Disable Defender Antivirus minifilter driver

Apply Now

Works with Windows 10 and 11Works with Windows Vista, XP, 7, 8, 10, 11, and Windows Server 2008 or newer.

• Single actionThis page belongs to a script, containing basic changes to achieve a task.
• Windows onlyThis script improves your privacy on Windows
• Impact: HighSystem Functionality Loss Risk: High
  This action improves privacy with high impact when you run the recommended script.
• Batch (batchfile)These changes use Windows system commands to update your settings.
• Fully reversible

  You can fully restore this action (revert back to the original behavior) using this website.

  The restore/revert methods provided here can help you fix issues.

Overview

This script disables Defender's core monitoring component that tracks and controls your system activities.

This component has several names, including:

• Windows Defender Mini-Filter Driver ^{1 2}
• Microsoft antimalware file system filter driver ³
• Microsoft Defender Antivirus On-Access Malware Protection Mini-Filter Driver ^{3 4}
• Windows Defender Real-Time scanning filesystem filter driver ⁵
• Windows Defender On-Access Malware Protection Mini-Filter Driver ²
• Microsoft Defender Antivirus Mini-Filter Driver ⁴

This driver is a component of Defender Antivirus ^{6 7 8} and Defender for Endpoint ⁹. It runs at the deepest level of Windows and monitors your system activities ¹⁰.

The driver has these primary functions:

• Monitors and restricts activities such as:
  • File system operations ^{10 11 12 13}
  • Process creation and termination ^{10 11 12 13 14 15}
  • Windows registry operations ^{11 12 13 16 17}
  • System drivers and boot processes ¹⁵
  • Dev Drive (storage volumes used for development) ¹⁸
• Collects and reports telemetry on system activity ¹¹
• Enables communication between Defender components ^{11 12 19} such as MsMpEng.exe ^{13 15 19}
• Provides security features such as:
  • Endpoint Detection and Response (EDR) capabilities ⁶, sending telemetry ²⁰
  • Data Loss Prevention (DLP) ¹¹ to prevent unauthorized data sharing
  • Tamper Protection to restrict system modifications ¹⁶
  • Host Intrusion Prevention System (HIPS) ¹⁴

This script enhances privacy by:

• Stopping continuous system monitoring by Windows Defender
• Blocking the collection of system activity data
• Reducing telemetry sent to Microsoft
• Limiting surveillance capabilities
• Allowing deeper privacy configurations, including disabling Defender

This script may improve system performance by:

• Reducing background activities
• Using less system resources
• Removing file system slowdowns

This script may increase system stability. This driver can sometimes cause system crashes (blue screen errors) ^{3 5 12}. Disabling it may prevent these issues ^{1 21}.

However, it may reduce your security by:

• Impairing real-time malware protection
• Removing protection against unauthorized system changes
• Stopping monitoring of suspicious process activities
• Disabling protection of sensitive system files

Caution

This action may leave your system more vulnerable to malware and unwanted changes.

Technical Details

The driver is installed by Windows-Defender-Drivers package ²².

This script:

• Removes HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance!Altitude ¹⁶
  • This method worked on older versions of Defender Antivirus before April 2024 ¹⁶
  • Tests show on modern Windows versions (Windows 10 Pro ≥ 22H2, Windows 11 Pro ≥ 21H2), the operation reports success but the value remains unchanged.
• Disables the WdFilter driver service ^{2 3}
• Removes the driver file at %SYSTEMROOT%\System32\drivers\WdFilter.sys ^{2 3 4}

Overview of default service statuses

OS Version	Status	Start type
Windows 10 (≥ 22H2)	🟢 Running	Boot
Windows 11 (≥ 23H2)	🟢 Running	Boot

1. Not Advised

   This script should only be used by advanced users.

   This script is not recommended for daily use as it breaks important functionality.

   Consider creating a system restore point before doing any changes.

2. Security Trade-off

   This action prioritizes privacy over certain security features. It's not recommended and should only be used by advanced users after understanding its implications.

   Increased Privacy

   Enhanced privacy through reduced data collection and tracking

   Decreased Security

   Some security features will be disabled or limited

   This script can be reversed, this allows you to restore the default system security.

Sources

PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

• PAGE FAULT IN NONPAGED AREA (WdFilter.sys) Blue Screen. thewindowsclub.com. (2024).
  Original: https://www.thewindowsclub.com/page-fault-in-nonpaged-area-wdfilter-sys
  Archived: https://archive.ph/2024.10.27-163912/https://www.thewindowsclub.com/page-fault-in-nonpaged-area-wdfilter-sys
• Windows Defender Mini-Filter Driver - Windows 8 Service - batcmd.com. batcmd.com. (2024).
  Original: https://batcmd.com/windows/8/services/wdfilter
  Archived: https://archive.ph/2024.10.27-163919/https://batcmd.com/windows/8/services/wdfilter/
• Microsoft Defender Antivirus Mini-Filter Driver - Windows 11 Service - batcmd.com. batcmd.com. (2024).
  Original: https://batcmd.com/windows/11/services/wdfilter
  Archived: https://archive.ph/2024.10.27-163923/https://batcmd.com/windows/11/services/wdfilter/
• Microsoft Defender Antivirus Mini-Filter Driver - Windows 10 Service - batcmd.com. batcmd.com. (2024).
  Original: https://batcmd.com/windows/10/services/wdfilter
  Archived: https://archive.ph/2024.10.27-163930/https://batcmd.com/windows/10/services/wdfilter/
• SOLUTION: bootrec /fixboot Access is Denied. Triple-S Computers Blog – Louisville, KY computer repair specialist. triplescomputers.com. (2024).
  Original: https://triplescomputers.com/blog/uncategorized/solution-bootrec-fixboot-access-is-denied
  Archived: https://archive.ph/2024.10.27-163936/https://triplescomputers.com/blog/uncategorized/solution-bootrec-fixboot-access-is-denied/
• When the hunter becomes the hunted: Using custom callbacks to disable EDRs. www.alteredsecurity.com. (2024).
  Original: https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs
  Archived: https://archive.ph/2024.10.27-163942/https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs
• Antimalware support on UWF-protected devices. Microsoft Learn. learn.microsoft.com. (2024).
  Original: https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/uwf-antimalware-support
  Archived: https://archive.ph/2024.10.27-165820/https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/uwf-antimalware-support
• Configure antivirus software to work with SQL Server - SQL Server. Microsoft Learn. learn.microsoft.com. (2024).
  Original: https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/security/antivirus-and-sql-server
  Archived: https://archive.ph/2024.10.27-164210/https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/security/antivirus-and-sql-server
• Troubleshoot Microsoft Defender for Endpoint onboarding issues - Microsoft Defender for Endpoint. Microsoft Learn. learn.microsoft.com. (2024).
  Original: https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-onboarding
  Archived: https://web.archive.org/web/20240717094647/https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-onboarding
• An unexpected journey into Microsoft Defender's signature World — retooling_. retooling.io. (2024).
  Original: https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
  Archived: https://web.archive.org/web/20240930174756/https://retooling.io/blog/an-unexpected-journey-into-microsoft-defenders-signature-world
• 10_0_22622_601/C/Windows/System32/drivers/WdFilter.sys.strings at c598035e1a6627384d646140fe9e4d234b36b11d · privacysexy-forks/10_0_22622_601. github.com. (2024).
  Original: https://github.com/privacysexy-forks/10_0_22622_601/blob/c598035e1a6627384d646140fe9e4d234b36b11d/C/Windows/System32/drivers/WdFilter.sys.strings
  Archived: https://archive.ph/2024.10.27-164028/https://github.com/privacysexy-forks/10_0_22622_601/blob/c598035e1a6627384d646140fe9e4d234b36b11d/C/Windows/System32/drivers/WdFilter.sys.strings
• Dissecting the Windows Defender Driver - WdFilter (Part 1) :: Up is Down and Black is White — n4r1b. n4r1b.com. (2024).
  Original: https://n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1
  Archived: https://archive.ph/2024.10.27-164137/https://n4r1b.com/posts/2020/01/dissecting-the-windows-defender-driver-wdfilter-part-1/
• Dissecting the Windows Defender Driver - WdFilter (Part 2) :: Up is Down and Black is White — n4r1b. n4r1b.com. (2024).
  Original: https://n4r1b.com/posts/2020/02/dissecting-the-windows-defender-driver-wdfilter-part-2
  Archived: https://archive.ph/2024.10.27-164049/https://n4r1b.com/posts/2020/02/dissecting-the-windows-defender-driver-wdfilter-part-2/
• Windows Defender Handle Exploration - saza.RE. saza.re. (2024).
  Original: https://saza.re/posts/handle_exploration
  Archived: https://archive.ph/2024.10.27-164055/https://saza.re/posts/handle_exploration/
• Dissecting the Windows Defender Driver - WdFilter (Part 3) :: Up is Down and Black is White — n4r1b. n4r1b.com. (2024).
  Original: https://n4r1b.com/posts/2020/03/dissecting-the-windows-defender-driver-wdfilter-part-3
  Archived: https://archive.ph/2024.10.27-164102/https://n4r1b.com/posts/2020/03/dissecting-the-windows-defender-driver-wdfilter-part-3/
• Breaking through Defender's Gates - Disabling Tamper Protection and other Defender components. alteredsecurity.com. (2024).
  Original: https://www.alteredsecurity.com/post/disabling-tamper-protection-and-other-defender-mde-components
  Archived: https://web.archive.org/web/20240725101722/https://www.alteredsecurity.com/post/disabling-tamper-protection-and-other-defender-mde-components?ref=news.risky.biz
• Dissecting the Windows Defender Driver - WdFilter (Part 4) :: Up is Down and Black is White — n4r1b. n4r1b.com. (2024).
  Original: https://n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4
  Archived: https://archive.ph/2024.10.27-164114/https://n4r1b.com/posts/2020/04/dissecting-the-windows-defender-driver-wdfilter-part-4/
• Set up a Dev Drive on Windows 11. Microsoft Learn. learn.microsoft.com. (2024).
  Original: https://learn.microsoft.com/en-us/windows/dev-drive
  Archived: https://web.archive.org/web/20241007150442/https://learn.microsoft.com/en-us/windows/dev-drive/
• Investigating Filter Communication Ports – Winsider Seminars & Solutions Inc.. windows-internals.com. (2024).
  Original: https://windows-internals.com/investigating-filter-communication-ports
  Archived: https://archive.ph/2024.10.27-164443/https://windows-internals.com/investigating-filter-communication-ports/
• What Is EDR? Endpoint Detection and Response. Microsoft Security. www.microsoft.com. (2024).
  Original: https://www.microsoft.com/en-us/security/business/security-101/what-is-edr-endpoint-detection-response
  Archived: https://archive.ph/2024.10.27-164213/https://www.microsoft.com/en-us/security/business/security-101/what-is-edr-endpoint-detection-response
• WdFilter.sys & boot loop. Wim's Space. wvdvegt.wordpress.com. (2024).
  Original: https://wvdvegt.wordpress.com/2019/05/30/wdfilter-sys-boot-loop
  Archived: https://archive.ph/2024.10.27-164210/https://wvdvegt.wordpress.com/2019/05/30/wdfilter-sys-boot-loop/
• nickel-x64/WinSxS/Manifests/amd64_windows-defender-drivers_31bf3856ad364e35_10.0.22621.1_none_5262daf3e8f76071.manifest at b3f8c9549e49f2a92b401b3809b210d5f78190ba · privacysexy-forks/nickel-x64. github.com. (2024).
  Original: https://github.com/privacysexy-forks/nickel-x64/blob/b3f8c9549e49f2a92b401b3809b210d5f78190ba/WinSxS/Manifests/amd64_windows-defender-drivers_31bf3856ad364e35_10.0.22621.1_none_5262daf3e8f76071.manifest
  Archived: https://archive.ph/2024.10.27-164219/https://github.com/privacysexy-forks/nickel-x64/blob/b3f8c9549e49f2a92b401b3809b210d5f78190ba/WinSxS/Manifests/amd64_windows-defender-drivers_31bf3856ad364e35_10.0.22621.1_none_5262daf3e8f76071.manifest

Apply Now

Choose one of three ways to apply:

Download script

Download and run the script directly

• No app needed
• Offline usage
• Easy-to-apply
• Free
• Open-source

Apply protection

Undo protection

Help

How to apply or restore "Disable Defender Antivirus minifilter driver" using script

• ≈ 2 min to complete
• Tools: Web Browser
• Difficulty: Simple
• ≈ 5 instructions

1. 1

   Download

   Download the script file by clicking on the   Apply protection  button above.
   Use   Undo protection button above to restore changes.
2. 2

   Keep the file

   If warned by your browser, keep the file.
3. 3

   Open

   Open the downloaded file.
4. 4

   Exit

   Once it's done, press any key to exit the window.
5. 5

   Restart

   Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks

• Recommended for most users
• Includes safety checks
• Free
• Open-source
• Popular
• Offline/Online usage

Open privacy.sexy

Help

How to apply or restore "Disable Defender Antivirus minifilter driver" using privacy.sexy

• ≈ 3 min to complete
• Tools: privacy.sexy
• Difficulty: Simple
• ≈ 4 instructions

privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.

1. 1

   Open or download

   Open or download the desktop application
2. 2

   Choose script

   1. Search for the script name: Disable Defender Antivirus minifilter driver
   2. Check the script by clicking on the checkbox.
3. 3

   Run

   Click on ▶️ Run button at the bottom of the page.

   This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Run commands

Copy and run commands manually Requires technical knowledge

Apply

Apply changes

:: Delete the registry value "Altitude" from the key "HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" 
PowerShell -ExecutionPolicy Unrestricted -Command "$keyName = 'HKLM\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance'; $valueName = 'Altitude'; $hive = $keyName.Split('\')[0]; $path = "^""$($hive):$($keyName.Substring($hive.Length))"^""; Write-Host "^""Removing the registry value '$valueName' from '$path'."^""; if (-Not (Test-Path -LiteralPath $path)) { Write-Host 'Skipping, no action needed, registry key does not exist.'; Exit 0; }; $existingValueNames = (Get-ItemProperty -LiteralPath $path).PSObject.Properties.Name; if (-Not ($existingValueNames -Contains $valueName)) { Write-Host 'Skipping, no action needed, registry value does not exist.'; Exit 0; }; try { if ($valueName -ieq '(default)') { Write-Host 'Removing the default value.'; $(Get-Item -LiteralPath $path).OpenSubKey('', $true).DeleteValue(''); } else { Remove-ItemProperty -LiteralPath $path -Name $valueName -Force -ErrorAction Stop; }; Write-Host 'Successfully removed the registry value.'; } catch { Write-Error "^""Failed to remove the registry value: $($_.Exception.Message)"^""; }"
:: Disable the service `WdFilter` using TrustedInstaller privileges
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$serviceQuery = ''WdFilter'''+"^""`r`n"^""+'$stopWithDependencies= $false'+"^""`r`n"^""+'<# -- 1. Skip if service does not exist #>'+"^""`r`n"^""+'$service = Get-Service -Name $serviceQuery -ErrorAction SilentlyContinue'+"^""`r`n"^""+'if(!$service) {'+"^""`r`n"^""+'    Write-Host "^""Service query `"^""$serviceQuery`"^"" did not yield any results, no need to disable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'$serviceName = $service.Name'+"^""`r`n"^""+'Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'<# -- 2. Stop if running #>'+"^""`r`n"^""+'if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is running, attempting to stop it."^""'+"^""`r`n"^""+'    try {'+"^""`r`n"^""+'        Write-Host "^""Stopping the service `"^""$serviceName`"^""."^""'+"^""`r`n"^""+'        $stopParams = @{ `'+"^""`r`n"^""+'            Name = $ServiceName'+"^""`r`n"^""+'            Force = $true'+"^""`r`n"^""+'            ErrorAction = ''Stop'''+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        if (-not $stopWithDependencies) {'+"^""`r`n"^""+'            $stopParams[''NoWait''] = $true'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'        Stop-Service @stopParams'+"^""`r`n"^""+'        Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""'+"^""`r`n"^""+'    } catch {'+"^""`r`n"^""+'        if ($_.FullyQualifiedErrorId -eq ''CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand'') {'+"^""`r`n"^""+'            Write-Warning "^""The service `"^""$serviceName`"^"" does not accept a stop command and may need to be stopped manually or on reboot."^""'+"^""`r`n"^""+'        } else {'+"^""`r`n"^""+'            Write-Warning "^""Failed to stop service `"^""$ServiceName`"^"". It will be stopped after reboot. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'        }'+"^""`r`n"^""+'    }'+"^""`r`n"^""+'} else {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 3. Skip if service info is not found in registry #>'+"^""`r`n"^""+'$registryKey = "^""HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName"^""'+"^""`r`n"^""+'if (-Not (Test-Path $registryKey)) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$registryKey`"^"" is not found in registry, cannot enable it."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 4. Skip if already disabled #>'+"^""`r`n"^""+'if( $(Get-ItemProperty -Path "^""$registryKey"^"").Start -eq 4) {'+"^""`r`n"^""+'    Write-Host "^""`"^""$serviceName`"^"" is already disabled from start, no further action is needed."^""'+"^""`r`n"^""+'    Exit 0'+"^""`r`n"^""+'}'+"^""`r`n"^""+'<# -- 5. Disable service #>'+"^""`r`n"^""+'try {'+"^""`r`n"^""+'    Set-ItemProperty `'+"^""`r`n"^""+'        -LiteralPath $registryKey `'+"^""`r`n"^""+'        -Name "^""Start"^"" `'+"^""`r`n"^""+'        -Value 4 `'+"^""`r`n"^""+'        -ErrorAction Stop'+"^""`r`n"^""+'    Write-Host ''Successfully disabled the service. It will not start automatically on next boot.'''+"^""`r`n"^""+'} catch {'+"^""`r`n"^""+'    Write-Error "^""Failed to disable the service. Error: $($_.Exception.Message)"^""'+"^""`r`n"^""+'    Exit 1'+"^""`r`n"^""+'}'; Invoke-AsTrustedInstaller $cmd"
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\WdFilter.sys" with additional permissions 
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\WdFilter.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"

Revert

Restore changes

Ijo6IFJlc3RvcmUgdGhlIHJlZ2lzdHJ5IHZhbHVlIFwiQWx0aXR1ZGVcIiBpbiBrZXkgXCJIS0xNXFxTWVNURU1cXEN1cnJlbnRDb250cm9sU2V0XFxTZXJ2aWNlc1xcV2RGaWx0ZXJcXEluc3RhbmNlc1xcV2RGaWx0ZXIgSW5zdGFuY2VcIiB0byBpdHMgb3JpZ2luYWwgdmFsdWUgXG5Qb3dlclNoZWxsIC1FeGVjdXRpb25Qb2xpY3kgVW5yZXN0cmljdGVkIC1Db21tYW5kIFwiJGRhdGEgPSAgJzMyODAxMCc7ICRyYXdUeXBlID0gJ1JFR19TWic7ICRyYXdQYXRoID0gJ0hLTE1cXFNZU1RFTVxcQ3VycmVudENvbnRyb2xTZXRcXFNlcnZpY2VzXFxXZEZpbHRlclxcSW5zdGFuY2VzXFxXZEZpbHRlciBJbnN0YW5jZSc7ICR2YWx1ZSA9ICdBbHRpdHVkZSc7ICRoaXZlID0gJHJhd1BhdGguU3BsaXQoJ1xcJylbMF07ICRwYXRoID0gXCJeXCJcIiQoJGhpdmUpOiQoJHJhd1BhdGguU3Vic3RyaW5nKCRoaXZlLkxlbmd0aCkpXCJeXCJcIjsgV3JpdGUtSG9zdCBcIl5cIlwiUmVzdG9yaW5nIHZhbHVlICckdmFsdWUnIGF0ICckcGF0aCcgd2l0aCB0eXBlICckcmF3VHlwZScgYW5kIHZhbHVlICckZGF0YScuXCJeXCJcIjsgaWYgKC1Ob3QgJHJhd1R5cGUpIHsgdGhyb3cgXCJeXCJcIkludGVybmFsIHByaXZhY3kkKFtjaGFyXTB4MDAyRSlzZXh5IGVycm9yOiBEYXRhIHR5cGUgaXMgbm90IHByb3ZpZGVkIGZvciBkYXRhICckZGF0YScuXCJeXCJcIjsgfTsgaWYgKC1Ob3QgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpKSB7IHRyeSB7IE5ldy1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU3RvcCB8IE91dC1OdWxsOyBXcml0ZS1Ib3N0ICdTdWNjZXNzZnVsbHkgY3JlYXRlZCByZWdpc3RyeSBrZXkuJzsgfSBjYXRjaCB7IHRocm93IFwiXlwiXCJGYWlsZWQgdG8gY3JlYXRlIHJlZ2lzdHJ5IGtleTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyB9OyB9OyAkY3VycmVudERhdGEgPSBHZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAkcGF0aCAtTmFtZSAkdmFsdWUgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUgfCBTZWxlY3QtT2JqZWN0IC1FeHBhbmRQcm9wZXJ0eSAkdmFsdWU7IGlmICgkY3VycmVudERhdGEgLWVxICRkYXRhKSB7IFdyaXRlLUhvc3QgJ1NraXBwaW5nLCBubyBjaGFuZ2VzIHJlcXVpcmVkLCB0aGUgcmVnaXN0cnkgZGF0YSBpcyBhbHJlYWR5IGFzIGV4cGVjdGVkLic7IEV4aXQgMDsgfTsgdHJ5IHsgJHR5cGUgPSBzd2l0Y2ggKCRyYXdUeXBlKSB7ICdSRUdfU1onIHsgJ1N0cmluZycgfTsgJ1JFR19EV09SRCcgeyAnRFdvcmQnIH07ICdSRUdfUVdPUkQnIHsgJ1FXb3JkJyB9OyAnUkVHX0VYUEFORF9TWicgeyAnRXhwYW5kU3RyaW5nJyB9OyBkZWZhdWx0IHsgdGhyb3cgXCJeXCJcIkludGVybmFsIHByaXZhY3kkKFtjaGFyXTB4MDAyRSlzZXh5IGVycm9yOiBGYWlsZWQgdG8gZmluZCBkYXRhIHR5cGUgZm9yOiAnJHJhd1R5cGUnLlwiXlwiXCI7IH07IH07IFNldC1JdGVtUHJvcGVydHkgLUxpdGVyYWxQYXRoICRwYXRoIC1OYW1lICR2YWx1ZSAtVmFsdWUgJGRhdGEgLVR5cGUgJHR5cGUgLUZvcmNlIC1FcnJvckFjdGlvbiBTdG9wOyBXcml0ZS1Ib3N0ICdTdWNjZXNzZnVsbHkgcmVzdG9yZWQgdGhlIHJlZ2lzdHJ5IHZhbHVlLic7IH0gY2F0Y2ggeyB0aHJvdyBcIl5cIlwiRmFpbGVkIHRvIHJlc3RvcmUgdGhlIHZhbHVlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH1cIlxuOjogUmVzdG9yZSB0aGUgc2VydmljZSBgV2RGaWx0ZXJgIHVzaW5nIFRydXN0ZWRJbnN0YWxsZXIgcHJpdmlsZWdlc1xuUG93ZXJTaGVsbCAtRXhlY3V0aW9uUG9saWN5IFVucmVzdHJpY3RlZCAtQ29tbWFuZCBcImZ1bmN0aW9uIEludm9rZS1Bc1RydXN0ZWRJbnN0YWxsZXIoJFNjcmlwdCkgeyAkcHJpbmNpcGFsU2lkID0gW1N5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXTo6bmV3KCdTLTEtNS04MC05NTYwMDg4ODUtMzQxODUyMjY0OS0xODMxMDM4MDQ0LTE4NTMyOTI2MzEtMjI3MTQ3ODQ2NCcpOyAkcHJpbmNpcGFsTmFtZSA9ICRwcmluY2lwYWxTaWQuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pOyAkc3RyZWFtRmlsZSA9IE5ldy1UZW1wb3JhcnlGaWxlOyAkc2NyaXB0RmlsZSA9IE5ldy1UZW1wb3JhcnlGaWxlOyB0cnkgeyAkc2NyaXB0RmlsZSA9IFJlbmFtZS1JdGVtIC1MaXRlcmFsUGF0aCAkc2NyaXB0RmlsZSAtTmV3TmFtZSAoJHNjcmlwdEZpbGUuQmFzZU5hbWUgKyAnLnBzMScpIC1Gb3JjZSAtUGFzc1RocnU7ICRTY3JpcHQgfCBPdXQtRmlsZSAkc2NyaXB0RmlsZSAtRW5jb2RpbmcgVVRGODsgJHRhc2tOYW1lID0gXCJeXCJcInByaXZhY3kkKFtjaGFyXTB4MDAyRSlzZXh5IGludm9rZVwiXlwiXCI7IHNjaHRhc2tzLmV4ZSAvZGVsZXRlIC90biAkdGFza05hbWUgL2YgMj4mMSB8IE91dC1OdWxsOyAkZXhlY3V0aW9uQ29tbWFuZCA9IFwiXlwiXCJwb3dlcnNoZWxsLmV4ZSAtRXhlY3V0aW9uUG9saWN5IEJ5cGFzcyAtRmlsZSAnJHNjcmlwdEZpbGUnICo+JjEgfCBPdXQtRmlsZSAtRmlsZVBhdGggJyRzdHJlYW1GaWxlJyAtRW5jb2RpbmcgVVRGOFwiXlwiXCI7ICRhY3Rpb24gPSBOZXctU2NoZWR1bGVkVGFza0FjdGlvbiAtRXhlY3V0ZSAncG93ZXJzaGVsbC5leGUnIC1Bcmd1bWVudCBcIl5cIlwiLUV4ZWN1dGlvblBvbGljeSBCeXBhc3MgLUNvbW1hbmQgYFwiXlwiXCIkZXhlY3V0aW9uQ29tbWFuZGBcIl5cIlwiXCJeXCJcIjsgJHNldHRpbmdzID0gTmV3LVNjaGVkdWxlZFRhc2tTZXR0aW5nc1NldCAtQWxsb3dTdGFydElmT25CYXR0ZXJpZXMgLURvbnRTdG9wSWZHb2luZ09uQmF0dGVyaWVzOyBSZWdpc3Rlci1TY2hlZHVsZWRUYXNrIC1UYXNrTmFtZSAkdGFza05hbWUgLUFjdGlvbiAkYWN0aW9uIC1TZXR0aW5ncyAkc2V0dGluZ3MgLUZvcmNlIC1FcnJvckFjdGlvbiBTdG9wIHwgT3V0LU51bGw7IHRyeSB7ICgkc2NoZWR1bGVTZXJ2aWNlID0gTmV3LU9iamVjdCAtQ29tT2JqZWN0IFNjaGVkdWxlLlNlcnZpY2UpLkNvbm5lY3QoKTsgJHNjaGVkdWxlU2VydmljZS5HZXRGb2xkZXIoJ1xcJykuR2V0VGFzaygkdGFza05hbWUpLlJ1bkV4KCRudWxsLCAwLCAwLCAkcHJpbmNpcGFsTmFtZSkgfCBPdXQtTnVsbDsgJHRpbWVvdXQgPSAoR2V0LURhdGUpLkFkZE1pbnV0ZXMoNSk7IFdyaXRlLUhvc3QgXCJeXCJcIlJ1bm5pbmcgYXMgJHByaW5jaXBhbE5hbWVcIl5cIlwiOyB3aGlsZSAoKEdldC1TY2hlZHVsZWRUYXNrSW5mbyAkdGFza05hbWUpLkxhc3RUYXNrUmVzdWx0IC1lcSAyNjcwMDkpIHsgU3RhcnQtU2xlZXAgLU1pbGxpc2Vjb25kcyAyMDA7IGlmICgoR2V0LURhdGUpIC1ndCAkdGltZW91dCkgeyBXcml0ZS1XYXJuaW5nICdTa2lwcGluZzogVGltZW91dCc7IGJyZWFrOyB9OyB9OyBpZiAoKCRyZXN1bHQgPSAoR2V0LVNjaGVkdWxlZFRhc2tJbmZvICR0YXNrTmFtZSkuTGFzdFRhc2tSZXN1bHQpIC1uZSAwKSB7IFdyaXRlLUVycm9yIFwiXlwiXCJGYWlsZWQsIGR1ZSB0byBleGl0IGNvZGU6ICRyZXN1bHQuXCJeXCJcIjsgfSB9IGZpbmFsbHkgeyBzY2h0YXNrcy5leGUgL2RlbGV0ZSAvdG4gJHRhc2tOYW1lIC9mIHwgT3V0LU51bGw7IH07IEdldC1Db250ZW50ICRzdHJlYW1GaWxlIH0gZmluYWxseSB7IFJlbW92ZS1JdGVtICRzdHJlYW1GaWxlLCAkc2NyaXB0RmlsZTsgfTsgfTsgJGNtZCA9ICckc2VydmljZVF1ZXJ5ID0gJydXZEZpbHRlcicnJytcIl5cIlwiYHJgblwiXlwiXCIrJyRkZWZhdWx0U3RhcnR1cE1vZGUgPSAnJ0Jvb3QnJycrXCJeXCJcImByYG5cIl5cIlwiKyc8IyAtLSAxLiBTa2lwIGlmIHNlcnZpY2UgZG9lcyBub3QgZXhpc3QgIz4nK1wiXlwiXCJgcmBuXCJeXCJcIisnJHNlcnZpY2UgPSBHZXQtU2VydmljZSAtTmFtZSAkc2VydmljZVF1ZXJ5IC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlJytcIl5cIlwiYHJgblwiXlwiXCIrJ2lmICghJHNlcnZpY2UpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIFdyaXRlLVdhcm5pbmcgXCJeXCJcIlNlcnZpY2UgcXVlcnkgYFwiXlwiXCIkc2VydmljZVF1ZXJ5YFwiXlwiXCIgZGlkIG5vdCB5aWVsZCBhbmQgcmVzdWx0cy4gUmV2ZXJ0IGNhbm5vdCBwcm9jZWVkLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIEV4aXQgMScrXCJeXCJcImByYG5cIl5cIlwiKyd9JytcIl5cIlwiYHJgblwiXlwiXCIrJyRzZXJ2aWNlTmFtZSA9ICRzZXJ2aWNlLk5hbWUnK1wiXlwiXCJgcmBuXCJeXCJcIisnV3JpdGUtSG9zdCBcIl5cIlwiUmVzdG9yaW5nIHJlZ2lzdHJ5IHNldHRpbmdzIGZvciBzZXJ2aWNlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgdG8gZGVmYXVsdCBzdGFydHVwIG1vZGUgYFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlYFwiXlwiXCIuXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKyc8IyAtLSAyLiBTa2lwIGlmIHNlcnZpY2UgaW5mbyBpcyBub3QgZm91bmQgaW4gcmVnaXN0cnkgIz4nK1wiXlwiXCJgcmBuXCJeXCJcIisnJHJlZ2lzdHJ5S2V5ID0gXCJeXCJcIkhLTE06XFxTWVNURU1cXEN1cnJlbnRDb250cm9sU2V0XFxTZXJ2aWNlc1xcJHNlcnZpY2VOYW1lXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKydpZiAoLU5vdCAoVGVzdC1QYXRoICRyZWdpc3RyeUtleSkpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIFdyaXRlLVdhcm5pbmcgXCJeXCJcImBcIl5cIlwiJHJlZ2lzdHJ5S2V5YFwiXlwiXCIgaXMgbm90IGZvdW5kIGluIHJlZ2lzdHJ5LiBSZXZlcnQgY2Fubm90IHByb2NlZWQuXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKycgICAgRXhpdCAxJytcIl5cIlwiYHJgblwiXlwiXCIrJ30nK1wiXlwiXCJgcmBuXCJeXCJcIisnPCMgLS0gMy4gRW5hYmxlIGlmIG5vdCBhbHJlYWR5IGVuYWJsZWQgIz4nK1wiXlwiXCJgcmBuXCJeXCJcIisnJGRlZmF1bHRTdGFydHVwUmVnVmFsdWUgPSBzd2l0Y2ggKCRkZWZhdWx0U3RhcnR1cE1vZGUpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnQm9vdCcnICAgICAgeyAwIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnU3lzdGVtJycgICAgeyAxIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnQXV0b21hdGljJycgeyAyIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnTWFudWFsJycgICAgeyAzIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICcnRGlzYWJsZWQnJyAgeyA0IH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIGRlZmF1bHQgeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUVycm9yIFwiXlwiXCJFcnJvcjogVW5rbm93biBzdGFydHVwIG1vZGUgc3BlY2lmaWVkOiBgXCJeXCJcIiRkZWZhdWx0U3RhcnR1cE1vZGVgXCJeXCJcIi4gUmV2ZXJ0IGNhbm5vdCBwcm9jZWVkLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICAgICByZXR1cm4nK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnfScrXCJeXCJcImByYG5cIl5cIlwiKydpZiAoJChHZXQtSXRlbVByb3BlcnR5IC1QYXRoIFwiXlwiXCIkcmVnaXN0cnlLZXlcIl5cIlwiKS5TdGFydCAtZXEgJGRlZmF1bHRTdGFydHVwUmVnVmFsdWUpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIFdyaXRlLUhvc3QgXCJeXCJcImBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaXMgaGFzIGFscmVhZHkgZGVmYXVsdCBzdGFydHVwIG1vZGU6IGBcIl5cIlwiJGRlZmF1bHRTdGFydHVwTW9kZWBcIl5cIlwiLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnfSBlbHNlIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIHRyeSB7JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAkcmVnaXN0cnlLZXkgLU5hbWUgU3RhcnQgLVZhbHVlICRkZWZhdWx0U3RhcnR1cFJlZ1ZhbHVlIC1Gb3JjZScrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUhvc3QgXCJeXCJcIlN1Y2Nlc3NmdWxseSByZXN0b3JlZCBgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIHdpdGggYFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlYFwiXlwiXCIgc3RhcnQsIHRoaXMgbWF5IHJlcXVpcmUgcmVzdGFydGluZyB5b3VyIGNvbXB1dGVyLlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIH0gY2F0Y2ggeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUVycm9yIFwiXlwiXCJDb3VsZCBub3QgZW5hYmxlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCI6ICRfXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIEV4aXQgMScrXCJeXCJcImByYG5cIl5cIlwiKycgICAgfScrXCJeXCJcImByYG5cIl5cIlwiKyd9JytcIl5cIlwiYHJgblwiXlwiXCIrJzwjIC0tIDQuIFN0YXJ0IGlmIG5vdCBydW5uaW5nIChtdXN0IGJlIGVuYWJsZWQgZmlyc3QpICM+JytcIl5cIlwiYHJgblwiXlwiXCIrJ2lmICgkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnJ0F1dG9tYXRpYycnIC1vciAkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnJ0Jvb3QnJyAtb3IgJGRlZmF1bHRTdGFydHVwTW9kZSAtZXEgJydTeXN0ZW0nJykgeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgaWYgKCRzZXJ2aWNlLlN0YXR1cyAtbmUgW1N5c3RlbS5TZXJ2aWNlUHJvY2Vzcy5TZXJ2aWNlQ29udHJvbGxlclN0YXR1c106OlJ1bm5pbmcpIHsnK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICAgICBXcml0ZS1Ib3N0IFwiXlwiXCJgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIGlzIG5vdCBydW5uaW5nLCB0cnlpbmcgdG8gc3RhcnQgaXQuXCJeXCJcIicrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIHRyeSB7JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgICAgIFN0YXJ0LVNlcnZpY2UgLU5hbWUgJHNlcnZpY2VOYW1lIC1FcnJvckFjdGlvbiBTdG9wJytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgICAgIFdyaXRlLUhvc3QgJydTZXJ2aWNlIHN0YXJ0ZWQgc3VjY2Vzc2Z1bGx5LicnJytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgfSBjYXRjaCB7JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICAgICAgICAgIFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byByZXN0YXJ0IHNlcnZpY2UuIEl0IHdpbGwgYmUgc3RhcnRlZCBhZnRlciByZWJvb3QuIEVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgICAgICB9JytcIl5cIlwiYHJgblwiXlwiXCIrJyAgICB9IGVsc2UgeycrXCJeXCJcImByYG5cIl5cIlwiKycgICAgICAgIFdyaXRlLUhvc3QgXCJeXCJcImBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaXMgYWxyZWFkeSBydW5uaW5nLCBubyBuZWVkIHRvIHN0YXJ0LlwiXlwiXCInK1wiXlwiXCJgcmBuXCJeXCJcIisnICAgIH0nK1wiXlwiXCJgcmBuXCJeXCJcIisnfSc7IEludm9rZS1Bc1RydXN0ZWRJbnN0YWxsZXIgJGNtZFwiXG46OiBSZXN0b3JlIGZpbGVzIG1hdGNoaW5nIHBhdHRlcm46IFwiJVNZU1RFTVJPT1QlXFxTeXN0ZW0zMlxcZHJpdmVyc1xcV2RGaWx0ZXIuc3lzXCIgd2l0aCBhZGRpdGlvbmFsIHBlcm1pc3Npb25zIFxuUG93ZXJTaGVsbCAtRXhlY3V0aW9uUG9saWN5IFVucmVzdHJpY3RlZCAtQ29tbWFuZCBcIiRyZXZlcnQgPSAkdHJ1ZTsgJHBhdGhHbG9iUGF0dGVybiA9IFwiXlwiXCIlU1lTVEVNUk9PVCVcXFN5c3RlbTMyXFxkcml2ZXJzXFxXZEZpbHRlci5zeXMuT0xEXCJeXCJcIjsgJGV4cGFuZGVkUGF0aCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcGF0aEdsb2JQYXR0ZXJuKTsgV3JpdGUtSG9zdCBcIl5cIlwiU2VhcmNoaW5nIGZvciBpdGVtcyBtYXRjaGluZyBwYXR0ZXJuOiBgXCJeXCJcIiQoJGV4cGFuZGVkUGF0aClgXCJeXCJcIi5cIl5cIlwiOyAkcmVuYW1lZENvdW50ICAgPSAwOyAkc2tpcHBlZENvdW50ICAgPSAwOyAkZmFpbGVkQ291bnQgICAgPSAwOyBBZGQtVHlwZSAtVHlwZURlZmluaXRpb24gXCJeXCJcInVzaW5nIFN5c3RlbTtgcmBudXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzO2ByYG5wdWJsaWMgY2xhc3MgUHJpdmlsZWdlcyB7YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwiYWR2YXBpMzIuZGxsYFwiXlwiXCIsIEV4YWN0U3BlbGxpbmcgPSB0cnVlLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV1gcmBuICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBBZGp1c3RUb2tlblByaXZpbGVnZXMoSW50UHRyIGh0b2ssIGJvb2wgZGlzYWxsLGByYG4gICAgICAgIHJlZiBUb2tQcml2MUx1aWQgbmV3c3QsIGludCBsZW4sIEludFB0ciBwcmV2LCBJbnRQdHIgcmVsZW4pO2ByYG4gICAgW0RsbEltcG9ydChgXCJeXCJcImFkdmFwaTMyLmRsbGBcIl5cIlwiLCBFeGFjdFNwZWxsaW5nID0gdHJ1ZSwgU2V0TGFzdEVycm9yID0gdHJ1ZSldYHJgbiAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgT3BlblByb2Nlc3NUb2tlbihJbnRQdHIgaCwgaW50IGFjYywgcmVmIEludFB0ciBwaHRvayk7YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwiYWR2YXBpMzIuZGxsYFwiXlwiXCIsIFNldExhc3RFcnJvciA9IHRydWUpXWByYG4gICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKHN0cmluZyBob3N0LCBzdHJpbmcgbmFtZSwgcmVmIGxvbmcgcGx1aWQpO2ByYG4gICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwsIFBhY2sgPSAxKV1gcmBuICAgIGludGVybmFsIHN0cnVjdCBUb2tQcml2MUx1aWQge2ByYG4gICAgICAgIHB1YmxpYyBpbnQgQ291bnQ7YHJgbiAgICAgICAgcHVibGljIGxvbmcgTHVpZDtgcmBuICAgICAgICBwdWJsaWMgaW50IEF0dHI7YHJgbiAgICB9YHJgbiAgICBpbnRlcm5hbCBjb25zdCBpbnQgU0VfUFJJVklMRUdFX0VOQUJMRUQgPSAweDAwMDAwMDAyO2ByYG4gICAgaW50ZXJuYWwgY29uc3QgaW50IFRPS0VOX1FVRVJZID0gMHgwMDAwMDAwODtgcmBuICAgIGludGVybmFsIGNvbnN0IGludCBUT0tFTl9BREpVU1RfUFJJVklMRUdFUyA9IDB4MDAwMDAwMjA7YHJgbiAgICBwdWJsaWMgc3RhdGljIGJvb2wgQWRkUHJpdmlsZWdlKHN0cmluZyBwcml2aWxlZ2UpIHtgcmBuICAgICAgICB0cnkge2ByYG4gICAgICAgICAgICBib29sIHJldFZhbDtgcmBuICAgICAgICAgICAgVG9rUHJpdjFMdWlkIHRwO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHByb2MgPSBHZXRDdXJyZW50UHJvY2VzcygpO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHRvayA9IEludFB0ci5aZXJvO2ByYG4gICAgICAgICAgICByZXRWYWwgPSBPcGVuUHJvY2Vzc1Rva2VuKGhwcm9jLCBUT0tFTl9BREpVU1RfUFJJVklMRUdFUyB8IFRPS0VOX1FVRVJZLCByZWYgaHRvayk7YHJgbiAgICAgICAgICAgIHRwLkNvdW50ID0gMTtgcmBuICAgICAgICAgICAgdHAuTHVpZCA9IDA7YHJgbiAgICAgICAgICAgIHRwLkF0dHIgPSBTRV9QUklWSUxFR0VfRU5BQkxFRDtgcmBuICAgICAgICAgICAgcmV0VmFsID0gTG9va3VwUHJpdmlsZWdlVmFsdWUobnVsbCwgcHJpdmlsZWdlLCByZWYgdHAuTHVpZCk7YHJgbiAgICAgICAgICAgIHJldFZhbCA9IEFkanVzdFRva2VuUHJpdmlsZWdlcyhodG9rLCBmYWxzZSwgcmVmIHRwLCAwLCBJbnRQdHIuWmVybywgSW50UHRyLlplcm8pO2ByYG4gICAgICAgICAgICByZXR1cm4gcmV0VmFsO2ByYG4gICAgICAgIH0gY2F0Y2ggKEV4Y2VwdGlvbiBleCkge2ByYG4gICAgICAgICAgICB0aHJvdyBuZXcgRXhjZXB0aW9uKGBcIl5cIlwiRmFpbGVkIHRvIGFkanVzdCB0b2tlbiBwcml2aWxlZ2VzYFwiXlwiXCIsIGV4KTtgcmBuICAgICAgICB9YHJgbiAgICB9YHJgbiAgICBwdWJsaWMgc3RhdGljIGJvb2wgUmVtb3ZlUHJpdmlsZWdlKHN0cmluZyBwcml2aWxlZ2UpIHtgcmBuICAgICAgICB0cnkge2ByYG4gICAgICAgICAgICBib29sIHJldFZhbDtgcmBuICAgICAgICAgICAgVG9rUHJpdjFMdWlkIHRwO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHByb2MgPSBHZXRDdXJyZW50UHJvY2VzcygpO2ByYG4gICAgICAgICAgICBJbnRQdHIgaHRvayA9IEludFB0ci5aZXJvO2ByYG4gICAgICAgICAgICByZXRWYWwgPSBPcGVuUHJvY2Vzc1Rva2VuKGhwcm9jLCBUT0tFTl9BREpVU1RfUFJJVklMRUdFUyB8IFRPS0VOX1FVRVJZLCByZWYgaHRvayk7YHJgbiAgICAgICAgICAgIHRwLkNvdW50ID0gMTtgcmBuICAgICAgICAgICAgdHAuTHVpZCA9IDA7YHJgbiAgICAgICAgICAgIHRwLkF0dHIgPSAwOyAgLy8gVGhpcyBsaW5lIGlzIGNoYW5nZWQgdG8gcmV2b2tlIHRoZSBwcml2aWxlZ2VgcmBuICAgICAgICAgICAgcmV0VmFsID0gTG9va3VwUHJpdmlsZWdlVmFsdWUobnVsbCwgcHJpdmlsZWdlLCByZWYgdHAuTHVpZCk7YHJgbiAgICAgICAgICAgIHJldFZhbCA9IEFkanVzdFRva2VuUHJpdmlsZWdlcyhodG9rLCBmYWxzZSwgcmVmIHRwLCAwLCBJbnRQdHIuWmVybywgSW50UHRyLlplcm8pO2ByYG4gICAgICAgICAgICByZXR1cm4gcmV0VmFsO2ByYG4gICAgICAgIH0gY2F0Y2ggKEV4Y2VwdGlvbiBleCkge2ByYG4gICAgICAgICAgICB0aHJvdyBuZXcgRXhjZXB0aW9uKGBcIl5cIlwiRmFpbGVkIHRvIGFkanVzdCB0b2tlbiBwcml2aWxlZ2VzYFwiXlwiXCIsIGV4KTtgcmBuICAgICAgICB9YHJgbiAgICB9YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwia2VybmVsMzIuZGxsYFwiXlwiXCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXWByYG4gICAgcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIEdldEN1cnJlbnRQcm9jZXNzKCk7YHJgbn1cIl5cIlwiOyBbUHJpdmlsZWdlc106OkFkZFByaXZpbGVnZSgnU2VSZXN0b3JlUHJpdmlsZWdlJykgfCBPdXQtTnVsbDsgW1ByaXZpbGVnZXNdOjpBZGRQcml2aWxlZ2UoJ1NlVGFrZU93bmVyc2hpcFByaXZpbGVnZScpIHwgT3V0LU51bGw7ICRhZG1pblNpZCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIgJ1MtMS01LTMyLTU0NCc7ICRhZG1pbkFjY291bnQgPSAkYWRtaW5TaWQuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pOyAkYWRtaW5GdWxsQ29udHJvbEFjY2Vzc1J1bGUgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5BY2Nlc3NDb250cm9sLkZpbGVTeXN0ZW1BY2Nlc3NSdWxlKCAkYWRtaW5BY2NvdW50LCBbU3lzdGVtLlNlY3VyaXR5LkFjY2Vzc0NvbnRyb2wuRmlsZVN5c3RlbVJpZ2h0c106OkZ1bGxDb250cm9sLCBbU3lzdGVtLlNlY3VyaXR5LkFjY2Vzc0NvbnRyb2wuQWNjZXNzQ29udHJvbFR5cGVdOjpBbGxvdyApOyAkZm91bmRBYnNvbHV0ZVBhdGhzID0gQCgpOyB0cnkgeyAkZm91bmRBYnNvbHV0ZVBhdGhzICs9IEAoOyBHZXQtSXRlbSAtUGF0aCAkZXhwYW5kZWRQYXRoIC1FcnJvckFjdGlvbiBTdG9wIHwgU2VsZWN0LU9iamVjdCAtRXhwYW5kUHJvcGVydHkgRnVsbE5hbWU7ICk7IH0gY2F0Y2ggW1N5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uXSB7IDwjIFN3YWxsb3csIGRvIG5vdCBydW4gYFRlc3QtUGF0aGAgYmVmb3JlLCBpdCdzIHVucmVsaWFibGUgZm9yIGdsb2JzIHJlcXVpcmluZyBleHRyYSBwZXJtaXNzaW9ucyAjPjsgfTsgJGZvdW5kQWJzb2x1dGVQYXRocyA9ICRmb3VuZEFic29sdXRlUGF0aHMgfCBTZWxlY3QtT2JqZWN0IC1VbmlxdWUgfCBTb3J0LU9iamVjdCAtUHJvcGVydHkgeyAkXy5MZW5ndGggfSAtRGVzY2VuZGluZzsgaWYgKCEkZm91bmRBYnNvbHV0ZVBhdGhzKSB7IFdyaXRlLUhvc3QgJ1NraXBwaW5nLCBubyBpdGVtcyBhdmFpbGFibGUuJzsgZXhpdCAwOyB9OyBXcml0ZS1Ib3N0IFwiXlwiXCJJbml0aWF0aW5nIHByb2Nlc3Npbmcgb2YgJCgkZm91bmRBYnNvbHV0ZVBhdGhzLkNvdW50KSBpdGVtcyBmcm9tIGBcIl5cIlwiJGV4cGFuZGVkUGF0aGBcIl5cIlwiLlwiXlwiXCI7IGZvcmVhY2ggKCRwYXRoIGluICRmb3VuZEFic29sdXRlUGF0aHMpIHsgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nIGZvbGRlciAobm90IGl0cyBjb250ZW50cyk6IGBcIl5cIlwiJHBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGNvbnRpbnVlOyB9OyBpZigkcmV2ZXJ0IC1lcSAkdHJ1ZSkgeyBpZiAoLW5vdCAkcGF0aC5FbmRzV2l0aCgnLk9MRCcpKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nIG5vbi1iYWNrdXAgZmlsZTogYFwiXlwiXCIkcGF0aGBcIl5cIlwiLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgY29udGludWU7IH07IH0gZWxzZSB7IGlmICgkcGF0aC5FbmRzV2l0aCgnLk9MRCcpKSB7IFdyaXRlLUhvc3QgXCJeXCJcIlNraXBwaW5nIGJhY2t1cCBmaWxlOiBgXCJeXCJcIiRwYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHNraXBwZWRDb3VudCsrOyBjb250aW51ZTsgfTsgfTsgJG9yaWdpbmFsRmlsZVBhdGggPSAkcGF0aDsgV3JpdGUtSG9zdCBcIl5cIlwiUHJvY2Vzc2luZyBmaWxlOiBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIuXCJeXCJcIjsgaWYgKC1Ob3QgKFRlc3QtUGF0aCAkb3JpZ2luYWxGaWxlUGF0aCkpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcsIGZpbGUgYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiIG5vdCBmb3VuZC5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGV4aXQgMDsgfTsgJG9yaWdpbmFsQWNsID0gR2V0LUFjbCAtUGF0aCBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhcIl5cIlwiOyAkYWNjZXNzR3JhbnRlZCA9ICRmYWxzZTsgdHJ5IHsgJGFjbCA9IEdldC1BY2wgLVBhdGggXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoXCJeXCJcIjsgJGFjbC5TZXRPd25lcigkYWRtaW5BY2NvdW50KSA8IyBUYWtlIE93bmVyc2hpcCAoYmVjYXVzZSBmaWxlIGlzIG93bmVkIGJ5IFRydXN0ZWRJbnN0YWxsZXIpICM+OyAkYWNsLkFkZEFjY2Vzc1J1bGUoJGFkbWluRnVsbENvbnRyb2xBY2Nlc3NSdWxlKSA8IyBHcmFudCByaWdodHMgdG8gYmUgYWJsZSB0byBtb3ZlIHRoZSBmaWxlICM+OyBTZXQtQWNsIC1QYXRoICRvcmlnaW5hbEZpbGVQYXRoIC1BY2xPYmplY3QgJGFjbCAtRXJyb3JBY3Rpb24gU3RvcDsgJGFjY2Vzc0dyYW50ZWQgPSAkdHJ1ZTsgfSBjYXRjaCB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byBncmFudCBhY2Nlc3MgdG8gYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH07IGlmICgkcmV2ZXJ0IC1lcSAkdHJ1ZSkgeyAkbmV3RmlsZVBhdGggPSAkb3JpZ2luYWxGaWxlUGF0aC5TdWJzdHJpbmcoMCwgJG9yaWdpbmFsRmlsZVBhdGguTGVuZ3RoIC0gNCk7IH0gZWxzZSB7ICRuZXdGaWxlUGF0aCA9IFwiXlwiXCIkKCRvcmlnaW5hbEZpbGVQYXRoKS5PTERcIl5cIlwiOyB9OyB0cnkgeyBNb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoIFwiXlwiXCIkKCRvcmlnaW5hbEZpbGVQYXRoKVwiXlwiXCIgLURlc3RpbmF0aW9uIFwiXlwiXCIkbmV3RmlsZVBhdGhcIl5cIlwiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU3RvcDsgV3JpdGUtSG9zdCBcIl5cIlwiU3VjY2Vzc2Z1bGx5IHByb2Nlc3NlZCBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHJlbmFtZWRDb3VudCsrOyBpZiAoJGFjY2Vzc0dyYW50ZWQpIHsgdHJ5IHsgU2V0LUFjbCAtUGF0aCAkbmV3RmlsZVBhdGggLUFjbE9iamVjdCAkb3JpZ2luYWxBY2wgLUVycm9yQWN0aW9uIFN0b3A7IH0gY2F0Y2ggeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcmVzdG9yZSBhY2Nlc3Mgb24gYFwiXlwiXCIkbmV3RmlsZVBhdGhgXCJeXCJcIjogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyB9OyB9OyB9IGNhdGNoIHsgV3JpdGUtRXJyb3IgXCJeXCJcIkZhaWxlZCB0byByZW5hbWUgYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiIHRvIGBcIl5cIlwiJG5ld0ZpbGVQYXRoYFwiXlwiXCI6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpXCJeXCJcIjsgJGZhaWxlZENvdW50Kys7IGlmICgkYWNjZXNzR3JhbnRlZCkgeyB0cnkgeyBTZXQtQWNsIC1QYXRoICRvcmlnaW5hbEZpbGVQYXRoIC1BY2xPYmplY3QgJG9yaWdpbmFsQWNsIC1FcnJvckFjdGlvbiBTdG9wOyB9IGNhdGNoIHsgV3JpdGUtV2FybmluZyBcIl5cIlwiRmFpbGVkIHRvIHJlc3RvcmUgYWNjZXNzIG9uIGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIjogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyB9OyB9OyB9OyB9OyBpZiAoKCRyZW5hbWVkQ291bnQgLWd0IDApIC1vciAoJHNraXBwZWRDb3VudCAtZ3QgMCkpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU3VjY2Vzc2Z1bGx5IHByb2Nlc3NlZCAkcmVuYW1lZENvdW50IGl0ZW1zIGFuZCBza2lwcGVkICRza2lwcGVkQ291bnQgaXRlbXMuXCJeXCJcIjsgfTsgaWYgKCRmYWlsZWRDb3VudCAtZ3QgMCkgeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcHJvY2VzcyAkKCRmYWlsZWRDb3VudCkgaXRlbXMuXCJeXCJcIjsgfTsgW1ByaXZpbGVnZXNdOjpSZW1vdmVQcml2aWxlZ2UoJ1NlUmVzdG9yZVByaXZpbGVnZScpIHwgT3V0LU51bGw7IFtQcml2aWxlZ2VzXTo6UmVtb3ZlUHJpdmlsZWdlKCdTZVRha2VPd25lcnNoaXBQcml2aWxlZ2UnKSB8IE91dC1OdWxsXCIi

Help

How to apply or restore "Disable Defender Antivirus minifilter driver" using commands

• ≈ 2 min to complete
• Tools: Command Prompt
• Difficulty: Medium
• ≈ 3 instructions

View step-by-step guide with screenshots

---

1. 1

   Open Command Prompt

   Open Command Prompt as Administrator.
2. 2

   Copy code

   Copy the code:

   Copy Apply Code Copy Revert Code
3. 3

   Paste & run

   Paste the commands into Command Prompt and press Enter to run.

   Some changes require a system restart to take effect

Similar Guides

Wider Goal

Guides below includes this guide to achieve a wider goal.See other more general settings that includes this one as one of its actions.
These plans combine multiple privacy settings, including this one, for stronger protection.

Disable system modification restrictions

This category disables features that restrict system modifications in Windows. This enables deeper system modifications, enhancing privacy by allowing th...

— Disable system modification restrictions

Disable Defender

This category offers scripts to disable Windows security components related to Defender. Defender is also referred to as Microsoft Defender or Windows De...

— Disable Defender

Privacy over security

Visit category page

Same Goal

Other guides in Disable system modification restrictions See settings that are in the same category as this guide.
Using other actions in the same category may help you achieve your goal better.

Disable Defender System Guard

Disable Defender Antivirus boot driver

Disable security event monitoring

Disable Secure Boot driver

Disable Tamper Protection

Disable virtualization-based security (VBS)

---

About the Creators

These people have authored this documentation and written its scripts:

• 

  undergroundwires

  • Certified security professional
  • 7+ years experience securing banks
  • Open-source developer since 2005
  • EU advisor, Public Speaker, Moderator
• Open-Source Contributors

  • Hundreds across the globe
  • Testers, reviewers, developers
  • Companies, military agencies
  • Community since 2017

About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

• Expert review by undergroundwires

  • Verified technical accuracy and editorial standards
  • Assessed system impact and user privacy risks
  • Audited and verified using automated security tests

• Public review by large community

  • Privacy enthusiasts and professionals peer-reviewed
  • Millions of end-users tested across different environments
  • Audited and verified using third-party security software

History

We continually monitor our guides, their impact and other potential privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process