provides users control over when and how updates are installed. This enhances privacy by minimizing automatic data transfers to Microsoft servers. However, disabling A...
This script disables the "upfc.exe" process, preventing it from automatically re-enabling Windows updates. "upfc.exe" is found at "%SYSTEMROOT%\\System32\\upfc.exe". This executable is identified by Microsoft as "Updateability From SCM". SCM refers to the "Service Control Manager (SCM)", a special system process also known as "services.exe". "upfc.exe" is automatically launched by SCM during system startup. It is part of the Windows Update self-healing mechanism. It recovers Windows Update Medic S...
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category configures Windows using 3 scripts. The category includes 3 subscripts.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category offers scripts to disable Windows security components related to Defender. Defender is also referred to as Microsoft Defender or Windows Defender. Although designed to protect you, its features may compromise your privacy and decrease computer performance. Privacy concerns include: This allows Microsoft to collect and potentially access your sensitive information. This prevents users from controlling what data Microsoft collects about them. This discourages users from using...
This category provides scripts to disable Defender Antivirus. Defender Antivirus, integrated into Windows, provides protection against viruses, ransomware, and other types of malware. Disabling Defender Antivirus may improve system performance and privacy by stopping related data collection However, disabling it may severely compromise your system's security if not complemented by proper security practices. Carefully consider the trade-off before proceeding. Defender Antivirus comes with fol...
This script disables the "Block at first sight". Block at first sight is Defender Antivirus feature. It protects against threats by quickly detecting and blocking new malware. When Defender Antivirus encounters a suspicious file it can't identify, it consults its cloud protection backend. The cloud backend uses heuristics, machine learning, and automated analysis to identify malicious files. This back-end is part of Cloud Protection. It is also known as Microsoft Active Protection Serv...
This script disables the extended cloud check feature in Defender Antivirus by reducing its timeout. The extended cloud check is a Defender Antivirus feature. It allows Defender to block a suspicious file for up to 60 seconds while it is scanned in the cloud to verify its safety. This script reduces the extended cloud check timeout to 0, effectively disabling the feature. This maintains the standard (default) time, which is 10 seconds. This feature is part of Microsoft MAPS, also known as SpyNet...
This script disables the aggressive cloud protection setting in Microsoft Defender Antivirus. Cloud protection delivers faster protection to devices compared to traditional security intelligence updates. It works on different aggressiveness levels in blocking and scanning suspicious files. This feature applies to both Microsoft Defender Antivirus and Microsoft Defender for Endpoint. By default, the protection level is unconfigured. This default state provides the least protection. Th...
This script disables the Antimalware Scan Interface (AMSI) provider for Defender. The AMSI provider is part of the Antimalware Scan Interface (AMSI). AMSI adds security against malicious scripts in Windows. It enables various antivirus programs to scan for script-based attacks. AMSI provides interface to integrate antimalware modules. By default, Defender uses AMSI to block potentially harmful PowerShell scripts, JavaScript, and VBA macros. Windows registers an AMSI provider for Defender A...
This script disables Defender's main virus-scanning component ("MpEngine.dll"). Microsoft refers to this component as Microsoft Malware Protection Engine. This is a core component of Defender Antivirus. It is enabled by default on Windows. It scans, detects, and removes malware using Microsoft's antivirus technology. The engine monitors system activity by: Scanning files, memory, emails, and web downloads • Analyzing system processes and registry keys • Tracking network activity • Collec...
This script disables Defender's automatic submission of file samples to Microsoft for analysis. Automatic file submission is a feature of Defender Antivirus. By default, Defender automatically sends 'safe' file samples to Microsoft for analysis. This action is part of Microsoft's Advanced Protection Service (MAPS). Previously, this service was known as Microsoft SpyNet. It is now referred to as cloud protection. This automatic collection and submission can include your personal i...
This script disables the Azure data collection library by removing "MpAzSubmit.dll" Microsoft refers to this library as the MpAzSubmit Module and Microsoft Malware Protection. This file is responsible for: Sending data to Azure storage • HTTP communications and REST APIs • It logs events and errors This script enhances privacy by preventing Defender Antivirus from sending potentially sensitive data to Microsoft's cloud services. It may also slightly improve boot performance by reduci...
This script disables the Windows Defender boot driver ("WdBoot") to reduce system monitoring and enhance your privacy and control. This driver is also known as: Windows Defender Boot Driver • Microsoft Defender Antivirus Boot Driver • Early Launch Anti-malware (ELAM) boot driver • Windows Defender ELAM Driver • Microsoft antimalware boot driver • Early Launch Antimalware (ELAM) driver Microsoft introduced this driver as a security feature in Windows 8. As a default component in Windows, the driv...
This script disables the Defender Antivirus cache maintenance task scheduled task. Microsoft refers to this task as: Windows Defender Cache Maintenance • Periodic maintenance task This task is a Defender Antivirus component. The task is scheduled to periodically maintain the cache used by Defender Antivirus. Cache maintenance involves managing temporary files that Microsoft Defender is either scanning or has quarantined. Disabling this task prevents the system from automatically clearing the...
This script disables the Defender Antivirus cleanup scheduled task. Microsoft refers to this task as: Windows Defender Cleanup • Periodic cleanup task This task is a Defender Antivirus component. It is used by Defender to remove unnecessary files, such as corrupted or quarantined items. Disabling this task may enhance your privacy by preserving potentially sensitive quarantined files for manual review and simplifying system activity monitoring. It may also improve system performance by preve...
This category contains scripts that disable or limit Microsoft Defender's cloud-based protection features. Microsoft Defender's cloud protection is also known as Microsoft MAPS (Microsoft Active Protection Service) or Microsoft SpyNet. It is an online community that helps detect and prevent the spread of malware. These features automatically collect data and send it to Microsoft. They leverage user data to identify potentially malicious programs, sharing details such as file information, IP addr...
This script disables Microsoft Defender's cloud protection reporting. Cloud protection is was previously also known as Microsoft MAPS (Microsoft Active Protection Service). It was previously known as Windows Defender Antivirus Cloud Protection Service and Microsoft Defender Antivirus Cloud Protection Service. It's a feature of Defender Antivirus. This feature creates an online community that helps users address potential threats and prevent new malicious software. Participation in ...
This script disables notifications that can turn off security intelligence in Microsoft Defender. This script prevents the antimalware service from receiving notifications to disable individual security intelligence. Security intelligence is updated information that helps antivirus software detect and protect against the latest threats, working with cloud-based protection. The antimalware service, also known as Microsoft Defender Antivirus, is essential to both Microsoft Defender and Microso...
This script disables "MpClient.dll", the Defender Antivirus command-line library. Microsoft refers to this library as the Client Interface. It's a crucial component of Defender Antivirus. It allows Windows and third-party processes to manage Defender Antivirus. It contains functions for: Scanning for viruses • Detecting threats • Updating the antivirus • Configuring antivirus features • Submitting samples and telemetry data • Managing exclusions and Defender Exploit Guard • L...
This script disables the "MpCmdRun.exe" process. This process is also known as the Microsoft Defender Antivirus command-line utility. The utility is part of Defender for Endpoint and Defender Antivirus. It automates Defender Antivirus tasks. It runs scheduled background tasks automatically. It can be used to: Start scans • Start diagnostic tracing • Capture and save network input • Collect diagnostic data • Manage security signatures • Manage quarantined items • Verify Defender...
This script removes the "MpCommu.dll" library, disabling its functionality. Microsoft refers to this library as Communication Module. This library is a component of Defender Antivirus service. It performs several network-related functions: updates and interacting with Windows Update. Communicates with Microsoft servers over HTTP/HTTPS using REST/SOAP APIs and proxy support. • Manages updates, including scheduling and downloading antimalware definition • Submits reports to SpyNet,...
This script removes the Defender Antivirus copy accelerator library ("MpDetoursCopyAccelerator"). This library is referred to by Microsoft as Malware Protection Copy Accelerator Detours Dll. It is a component of Defender Antivirus service. This component monitors and intercepts file copy operations, potentially blocking the copying of certain files. It optimizes scanning by examining copied files for potential threats after a certain number of files have been transferred. The library use...
This script disables the "MpCopyAccelerator.exe" process. This process is called the Microsoft Malware Protection Copy Accelerator Utility. It is part of Defender Antivirus service, introduced in update KB4052623, version 4.18.2201.10 update. It monitors and intercepts file copy operations to enhance security. It logs copy operations and sends the data to Microsoft as part of its Asimov telemetry. Asimov is a Microsoft feedback mechanism that tracks user activity in real time. Th...
This script removes a configuration value that controls where Defender stores its data. This is a configuration related to Defender Antivirus. Windows configures this setting when installing Defender Antivirus service. It specifies where data, including virus definition databases and other detection files, is installed. It is used by various Defender components like "MpClient.dll", "MpSvc.dll", "MsMpEng.exe" and "MpCmdRun.exe". Deleting this value enhances privacy by preventing these compone...
This script disables Defender's device monitoring by removing the driver file "WdDevFlt.sys". Microsoft refers to this file as Microsoft antimalware device filter driver. This driver belongs to Defender Antivirus. It allows Defender to monitor devices you connect, including USB drives, displays, and audio devices. This script improves privacy by: Preventing Defender from monitoring device connections and activities • Reducing tracking of device activity at the system level • Limiting dat...
This script disables the "MpDlpCmd.exe" process. The executable "MpDlpCmd.exe" is the Microsoft Endpoint DLP command-line utility. The process is part of Defender Antivirus and Defender for Endpoint. It offers Data Loss Prevention (DLP) features. DLP is designed to prevent unauthorized sharing or leakage of sensitive data. The utility: Monitors and controls data sharing within an organization • Blocks file operations and requires users to justify their actions based on security polic...
This script disables "EndpointDlp.dll", the endpoint data loss prevention (DLP) library. This library is part of Defender Antivirus, and belongs to its service component. Microsoft refers to this library as Microsoft Endpoint Data Leak Prevention Library. It aims to prevent sensitive data from leaving an organization's network. It provides functions for process on Windows to monitor and control the flow of data. It allows applications to notify the operating system before and after handl...
This category contains scripts that disable various file activity monitoring features of Defender Antivirus. These features are designed to protect your system by monitoring file activities, but they may also compromise your privacy and affect system performance. Disabling these components enhances privacy by limiting the collection of data about your system, usage, and files. These scripts may also improve system performance during file operations. However, disabling these features may redu...
This script removes the "MpDetours.dll" library, effectively disabling its functionality. "MpDetours.dll" is called Malware Protection Detours Dll by Microsoft. It is part of Defender Antivirus service. It is a library designed to offer runtime protection and enforce security policies. The library monitors and controls system operations to prevent unauthorized access and data leaks. It achieves this by intercepting actions and enforcing security policies. It specifically monitors: Contro...
This script disables the file risk estimation library, "winshfhc.dll". This library is a component of Defender Antivirus service. It is officially named File Risk Estimation. It is responsible for: Generalizing system imaging or deployment • Logging system data • Configuring registry entries for Defender Antivirus • Performing cleanup operations related to Defender Antivirus • Interacting with Windows Security Disabling this library may enhance your privacy by reducing system...
This script disables the Defender Antivirus interface. This script keeps the Antimalware User Interface (AM UI) hidden from users. This prevents user interactions with the Defender Antivirus interface. Several reasons to hide the antivirus interface: Minimizing Defender's visible interactions can potentially limit the extent of user data shared with Microsoft, whether you're using Defender or disabling it for an alternative solution. Hiding the interface prevents users from starting and pausing ...
This script disables the license module library of Defender Antivirus. This component is known as the License Module. It is a component of Defender Antivirus service, formerly known as System Center Endpoint Protection. This library manages licensing aspects, such as product validation and configuration management. It is involved in online verification of digital certificates and time stamps. It's also part of Defender Offline's lightweight scanner. By disabling this library,...
This category contains scripts that disable Defender Antivirus management capabilities. Defender Antivirus uses management features to control how it works, collect system data, and change settings on your device or remotely. These management features let system administrators monitor, configure, and control Defender's behavior across multiple devices. Defender needs these features to perform tasks like automated virus scans. Disabling these management features enhances privacy by: Preventing Wi...
This script disables Defender's core monitoring component that tracks and controls your system activities. This component has several names, including: Windows Defender Mini-Filter Driver • Microsoft antimalware file system filter driver • Microsoft Defender Antivirus On-Access Malware Protection Mini-Filter Driver • Windows Defender Real-Time scanning filesystem filter driver • Windows Defender On-Access Malware Protection Mini-Filter Driver • Microsoft Defender Antivirus Mini-Filter Driver Thi...
This script disables the Defender Antivirus Network Inspection Service ("WdNisSvc") and its process, "NisSrv.exe". This service is also known as: Microsoft Defender Antivirus Network Inspection Service • Windows Defender Antivirus Network Inspection Service • Windows Defender Network Inspection Service • NIS This service inspects network traffic to detect known vulnerabilities, aiming to protect against network-based attacks. It is part of Defender Antivirus and Defende...
This category contains scripts to disable various notifications from Defender Antivirus. Defender Antivirus, built into Windows, protects your device from malware and other threats. It analyzes your data using machine learning and cloud-based protection technologies. This data analysis raises privacy concerns. Key features of Defender Antivirus include: Real-time protection against known and new threats • Behavior-based detection to identify suspicious activities Defender Antivirus typically...
This script disables notifications from Defender Antivirus. By default, Defender Antivirus notifies you of potential threats and system status. This script disables these notifications. Disabling these notifications may enhance privacy by limiting visible information on your system's security status. It may also slightly improve system performance by reducing background processes related to notification display. However, this action may reduce your security awareness, potentially leaving your sy...
This script disables the Defender Antivirus Real-time Protection (RTP) module by removing its core library, "MpRtp.dll". The "MpRtp.dll" library is also known as AntiMalware Realtime Monitor. It is a crucial component of Defender Antivirus. It works with the Microsoft Defender Antivirus Mini-Filter Driver ("WdFilter.sys") to intercept and scan file operations. It functions as the Real-time Protection module. It constantly monitors your system for threats. It includes features...
This script disables the real-time security intelligence updates in Defender. Real-time security intelligence updates are a feature of Defender Antivirus. They are part of Microsoft Active Protection Service (MAPS). MAPS is also known as Microsoft SpyNet or cloud protection. This service collects and sends personal data and other information to Microsoft. When enabled, if Defender encounters an unknown file and MAPS has new intelligence on a threat involving that file, it immediately...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables Defender's remote management capabilities. The script specifically targets a component known as the Microsoft Security Client Antimalware Provider. This component allows PowerShell to manage Defender remotely, often through System Center Endpoint Protection (SCEP). Disabling this component enhances your privacy by preventing remote access to your Defender settings and data. It may also enhance system performance by reducing background processes associated with remote...
This script disables Windows Defender's ability to receive remote configurations. Windows Defender Management uses this feature to remotely control Defender's behavior. It uses a Configuration Service Provider (CSP) as an interface between the device's settings and specified configurations. CSPs, like Group Policy client-side extensions, enable reading, setting, modifying, or deleting settings for specific features. Mobile device management (MDM) service providers commonly use these CSPs. Disabl...
This script disables the remote configurations and experimentation features of the Microsoft Defender Core service. It enhances privacy by limiting the data Microsoft collects about your system and usage habits. It may improve system performance by reducing background processes related to these features. Disabling this feature may affect Microsoft's ability to improve the Defender product. This script specifically targets the Microsoft Defender Core Service. This service is a part of Defender ...
This category contains scripts to disable remote management capabilities of Defender Antivirus. Remote management allows administrators or management systems to control Defender settings and receive information remotely. This includes applying configurations, running scans, and collecting device security data. Disabling remote management enhances your privacy by: Preventing remote access to your Defender settings and data. • Reducing the amount of information shared with management systems. • Gi...
This script disables the Defender Antivirus scheduled scan scheduled task. Microsoft refers to this task as: Windows Defender Scheduled Scan • Periodic scan task This task is a component of Defender Antivirus. It performs automatic regular antivirus scans. Disabling this task may enhance your privacy by giving you more control over when and how often your system is scanned. It may also improve system performance by reducing background processes. However, regular scans are a key part of maint...
This category contains scripts to disable maintenance tasks of Defender Antivirus. Scheduled tasks are automated operations that Windows runs at specific times or events. Defender uses these tasks to maintain its antivirus service. Disabling these tasks enhances privacy by: Stopping automatic data collection • Giving you control over data collection and deletion Disabling these tasks can also improve system performance by: Reducing background processes • Decreasing boot time • Reducing resou...
This category disables the Defender Antivirus service and its related components. This service is also referred to as Microsoft Defender Antivirus Service and Windows Defender Service. It is a core component of Microsoft Defender Antivirus, essential for its operation. Using these scripts offers two benefits: Enhanced Privacy: Limits Microsoft's data collection on your files and system activity. • Improved Performance: Reduces system resource usage by limiting background processe...
This script disables the Microsoft Defender Antivirus Service and its associated process ("MsMpEng.exe"). This service is known both as Microsoft Defender Antivirus Service and Windows Defender Service. It is the primary component of Defender Antivirus, essential for its functionality. Disabling this service has the following benefits: It enhances privacy by preventing Microsoft from collecting data about your system and files for malware analysis. • It improves system performance by...
This script disables the running state of the Defender Antivirus service. Setting the service to 'not running' prevents activation of any components dependent on the Defender service (also called the Antimalware Service). This gives you more control over Defender's operations. This script enhances privacy by preventing Defender Antivirus from running in the background, which stops potential unwanted data collection and system scans. It may also boost system performance by stopping Defender A...
This script configures Windows to stop the Defender Antivirus service when antivirus protection is disabled. The Microsoft Defender Antivirus service was formerly called the Antimalware Service. This service is one of the core components of Defender Antivirus. It raises privacy concerns because it sends files to Microsoft servers for analysis. By default, Windows stops this service when antivirus features are disabled. This script enforces this default behavior to consistently and persis...
This script prevents the Defender Antivirus service from starting automatically. By default, Windows may automatically start the Defender Antivirus service (also called the Antimalware Service) under specific conditions. This script allows you to control when the service runs. This script enhances privacy by preventing unexpected Defender Antivirus scans and data collection. It may improve system performance by stopping the service from using system resources without your permission. However...
This script prevents Defender Antivirus from communicating with other applications. The script blocks communication by removing components that allow Defender Antivirus to share data with other programs. Windows enables applications to communicate and share data using interprocess communications (IPC). This communication is achieved through the Component Object Model (COM). COM lets programs communicate and share data with other programs. Programs communicate across computer networks. Th...
This script configures Defender Antivirus to start with a lower priority. By default, Windows runs the Defender Antivirus service (also called the Antimalware Service) with normal priority. This script changes the startup priority to low. This enhances privacy by reducing background scanning and potentially limiting data collection during Windows startup. It may improve system performance by reducing resource usage for the antivirus during startup. Lowering the priority may delay antivir...
This script disables Defender Antivirus from running in Safe Mode. Safe Mode is also known as Safe Boot. It starts Windows in a limited state where only essential services and drivers are loaded. By default, the Defender Antivirus service is set to run in this mode. This script improves privacy in Safe Mode by preventing Defender Antivirus from: Collecting system data • Scanning files • Sending telemetry data to Microsoft This also increases system speed in Safe Mode by reducing back...
This script disables "MpSvc.dll". Microsoft refers to "MpSvc.dll" as the Service Module. It is part of Defender Antivirus service. It manages essential Defender Antivirus functions, including: Scans: Monitors files in real-time, protects network, manages scans • Updates: Downloads new virus definitions • Threats: Finds and removes malware • Telemetry: Collects and sends data to Microsoft • Integrations: Works with Windows Security Center and antimalware scanning (...
This script disables Defender Antivirus-related notifications on the Windows taskbar. It removes taskbar integrations (AppUserModelId) for Defender components. AppUserModelIds link processes, files, and windows to specific applications, organizing them on the Windows taskbar, managing Jump Lists, and controlling pinning. This script may enhance privacy by reducing the visibility of antivirus-related information on your desktop. It may also slightly improve system performance by disabling these...
This script disables telemetry collection by Defender, enhancing user privacy. By default, Microsoft collects telemetry data from Microsoft Defender Antivirus and other Defender software. This data collection is referred to as 1DS telemetry. Microsoft's One Data Strategy (1DS) centralizes and collects telemetry from various Microsoft services and tools. The strategy collects data from various Microsoft services and tools. The Microsoft Defender Core Service collects telemetry for Microsoft Defen...
This script disables the Defender UAC (User Account Control) AMSI (Antimalware Scan Interface) provider. The UAC AMSI provider allows Defender to scan and analyze UAC elevation requests for potential security threats. UAC manages the elevation of privileges for executables, COM objects, MSI packages, and ActiveX installations. UAC elevation on Windows is a security feature that asks for permission before allowing changes that could affect the system's operation. Disabling this provider may enhan...
This script disables the Defender Antivirus verification scheduled task. Microsoft refers to this task as: Windows Defender Verification • Periodic verification task This task is a Defender Antivirus component. It checks for issues with Defender, such as update problems or system file errors. It is also linked to the creation of daily system restore points. Disabling this task may improve privacy by reducing the system state data stored on the device. It may also boost system performance by ...
This script prevents Defender from sending Watson events to Microsoft. Watson events are automatically sent reports to Microsoft when a program or service crashes or fails. By default, these reports are sent automatically. This script specifically targets reporting behavior of Defender Antivirus without affecting other applications or services that may use Watson events. Disabling Watson events enhances privacy by preventing the automatic submission of potentially sensitive information about...
This script disables Defender's ability to be managed through Windows Management Instrumentation (WMI). WMI enables the management and automation of tasks on Windows computers. WMI is primarily used for remote management and monitoring but it can also operate locally. Disabling Defender's WMI management enhances privacy by preventing unauthorized remote modifications to Defender settings. It may also improve system performance by reducing background processes related to WMI management. However, ...
This script disables the deprecated Defender Application Guard feature, which isolates applications to enhance security. Application Guard uses Windows Hypervisor to create a secure virtual environment for certain apps. This isolation protects the system kernel and other applications from threats due to improper user interactions or vulnerabilities in isolated apps. Microsoft deprecated the Application Guard feature in 2023 and no longer provides updates. Disabling this feature may improve p...
This script disables Defender Application Guard's remote configuration capability. Defender Application Guard uses virtualization to isolate untrusted websites and files. As of 2023, Microsoft has discontinued support and updates for the Application Guard feature. This feature can be configured remotely using tools like Microsoft Intune. Remote management of this feature is done through Configuration Service Providers (CSPs). Disabling this feature enhances privacy by preventing remote modificat...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category features scripts designed to reduce or eliminate data collection by Defender. Disabling these features enhances privacy by limiting the information shared with Microsoft. Although Microsoft Defender offers security benefits, it also collects data for analysis, service improvement, and threat detection. However, this data collection may raise privacy concerns for users. The scripts in this category allow you to: 1. Minimize the data sent to Microsoft about your system and Defender u...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category disables Defender Exploit Guard, potentially enhancing privacy and system performance. Exploit Guard is also called Windows Defender Exploit Guard or Microsoft Defender Exploit Guard. This component has been a built-in feature of Windows 10 since version 1709. It's the successor to the Enhanced Mitigation Experience Toolkit (EMET). Exploit Guard uses Microsoft Cloud for machine learning and to check websites and IP addresses. Disabling it may enhance privacy by preventi...
This category provides scripts to disable the Defender Firewall. This firewall serves as a security gate for your computer. It controls network traffic to and from a computer. It blocks all incoming traffic by default and allows outgoing traffic. It enables users to block connections. For enhanced security, users can require a VPN for all connections with IPSec rules. This can protect your computer from unauthorized access. Microsoft has renamed the firewall several times to reflect branding cha...
This script disables the Windows Defender Firewall with Advanced Security (WFAS) management interface. The Windows Defender Firewall with Advanced Security (WFAS) is a Microsoft Management Console (MMC) snap-in offering advanced configuration options for your firewall. It can be accessed locally or through group policies by typing "wf.msc" in the Start menu. The Microsoft Management Console (MMC) acts as a toolbox for managing various Windows components, including hardware, software, and...
This script disables the Windows Defender Firewall Control Panel applet, restricting access to firewall settings through this specific interface. The Windows Defender Firewall Control Panel applet is a tool for configuring the Defender Firewall. It can be accessed by typing "firewall.cpl" in the Start menu and pressing Enter. Disabling this applet enhances security by reducing the attack surface and potential vulnerabilities in the firewall's configuration interface. This action preserve...
This section contains scripts to disable the essential services and drivers of Defender Firewall. Defender Firewall uses services and drivers to operate. Services run background tasks, while drivers help hardware and software communicate. Even with the firewall disabled in settings, its services and drivers continue running, potentially monitoring network traffic and consuming resources. These scripts directly disable these components, bypassing standard Windows settings and their limitations. D...
This category provides scripts to disable Defender for Endpoint, a security platform that impacts user privacy. Defender for Endpoint is officially known as Microsoft Defender for Endpoint. It was previously called Microsoft Defender Advanced Threat Protection (ATP). It is designed to protect enterprise networks from advanced threats. An advanced threat, also known as an Advanced Persistent Threat (APT), is a type of cyber attack that uses continuous, covert, and sophisticated me...
This script disables remote configuration for Microsoft Defender for Endpoint, enhancing privacy and local control over your device's security settings. Microsoft Defender for Endpoint is a security suite designed to protect devices from cyber threats. Some components are included by default on Windows without requiring user opt-in. Remote configuration allows administrators to manage and update settings across multiple devices. This feature is typically used in work or school environments where...
This category provides scripts to disable background services supporting Defender interface elements. These services enable real-time updates and interactions with Defender's security features. Disabling these services may: Reduce system resource usage • Minimize background processes related to the Defender interface • Limit potential data collection associated with Defender's user interface However, this action may also: Prevent certain security notifications from appearing • Limit your ability...
This category configures Windows using 2 scripts. The category includes 2 subscripts.
This category configures Windows using 2 scripts. The category includes 2 subscripts.
This category configures Windows using 4 scripts. The category includes 4 subscripts.
This category configures Windows using 3 scripts. The category includes 3 subscripts.
This category configures Windows using 5 scripts. These scripts are organized in 1 categories. The category includes 3 subscripts and 1 subcategories that include more scripts and categories.
This category configures Windows using 29 scripts. These scripts are organized in 8 categories. The category includes 6 subcategories that include more scripts and categories.
This category configures Windows using 11 scripts. These scripts are organized in 1 categories. The category includes 9 subscripts and 1 subcategories that include more scripts and categories.
This category configures Windows using 15 scripts. These scripts are organized in 1 categories. The category includes 4 subscripts and 1 subcategories that include more scripts and categories.
This script disables a system service that operates in the background, monitoring your device and providing security notifications. This service is named Defender Shell Service, also referred to as Security Health SSO. It is a component of *Windows Security (formerly Windows Defender Security Center). It operates in the background, scanning your device for threats and sending notifications as necessary. The service is associated with the "SecurityHealthSystray.exe" process, which...
This category disables Defender System Guard, a security feature in Windows. This feature is referred to as Windows Defender System Guard, System Guard, and internally within Microsoft as Octagon. Introduced in Windows 10, version 1709, it is a set of system integrity features. System Guard acts as an anti-tampering mechanism. It is a Windows component that protects system integrity during startup and runtime. It is included as part of the Defender for Endpoint suite. It ...
This category configures Windows using 15 scripts. These scripts are organized in 2 categories. The category includes 4 subscripts and 1 subcategories that include more scripts and categories.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category configures Windows using 5 scripts. The category includes 5 subscripts.
This script configures macOS using Bash (Shell script).It can be restored. It runs "filetolock=~/Library/Preferences/com.apple.La...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script disables the SmartScreen feature in Edge (Legacy). Edge (Legacy) uses the Windows Defender SmartScreen by default to protect users from phishing scams and malicious software. This feature is enabled by default and cannot be turned off by users. This script disables SmartScreen and prevents users from turning it back on. As a result, users will not receive alerts about potential threats. Disabling this feature reduces potential privacy risks by preventing data sharing. This may also i...
This script disables the SmartScreen feature in Edge. SmartScreen warns against potential phishing scams and malicious software. By default, Microsoft Defender SmartScreen is active, but users can opt out. Once you run this script, Microsoft Defender SmartScreen will be turned off. Disabling this feature reduces potential privacy risks by preventing data sharing. This may also improve system performance by reducing processing workload. While disabling this feature increases user autonomy and pri...
This script lets you configure whether Microsoft Defender SmartScreen checks download reputation from a trusted source. Edge determines a trusted source by checking its Internet zone. If the source comes from the local system, intranet, or trusted sites zone, then the download is considered trusted and safe. By default, if you do not run this script, Microsoft Defender SmartScreen checks the download's reputation regardless of source. Once you run this script, Microsoft Defender SmartScreen does...
This script stops Microsoft Defender SmartScreen from making DNS requests. By default, Microsoft Defender SmartScreen sends DNS requests to identify potentially harmful websites, like those involved in phishing or malware. Disabling DNS requests stops SmartScreen from obtaining IP addresses, which enhances privacy by reducing IP data sharing. This script also improves security by reducing dependence on DNS servers. Disabling DNS requests mitigates a security risk: if DNS fails to resolve a websi...
This script disables Edge's SmartScreen feature that targets potentially unwanted applications (PUAs). Edge's SmartScreen PUA feature aims to protect against adware, coin miners, bundleware, and other low-reputation software. This feature warns users about potentially harmful applications. This feature is off by default. This script keeps the feature inactive, preventing automatic or unintended activations. Disabling this feature reduces potential privacy risks by preventing data sharing. This m...
This script configures macOS using Bash (Shell script).It can be restored. It runs "sudo defaults write com.apple.LaunchServices...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category configures macOS using 4 scripts. These scripts are organized in 2 categories. The category includes 2 subcategories that include more scripts and categories.
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures macOS using Bash (Shell script).It can be restored. It runs "osmajorver=$(sw_vers -productVersion | awk...".
This category configures macOS using 2 scripts. The category includes 2 subscripts.
This script configures macOS using Bash (Shell script).It can be restored. It runs "sudo defaults write...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category configures Windows using 2 scripts. The category includes 2 subscripts.
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures macOS using Bash (Shell script).It can be restored. It runs "sudo defaults write...".
This script configures macOS using Bash (Shell script).It can be restored. It runs "# For OS X Yosemite and newer (>= 10.10) sudo...".
This category configures macOS using 2 scripts. The category includes 2 subscripts.
This script disables the Microsoft Data Loss Prevention (DLP) service. The service is known by several names: Microsoft Data Loss Prevention Service • Microsoft Endpoint DLP service • Microsoft Purview Data Loss Prevention Service This service is a component of both Defender Antivirus and Defender for Endpoint. It is also included in the larger Microsoft Purview offering. This service provides DLP (Data Loss Prevention) functionality. It helps prevent unauthorized sharing of sensitiv...
This script disables the Microsoft Defender Core service ("MDCoreSvc"). The Microsoft Defender Core service is a component of Defender Antivirus. It is included in Microsoft Defender for Endpoint suite.. It contributes to the stability and performance of Defender Antivirus. This script improves privacy by disabling this service. It reduces data collection associated with Microsoft Defender Antivirus and Microsoft Defender for Endpoint. It may also increase system performance by removing ...
This script disables the "ConfigSecurityPolicy.exe" process. This process is also known as Microsoft Security Client Policy Configuration Tool. It was formerly known as Microsoft Security Client Policy Configure. This tool is part of Defender Antivirus, Defender for Endpoint and the Security Configuration Engine. The Security Configuration Engine handles security configuration requests on Windows. The engine functions as an extension of the Local Group Policy Editor f...
This script disables the Microsoft Security WFP callout driver and its associated files. Microsoft refers to this component as Microsoft Security WFP Callout Driver. This is a kernel-mode driver. Windows uses this driver to monitor and control network traffic for security purposes. It is part of the Windows Filtering Platform (WFP). WFP provides a framework for building network filtering applications. It is used by built-in Defender Firewall to filter network packets. It works on...
This category configures Windows using 2 scripts. The category includes 2 subscripts.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category configures Windows using 3 scripts. The category includes 3 subscripts.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script prevents Windows from sending file attachments to antivirus programs for scanning when opened. Windows registered antivirus programs for downloaded files from Internet or through e-mail attachments. If multiple programs are registered, they will all be notified. This is disabled by default, so even if you do not configure run this script, Windows does not call the registered antivirus programs when file attachments are opened. If it is enabled, Windows blocks file from being opened w...
This script disables outdated Defender Antivirus user interface components. The Windows Defender User Experience Host managed communication between Windows components and apps, including the discontinued Windows Defender Security Center. This interface is not present in modern Windows versions, so this script will not affect recent Windows systems. Disabling this component may enhance privacy on older systems by reducing monitoring and data collection from the Defender components. It helps m...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category provides scripts to disable the deprecated Defender Application Guard, a feature originally designed to protect business environments. Defender Application Guard is also referred to as Microsoft Defender Application Guard (MDAG). It was formerly known as Windows Defender Application Guard. It uses hardware isolation to protect against internet-based attacks. It creates Hyper-V-enabled containers to isolate potentially harmful content. MDAG consists of two main components: | Com...
This script prevents specific versions of Microsoft Edge from updating to the newer SmartScreen library. This script reverts Microsoft Edge to the previous SmartScreen library, used before version 103. It blocks Edge from loading the new SmartScreen library ("libSmartScreenN"), which is responsible for checking site URLs and application downloads. By running this script, Edge will utilize the older library ("libSmartScreen"). This script is effective only for Microsoft Edge versions 95 to 107. I...
This script disables SmartScreen in outdated versions of Internet Explorer. SmartScreen is also known as the Phishing Filter or SmartScreen Filter. It protects users by identifying and blocking malicious web content. Disabling this feature enhances your privacy by preventing the collection of data related to your browsing habits. It can also increase system performance by reducing the computational overhead required to scan and evaluate web content. However, this may also lower your security...
This script disables the outdated Internet Explorer SmartScreen filter ("ieapfltr.dll"). The "ieapfltr.dll" file is also known as Microsoft SmartScreen Filter or Anti-phishing browser solution. It is mainly used by Internet Explorer. Despite the official end of support for Internet Explorer 11 on June 15, 2022, some systems may still have this component. Benefits: By disabling the SmartScreen functionality that monitors user behavior, this script enhances your privacy. It reduces the att...
This script disables privacy mode for Defender scans, limiting threat history access to administrators. By default, privacy mode is enabled. When active, it restricts the display of spyware and potentially dangerous programs to administrators only, instead of all users on the computer. It blocks non-administrators from viewing threat history. This is a legacy setting that only affects older versions of Defender Antivirus. It has no impact on current platforms. Limiting threat history to administ...
This script disables the SmartScreen settings interface in older Windows versions. It specifically targets and soft-deletes the "SmartScreenSettings.exe" file. Found only in older Windows versions, including Windows 8. Based on tests, this file does not exist in newer versions such as Windows 11 Pro (23H2) or Windows 10 Pro (22H2) and beyond. The "SmartScreenSettings.exe" is a user interface component that displays settings for the SmartScreen filter. Removing this component may enhance privacy ...
This script disables older scheduled tasks associated with Windows updates, which are no longer present in Windows versions since Windows 10 22H2 and Windows 11 22H2. The script is compatible with Windows 10 and newer versions, skipping any missing tasks on recent systems. These tasks are linked to specific system files and are involved in various update processes, such as downloading and installing updates, rebooting after updates, and more. Disabling these tasks can help reduce unnecessary sys...
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category configures Windows using 11 scripts. These scripts are organized in 3 categories. The category includes 5 subscripts and 3 subcategories that include more scripts and categories.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables marking file attachments by using their zone information. The default behavior is for Windows to mark file attachments with their zone information. The zone information of the origin describe whether the file was downloaded from internet, intranet, local, or restricted zone. It is used by Attachment Manager that is included in Windows to help protect the computer from unsafe attachments that can be received with e-mail message or downloaded from Internet. If the Attachment M...
This category configures Windows using 3 scripts. The category includes 3 subscripts.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category configures Windows using 3 scripts. The category includes 3 subscripts.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script disables the scheduled scans by the Malicious Software Removal Tool (MSRT) provided by Microsoft. Starting from version 5.39 in August 2016, MSRT sends a "Heartbeat Report" to Microsoft every time it runs. This behavior occurs even if certain user preferences like the Customer Experience Improvement Program (CEIP) are turned off or if "DiagTrack" is not on the computer. A record of this "Successfully Submitted Heartbeat Report" can be checked in the MRT log, found at `%SYSTEMROOT%\\de...
This script turns off the automatic installation of Windows updates that are set to occur at a specific time. By doing this, you take back control over when your computer updates itself. The default behavior is to install updates at 3 AM. Windows updates can be important for system security, but automatic installation could occur at inconvenient times and may even restart your computer without prior warning. This could interrupt your tasks and may send data about your system to external servers....
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category provides scripts that let you disable specific sections of the "Windows Security" interface. Windows Security provides a centralized location for managing security settings and viewing system status. This interface was introduced in Windows 10, version 1703. It was previously known as Windows Defender Security Center. Windows Security has various sections, and each can be turned off individually. If all sections are disabled, Windows Security will display in a restricted mo...
This script disables the Microsoft Security Core Boot Driver ("msseccore.sys"). This driver is a kernel-mode component that enforces security policies during the boot process. It was introduced in Windows 11 22H2, starting with Insider Preview Build 25188. It operates as a Secure Boot driver. Secure Boot is a feature that prevents unauthorized software from loading at startup and requires compatible hardware. The driver handles several security-related tasks: A malfunction may cause ...
This category includes scripts that disable various components of the Security and Maintenance feature. Security and Maintenance was previously known as Action Center. This feature provides a central interface for managing Windows security and maintenance settings. It monitors and reports on system health, including security threats, software updates, and hardware issues. Disabling these components enhances privacy by reducing system monitoring and data collection associated with sec...
This script disables the Security and Maintenance feature in the Windows Control Panel. Security and Maintenance (previously Action Center) is a central interface for managing Windows security and maintenance settings. It controls: Security components such as firewall, Internet security settings, and User Account Control (UAC) • Maintenance features as automatic Maintenance, drive status, and file history This interface also displays relevant notifications. After running this...
This script disables the Security and Maintenance library, a core component of Windows security monitoring. Security and Maintenance was formerly known as Action Center. It is a central interface for managing Windows security and maintenance settings. By default, Windows automatically checks for security and maintenance issues and sends notifications via this interface. This script disables the "ActionCenter.dll" library, which is responsible for: Managing security and maintenance notifi...
This script disables the Security and Maintenance desktop integration in Windows. Windows automatically loads certain applications at startup using Shell Service Objects. These objects are loaded early during startup by "explorer.exe", the core shell for Windows. Shell Service Objects handle tasks like file management, system operations, and user interface interactions. The script removes the Security and Maintenance Shell Service Object. This object shows security and health notificatio...
This script disables Security and Maintenance integrations that use Component Object Model (COM). Previously, Security and Maintenance was known as Action Center. Component Object Model (COM) enables communication between software components, whether within the same process, on the same computer, or across different computers. By removing registry entries for these integrations, the script prevents Windows from creating and using COM objects related to Security and Maintenance notifica...
This category includes scripts to disable Security and Maintenance notifications in Windows. Security and Maintenance was previously known as the Action Center or Security Center. It serves as a central interface in Windows for managing security and maintenance settings. It alerts users to important system events, security risks, and maintenance issues. Disabling these notifications may enhance privacy by reducing the visibility of system health and security details. It may also slig...
This script disables all Windows Security and Maintenance notifications, which may enhance privacy but could potentially impact system security. Security and Maintenance was previously known as Action Center. It offers a central interface to manage security and maintenance settings. It's integrated into the Windows Control Panel. It notifies you about important system events and issues. These notifications are enabled by default. Disabling these notifications may enhance privacy by limit...
This script disables Security and Maintenance-related notifications on the Windows taskbar. It removes taskbar integrations (AppUserModelId) for Action Center and Security and Maintenance components. Security and Maintenance was previously known as Action Center. AppUserModelIds link processes, files, and windows to specific applications, organizing them on the Windows taskbar, managing Jump Lists, and controlling pinning. This script may enhance privacy by reducing the visibility of s...
This script disables the Microsoft Security Events filter driver ("MsSecFlt.sys"). This driver is known by different names: Microsoft Security Events Component File System Filter Driver • MSSense: Microsoft Defender for Endpoint for EDR Sensor • Microsoft Security Eve Kernel • Microsoft Security Events Component Minifilter • Microsoft Security Events Component Minifilter driver • "MsSecFlt". It is a minifilter that inspects the file system. Minifilter is also known as file system filte...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This category contains scripts to disable Windows security notifications. Windows sends security notifications to inform users of potential threats, vulnerabilities, and important security events. These notifications are generated by security components like Windows Security and Defender Antivirus. Disabling these notifications may: Enhance privacy by reducing visible security-related information on your screen • Improve system performance slightly by preventing these alerts from being processed...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category focuses on disabling the SmartScreen and its features and components. SmartScreen is known also as "Windows SmartScreen", "Windows Defender SmartScreen", "Microsoft Defender SmartScreen", "Phishing Filter", and "SmartScreen Filter". It protects users from phishing attacks, malware websites, and potentially harmful downloads by assessing webpage safety and comparing sites and downloads against lists of known threats. However, it also sends URLs and file information to Microsoft serv...
This script disables the "App Install Control" feature of SmartScreen. This feature restricts app installations exclusively to those from the Microsoft Store. It displays "The app you're trying to install isn't a Microsoft-verified app" message during app installation. By default, this feature is turned off. Disabling SmartScreen automatically deactivates it as well. This script explicitly deactivates the feature to guarantee it remains disabled. Once disabled, SmartScreen permits users to insta...
This script disables the SmartScreen checks for apps and files. SmartScreen protects users by warning them before running potentially malicious programs downloaded from the internet. This warning appears as a dialog box before you run an unrecognized or known malicious app downloaded from the internet. These checks are part of SmartScreen's reputation-based protection. This feature is enabled by default. Microsoft collects data about the files and programs you run when this feature is enabled....
This category contains scripts to disable SmartScreen's Enhanced Phishing Protection feature, which monitors password usage and sends data to Microsoft. This feature collects information from suspicious websites or apps to identify security threats when users enter their passwords. It was introduced in Windows 11, version 22H2, and is technically identified as "webthreatdefense" (Web Threat Defense). This feature raises several privacy concerns, including: Monitoring of password entries acro...
This script disables the Warn me about password reuse feature in Defender SmartScreen's Enhanced Phishing Protection. The script prevents SmartScreen from warning users when they reuse their work or school password across different services. The feature aims to encourage users to change reused passwords. This feature is off by default. By explicitly disabling it, the script ensures it remains inactive persistently. This script improves privacy by reducing the password-related data shared...
This script disables the Enhanced Phishing Protection warnings in Defender SmartScreen related to potentially malicious password entry scenarios. By default, these warnings are turned off. This script ensures it remains disabled. Disabling this feature stops warnings from appearing when users enter their work or school passwords into potentially malicious websites or applications. This option is also known as Warn me about malicious apps and sites. It warns users when they enter their wo...
This script disables Defender SmartScreen's Enhanced Phishing Protection feature that warns users about unsafe password storage. This feature warns you when you enter passwords in apps such as Notepad, Word, OneNote, or Excel. This option is known as Warn me about unsafe password storage. By default, this feature is disabled This script explicitly disables this feature to maintain the default behavior consistently. This script enhances privacy by preventing Microsoft from monitoring ...
This script disables Enhanced Phishing Protection in Microsoft Defender SmartScreen on Windows. Enhanced Phishing Protection monitors and captures unsafe password entries, sending telemetry data to Microsoft Defender. In audit mode, users are not notified about potential security risks. Running this script fully disables Enhanced Phishing Protection. It will no longer capture events, send telemetry, or notify users. Users will not be able to re-enable it through the graphical interface. This scr...
This script disables automatic data collection by SmartScreen's Enhanced Phishing Protection. Enhanced Phishing Protection collects additional information when users enter their work or school passwords on suspicious websites or apps. This information may include displayed content, played sounds, and application memory. Microsoft uses this data to enhance SmartScreen's ability to identify malicious websites or apps. This data helps Defender SmartScreen determine if the user entered t...
This script disables the Enhanced Phishing Protection telemetry feature in Windows. Enhanced Phishing Protection collects data on phishing attacks to improve Microsoft's security products. It shares this data across Microsoft's security suite, including Microsoft Defender for Endpoint. This feature allows organizations to monitor unsafe password usage through alerts and reports in the Microsoft 365 Defender Portal. This script enhances your privacy by: Preventing data collection and sharing rela...
This script disables the user interface for Enhanced Phishing Protection on Windows. Enhanced Phishing Protection is a feature in Windows 11 that aims to protect users from phishing attacks. This feature monitors the passwords you enter and warns you if a site may be malicious. This script prevents Enhanced Phishing Protection from displaying warnings and prompts. It does not stop the underlying monitoring but disables only the visual warnings and prompts. This may enhance privacy perception by ...
This script disables the "webthreatdefsvc" and "webthreatdefusersvc" services. These services enhance security by monitoring for unauthorized access to user credentials. However, these services also collect telemetry and sensor data, raising privacy concerns. Disabling these services reduces this data collection, thereby enhancing privacy. Additionally, these services require opening firewall ports and running background services, which may increase your attack surface and reduce security. Disab...
This category includes scripts to disable SmartScreen for apps and files. SmartScreen is a security feature that checks the reputation of apps and files you download or run. It's part of Windows' reputation-based protection system. Key points about SmartScreen for apps and files: It blocks unrecognized apps and files that may be potentially harmful. • It performs reputation checks on downloaded programs and their digital signatures. • If an app, file, or digital signature has an established good...
This category includes scripts to disable SmartScreen for Microsoft Store apps. SmartScreen for Microsoft Store apps is a security feature that: Checks content used by Microsoft Store apps. • Can restrict app installations to only those from the Microsoft Store. • Scans web content (URLs) accessed by Microsoft Store apps. It's part of Windows' broader Reputation-based protection system. Disabling this feature can: Enhance privacy by reducing data sent to Microsoft for content and app checks....
This category provides scripts to disable SmartScreen in Microsoft browsers. SmartScreen is a security feature in Edge. When you visit websites or download files, SmartScreen checks the reputation of the URL or file. If SmartScreen determines that the site or file is malicious, it blocks access or download. SmartScreen is enabled by default in Microsoft Edge. SmartScreen feature raises privacy concerns because it sends unhashed URLs, downloaded files, applications being run, IP addresses, and th...
This script disables COM SmartScreen integrations within Windows. SmartScreen is a security feature that aims to protect your device from harmful applications, files, and websites by comparing items with a database of known threats. COM (Component Object Model) objects are software components that let different programs communicate. These integrations allow SmartScreen to interact with various Windows components. Disabling these components disrupts SmartScreen's functionality. This scrip...
This script disables essential SmartScreen libraries, limiting their functionality and preventing their use by other programs. A library is a set of code and resources that help programs operate. A DLL (Dynamic Link Library) contains code and data that multiple programs can use simultaneously. Disabling these libraries stops SmartScreen operations across applications. This enhances your privacy by eliminating SmartScreen data collection. It improves security by reducing the system's attack s...
This script stops the "smartscreen.exe" process and prevents it from running. This process is officially known as Windows Defender SmartScreen. It manages the SmartScreen functionality. Disabling SmartScreen enhances privacy by preventing outbound network connections that transmit your data. Even when disabled, SmartScreen continues running in the background. It also improves system performance by reducing CPU usage. However, disabling the SmartScreen process may compromise your security by re...
This category includes scripts that disable SmartScreen system components. SmartScreen is a security feature in Windows that helps protect your device from potentially harmful applications, files, and websites. Its components run in the background as part of the operating system. Disabling these components may: Improve privacy by reducing data collection used for SmartScreen functionality. • Increase system performance by eliminating background processes. • Enhance security by removing potential...
This script disables the web content checking feature of SmartScreen for Microsoft Store apps. SmartScreen scans web content (URLs) accessed by Microsoft Store apps to enhance security. SmartScreen is enabled by default. Initially, this feature was known as SmartScreen Filter for Microsoft Store apps. Later, it was renamed to "SmartScreen for Microsoft Store apps". It is part of SmartScreen's reputation-based protection. Disabling this feature enhances your privacy by reducing data shared with...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script disables the System Guard Runtime Monitor Broker service and its associated process. The System Guard Runtime Monitor Broker service monitors and verifies Windows platform integrity. It handles attestation and reporting functions. It assists assertions of System Guard Runtime Monitor (SGRM). This enables management systems such as Intune and SCCM to collect integrity data. It supports remote actions such as blocking access to compromised devices. The service manag...
This script disables the System Guard Runtime Monitor Agent, a kernel driver within Windows' security infrastructure. The System Guard Runtime Monitor Agent is a kernel-mode component of System Guard that runs in the Secure Kernel. The Secure Kernel operates in a more secure and isolated environment called "VTL1" (Virtual Trust Level 1), while the normal NT kernel runs in a virtualized environment called "VTL0". This separation adds another layer of security. It provides essential fu...
This script disables System Guard security checks, also called assertions. System Guard assertions are measurements of sensitive system properties in real time. They help detect subtle security threats by assessing the system's security. However, this monitoring may compromise privacy by sharing system health data with external services. This script enhances privacy by preventing the sharing of system health data. It may also improve performance by reducing the overhead from security checks....
This script disables the Secure Enclave, a component of the System Guard feature in Windows. The Secure Enclave is also known as the assertion engine. It continuously monitors and checks system integrity during runtime, assessing the system's security state. It is a core component of System Guard. This engine can send collected data to cloud or third-party providers. This script enhances privacy by preventing system integrity data from being shared externally. It may also imp...
This script disables the System Guard Runtime Monitor LPAC (Least-Privileged AppContainer) process. This process is part of the System Guard Runtime Monitor (SGRM) functionality. SGRM is a Windows security feature that monitors the system for potential tampering. • LPAC (Least-Privileged AppContainer) means this component operates in a restricted environment for enhanced security. Its exposes information through: RPC allows different software programs to communicate, even if they...
This script disables System Guard Secure Launch, a security feature in Windows. Secure Launch is also known as Virtualization Based Security (VBS) or firmware protection. This feature enhances startup security on Windows systems. It was initially introduced in Windows 10 version 1809. It protects the Virtualization Based Security (VBS) environment from vulnerabilities in device firmware. VBS, in Windows, refers to a security technology that uses hardware virtualization to...
This category disables features that restrict system modifications in Windows. This enables deeper system modifications, enhancing privacy by allowing the removal or disabling of data-collecting components like Defender. These features raise several concerns: Less user control: • Users can't fully control what software runs on their own machines. • It moves security control from device owners to hardware manufacturers and software vendors. • Vendor lock-in: • It restricts the ability to use,...
This script disables the Tamper Protection feature. Tamper Protection is a security feature that blocks unauthorized changes to key Defender Antivirus settings. These settings include real-time protection, behavior monitoring, and cloud-delivered protection. By default, Tamper Protection is enabled. It is available in all editions of Windows since Windows 10, version 1903. Disabling Tamper Protection may increase privacy and control over your system by allowing you to: Change...
This script disables Virtualization-based Security (VBS) in Windows. Virtualization-based security (VBS) uses hardware virtualization to create an isolated, secure environment. This environment helps protect vital system and operating system resources, as well as security assets like authenticated user credentials. VBS requires Secure Boot to run. VBS includes a memory integrity feature, also called hypervisor-protected code integrity (HVCI) and hypervisor enforced code integri...
This script disables Defender Antivirus's boot-time logging. Defender Antivirus uses AutoLogger sessions. The AutoLogger event tracing session records events that occur early in the operating system boot process. Applications and device drivers can use the AutoLogger session to capture traces before the user logs in. Disabling these loggers reduces the data Defender Antivirus collects during system startup. This may increase privacy by limiting the information gathered about your...
This script disables the Windows Security Health Agent (WSHA). WSHA is a component that transmits a client's security health state to a network policy server. It sends a summary of Windows Update-related information. This data transmission may raise privacy concerns for users who wish to limit the information shared with Microsoft or network administrators. By disabling WSHA, this script improves privacy by preventing the automatic sending of system health and update information. It may also sli...
This script disables the Windows Security Health Core component. Windows Security Health Core is a system library that manages security settings, monitors system integrity, and interfaces with various security features. It provides status information to both the system and users, handling security-related Windows services. Disabling this component may enhance privacy by limiting the system's monitoring and reporting of security-related activities. It may slightly improve system performance by re...
This script disables Windows Security Health components, including COM objects and files that exchange security information between Windows processes. Windows Security is a built-in tool that provides a central interface for security features such as antivirus protection. Security Health is a component that reports system health information. It uses a specific protocol and COM objects to communicate with other processes. COM (Component Object Model) is a system that allows software c...
This script disables the Windows Security Health UDK component. The Windows Security Health UDK is a core library that manages key aspects of Windows Security. UDK stands for Undocked Developer Kit, Undocked Dev Kit, Windows UDK. It's also referred to as Undocked Shell. It coordinates shell experiences (user interfaces) and adds new features to the Windows desktop independently of full system updates. This component's key functions include: Providing security-related services • M...
This category offers scripts to disable or modify different aspects of the Windows Security user interface, formerly known as Windows Defender Security Center. Windows Security is a centralized interface managing various Windows security features. It evolved from Windows Defender, initially a standalone antivirus with its own interface. Over time, Microsoft separated the management interface from the core antivirus component. The evolution of Windows Security: 1. With launch of W...
This category provides options to disable various notifications from Windows Security. Windows Security, built into Windows, provides a centralized interface for managing security settings and viewing system status. It was first introduced in Windows 10, version 1703. Initially, it was called Windows Defender Security Center. It displays notifications via the Notification Center (formerly Action Center). Windows Security notifications inform users about device health and security...
This script disables the Windows Security service. Microsoft refers to this service as: Security Center Service • Security Center • Security Center (wscsvc) Service • WSCSVC (Windows Security Center) service • Windows Security Center Service Windows Security Center is renamed to Windows Security in newer versions of Windows. This service monitors and reports security health settings on your computer. These settings include the status of protective software, system updates, and critical s...
This script disables the Windows Security service ("wscsvc") communication with other security software. The Windows Security uses APIs (special programming tools) that allow security programs to share their status with Windows. In recent Windows versions, this service is part of Windows Security (formerly Windows Security Center). Disabling these interfaces may enhance privacy by limiting the information shared about your system's security status. It may also improve system performance ...
This script disables Windows Security-related notifications on the Windows taskbar. It removes taskbar integrations (AppUserModelId) for Windows Security components. Windows Security is also called Security Center in older versions of Windows. AppUserModelIds link processes, files, and windows to specific applications, organizing them on the Windows taskbar, managing Jump Lists, and controlling pinning. This script may enhance privacy by reducing the visibility of security-related informat...
This category prevents Windows Update from automatically downloading and installing device drivers. A device driver is essential software that enables Windows to communicate with your computer's hardware components. For example: Graphics cards need drivers to display images properly • Printers need drivers to print documents • Mice and keyboards need drivers to function correctly By default, Windows downloads two types of updates for your devices automatically: Device drivers: Software that ...
This script blocks Windows from automatically downloading device drivers through Windows Update. By default, Windows uses Windows Update to search for driver updates. This script redirects driver searches from Microsoft's servers to your managed server. This prevents Windows from using Windows Update (WU) for driver searches. This script enhances privacy by: Preventing automatic driver data collection by Microsoft • Keeping your system's hardware information within your organization • Reducing u...
This script prevents Windows Update from automatically downloading and installing device driver updates. By default, Windows Update includes driver updates alongside regular system updates. With this script, driver updates will no longer be included in Windows updates. This script improves your privacy by: Blocking automatic connections to third-party driver servers • Reducing data collection during driver installations • Allowing you to control which drivers are updated and when Windows Update ...
This script disables automatic and manual driver updates through Windows Update. The Windows Update driver wizard is also called Hardware Update Wizard or Update Driver Software Wizard. This tool automatically installs and updates device drivers during Windows Updates or when new hardware is connected. This script disables these automatic driver updates via Windows Update. While automatic updates are convenient, they may install unwanted or outdated drivers, impacting system stability an...
This script prevents Windows Update from automatically finding and installing device drivers. By default, Windows Update searches for device drivers when new hardware is connected. This search aims to find the best drivers, even with limited network access. While automatic driver installation is convenient, it can cause system stability issues: Windows may install drivers incompatible with your hardware • You lose control over the driver versions you prefer to use This script blocks Windows Upd...
This script prevents Windows from searching Windows Update for device drivers when local drivers are not found. By default, Windows automatically searches Windows Update for device drivers. Windows searches for drivers in the following order: Local installation • Removable media (USB drives, CD-ROMs) • Windows Update Running this script removes Windows Update from the driver search locations. It also removes the Windows Update option from the driver installation wizard dialog. After running this...
This script stops Windows from downloading device information and updates from the internet automatically. When you connect a new device to your computer, Windows typically downloads: Software enabling Windows to communicate with your hardware High-resolution icons, product details, and manufacturer information Device drivers: • Device metadata (or device information): By default, Windows automatically searches and downloads this information to help you: Identify and distinguish betw...
This category includes scripts to disable scheduled tasks that are associated with the automatic functioning of the Windows Update service. These tasks are responsible for various background update-related activities such as checking for updates, downloading, and installing them in the background without user intervention. Disabling these tasks grants users more control over when and how updates are applied. This approach is often preferred by those wishing to manually manage updates or avoid un...
The scripts in this category offer users the ability to control Windows services related to system updates. These services manage how and when your system receives updates from Microsoft. By limiting or disabling these services, users can decide when to update their system, reducing unexpected changes. Moreover, a system with fewer running services uses fewer resources, which can improve overall performance. Disabling these update services is also a privacy measure. Some updates can change priva...
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script allows users to bypass SmartScreen warnings in Edge (Legacy). Edge (Legacy) features a SmartScreen filter that warns users about potentially malicious websites and file downloads. By default, this feature allows users to ignore these warnings and proceed to download files. This script keeps this option, enhancing user privacy by minimizing data sent to Microsoft. Disabling this feature reduces potential privacy risks by preventing data sharing. This may also improve system performanc...
This script allows users to bypass SmartScreen warnings in Edge. Edge's SmartScreen shows warnings about potentially malicious websites. By default, users can override SmartScreen warnings and visit the site. This script maintains this option, enhancing privacy by minimizing data sent to Microsoft. Maintaining this option in its default state reduces potential privacy risks by limiting data sharing with Microsoft. This may also improve system performance by reducing processing workload. While ke...
This script allows users to bypass Edge SmartScreen warnings when downloading files. Microsoft Defender SmartScreen warns users about potentially unsafe downloads. By default, users can bypass Microsoft Defender SmartScreen warnings and complete unverified downloads. This script maintains the default option, enabling users to bypass SmartScreen warnings if chosen. This script allows users to override these warnings. This enhances user privacy by reducing the amount of data sent to Microsoft for ...
This script disables SmartScreen app blocking, allowing apps to bypass its warnings. SmartScreen is a security feature that protects users by displaying warnings before running potentially harmful programs. These warnings help prevent the execution of suspicious applications. This feature is enabled by default on Windows. SmartScreen sends data to Microsoft about the files and applications run on the system. This raises privacy concerns because it involves collecting user behavior data. The Cent...
This script allows users to bypass SmartScreen warnings for Microsoft Store apps. SmartScreen is a security feature that filters web content accessed by Microsoft Store apps. By default, SmartScreen allows users to bypass its warnings. This script keeps the default setting. Enabling SmartScreen bypass may enhance privacy by reducing data shared with Microsoft. It increases user control over security checks and may improve system performance by removing an additional security check. However, this...
This category includes scripts designed to extend the intervals between automatic updates. These scripts provide users with greater control over the timing of system updates. By adjusting the schedule of these updates, users can minimize interruptions and potential system instability associated with frequent updates.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script provides control over when and how often Windows feature updates and preview builds occur. These updates bring major changes to the operating system, affecting functionality and user privacy. Key aspects of Windows feature updates include: Protecting against behavioral issues. • Adding new features. Registry keys - The script modifies various Group Policy (GPO), state, and Mobile Device Management (MDM) keys. Group Policy (GPO) keys: Used for pausing updates in older Windows 10 versi...
This script extends the time between mandatory quality updates, which include security patches. Delaying these updates helps prevent frequent system reboots and disruptions, aiding productivity in professional and critical settings. Registry keys - The script modifies various Group Policy (GPO), state, and Mobile Device Management (MDM) keys. Group Policy (GPO) keys: Defers updates and upgrades in earlier versions of Windows 10 (1511). Pauses quality updates for up to 35 days, or until the setti...
This script extends the time between updates and upgrades, but only works on older Windows versions (version 1511 and earlier). The script modifies the following keys: Sets the device to a more predictable update schedule. Pauses quality updates. Determines the delay period for updates. Determines the delay period for upgrades. Pauses upgrades for up to 4 weeks. Pauses upgrades for up to 8 months. Supported values range from 0 to 8, representing the number of months to defer upgrades. Pauses upd...
This script maximizes the pause duration for system updates via the settings interface. It postpones both feature and quality updates in Windows 10 and Windows 11. This is particularly useful for those preferring fewer interruptions from regular updates. By default, the following registry keys are absent in Windows 10 and Windows 11 and are added only when updates are paused through the user interface: "HKLM\\SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings!PauseFeatureUpdatesStartTime" • `HKLM\\SOFTW...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs "PowerShell -ExecutionPolicy Unrestricted...".
This category configures Windows using 10 scripts. These scripts are organized in 1 categories. The category includes 7 subscripts and 1 subcategories that include more scripts and categories.
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".
This script removes the Scan with Microsoft Defender option from the right-click context menu. This script enhances user privacy by limiting engagement with Defender's data collection processes. Defender may collect data during scans and at regular intervals, which some users may find unnecessary or unwanted. Removing this option only affects the context menu appearance and does not disable Defender or its other functions. Technical Details - The script functions by altering specific registr...
This script removes the "Windows Security" app, known as "SecHealthUI". This app serves as the interface for Windows Security, helping users monitor and manage their computer's security. It provides alerts and guidance on vulnerabilities through the Action Center. However, uninstalling the "Windows Security" app has significant implications: It may increase vulnerability to threats by no longer alerting users about security issues or communicating updates through the Action Center. • Disabling i...
This script removes the Windows Security icon from the system tray. Windows Security is an interface introduced in Windows 10, version 1703. It was previously named Windows Defender Security Center. It offers a unified interface to manage security settings and monitor system status. The icon in the system tray is controlled by the "SecurityHealthSystray.exe" file. Technical Details - The script modifies the registry to stop this file from running on startup, effectively removing the icon...
This script configures Windows using Batch (batchfile).It can be restored. It runs ":: Set the registry value:...".