Disable System Guard kernel monitoring

Apply Now

Works with Windows 10 and 11Works with Windows Vista, XP, 7, 8, 10, 11, and Windows Server 2008 or newer.

• Windows onlyThis script improves your privacy on Windows
• Single actionThis page belongs to a script, containing basic changes to achieve a task.
• Impact: High

  System Functionality / Data Loss Risk: High

  This action improves privacy with high impact when you run the recommended script.

• Batch (batchfile)These changes use Windows system commands to update your settings.
• Administrator rights requiredThis script requires privilege access to do the system changes
• Fully reversible

  You can fully restore this action (revert back to the original behavior) using this website.

  The restore/revert methods provided here can help you fix issues.

Overview

This script disables the System Guard Runtime Monitor Agent, a kernel driver within Windows' security infrastructure.

The System Guard Runtime Monitor Agent is a kernel-mode component of System Guard that runs in the Secure Kernel ¹. The Secure Kernel operates in a more secure and isolated environment called VTL1 (Virtual Trust Level 1), while the normal NT kernel runs in a virtualized environment called VTL0 ². This separation adds another layer of security.

It provides essential functionality to System Guard through various assists ^{1 3 4}. These assists enable System Guard's Lua-based assertion engine to interact with and validate system information ⁴. The driver gathers data from core system components like the NT kernel to monitor their integrity ⁴. It provides functionality to SgrmBroker (System Guard Runtime Monitor Broker Service) ^{3 4}.

The agent performs security functions such as:

• Checks for signed and trusted processes ⁴
• Enforces security policies ⁴
• Utilizes mitigation techniques like Control Flow Guard to prevent unauthorized code execution ⁴
• Provides kernel-level assists to the SgrmBroker assist engine, which runs in user-mode ⁴
• Prevents DLL hijacking attacks ⁷

Disabling this driver may enhance privacy by stopping system monitoring and data collection. It may also improve system performance by reducing background processes. However, it may reduce system security by disabling a component that protects against specific attacks.

Caution

Disabling this driver weakens your system's defenses against malware and unauthorized code execution.

Technical Details

This script:

• Disables the "System Guard Runtime Monitor Agent" service (SgrmAgent)
• Deletes the "System Guard Runtime Monitor Agent" (SgrmAgent.sys) file

The SgrmAgent.sys file is located at %SYSTEMROOT%\System32\drivers\SgrmAgent.sys ^{3 4 5 6}. This service is installed by a Windows package called "Security-Octagon-Agent" ⁶.

Overview of default service statuses

OS Version	Status	Start type
Windows 10 (≥ 22H2)	🟢 Running	Boot
Windows 10 (21H2)	🟢 Running	Boot
Windows 11 (22H2)	🔴 Stopped	Disabled
Windows 11 (23H2)	🔴 Stopped	Disabled
Windows 11 (≥ 24H2)	🔴 Stopped	Disabled

1. Not Advised

   This script should only be used by advanced users.

   This script is not recommended for daily use as it breaks important functionality.

   Consider creating a system restore point before doing any changes.

2. Security Trade-off

   This action prioritizes privacy over certain security features. It's not recommended and should only be used by advanced users after understanding its implications.

   Increased Privacy

   Enhanced privacy through reduced data collection and tracking

   Decreased Security

   Some security features will be disabled or limited

   This script can be reversed, this action allows you to can restore the system security.

Sources

PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

• Introducing Windows Defender System Guard runtime attestation. Microsoft Security Blog. microsoft.com. (2024).
  Original: https://www.microsoft.com/en-us/security/blog/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation
  Archived: https://web.archive.org/web/20241006131949/https://www.microsoft.com/en-us/security/blog/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/
• Introducing Kernel Data Protection, a new platform security technology for preventing data corruption. Microsoft Security Blog. www.microsoft.com. (2024).
  Original: https://www.microsoft.com/en-us/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption
  Archived: https://web.archive.org/web/20241006211212/https://www.microsoft.com/en-us/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/
• Inside Windows Defender System Guard Runtime Monitor. $~ lloydlabs. blog.syscall.party. (2024).
  Original: http://blog.syscall.party/2022/08/02/inside-windows-defender-system-guard-runtime-monitor.html
  Archived: https://web.archive.org/web/20241006130508/http://blog.syscall.party/2022/08/02/inside-windows-defender-system-guard-runtime-monitor.html
• 10_0_17763_1/C/Windows/System32/drivers/SgrmAgent.sys.strings at 6151931b169f55ce8b8581c39bb508a661e4085b · privacysexy-forks/10_0_17763_1. github.com. (2024).
  Original: https://github.com/privacysexy-forks/10_0_17763_1/blob/6151931b169f55ce8b8581c39bb508a661e4085b/C/Windows/System32/drivers/SgrmAgent.sys.strings
  Archived: https://web.archive.org/web/20241006191914/https://github.com/privacysexy-forks/10_0_17763_1/blob/6151931b169f55ce8b8581c39bb508a661e4085b/C/Windows/System32/drivers/SgrmAgent.sys.strings
• System Guard Runtime Monitor Agent - Windows 11 Service - batcmd.com. batcmd.com. (2024).
  Original: https://batcmd.com/windows/11/services/sgrmagent
  Archived: https://web.archive.org/web/20241006160645/https://batcmd.com/windows/11/services/sgrmagent/
• nickel-x64/WinSxS/Manifests/amd64_security-octagon-agent_31bf3856ad364e35_10.0.22621.1_none_611e8a0ed84a25b2.manifest at b3f8c9549e49f2a92b401b3809b210d5f78190ba · privacysexy-forks/nickel-x64. github.com. (2024).
  Original: https://github.com/privacysexy-forks/nickel-x64/blob/b3f8c9549e49f2a92b401b3809b210d5f78190ba/WinSxS/Manifests/amd64_security-octagon-agent_31bf3856ad364e35_10.0.22621.1_none_611e8a0ed84a25b2.manifest
  Archived: https://web.archive.org/web/20241006191906/https://github.com/privacysexy-forks/nickel-x64/blob/b3f8c9549e49f2a92b401b3809b210d5f78190ba/WinSxS/Manifests/amd64_security-octagon-agent_31bf3856ad364e35_10.0.22621.1_none_611e8a0ed84a25b2.manifest
• Faxing Your Way to SYSTEM — Part Two – Winsider Seminars & Solutions Inc.. windows-internals.com. (2024).
  Original: https://windows-internals.com/faxing-your-way-to-system
  Archived: https://archive.ph/2024.10.27-172044/https://windows-internals.com/faxing-your-way-to-system/

Apply Now

Choose one of three ways to apply:

Download script

Download and run the script directly

• No app needed
• Offline usage
• Easy-to-apply
• Free
• Open-source

Apply protection

Undo protection

Help

How to apply or restore "Disable System Guard kernel monitoring" using script

• ≈ 2 min to complete
• Tools: Web Browser
• Difficulty: Simple
• ≈ 5 instructions

1. 1

   Download

   Download the script file by clicking on the   Apply protection  button above.
   Use   Undo protection button above to restore changes.
2. 2

   Keep the file

   If warned by your browser, keep the file.
3. 3

   Open

   Open the downloaded file.
4. 4

   Exit

   Once it's done, press any key to exit the window.
5. 5

   Restart

   Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks

• Recommended for most users
• Includes safety checks
• Free
• Open-source
• Popular
• Offline/Online usage

Open privacy.sexy

Help

How to apply or restore "Disable System Guard kernel monitoring" using privacy.sexy

• ≈ 3 min to complete
• Tools: privacy.sexy
• Difficulty: Simple
• ≈ 4 instructions

privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.

1. 1

   Open or download

   Open or download the desktop application
2. 2

   Choose script

   1. Search for the script name: Disable System Guard kernel monitoring
   2. Check the script by clicking on the checkbox.
3. 3

   Run

   Click on ▶️ Run button at the bottom of the page.

   This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Run commands

Copy and run commands manually Requires technical knowledge

Apply

Apply changes

:: Disable service(s): `SgrmAgent`
:: This operation will not run on Windows versions later than Windows11-21H2.
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-21H2'; $buildNumber = switch ($versionName) { 'Windows11-21H2' { '10.0.22000' }; 'Windows10-MostRecent' { '10.0.19045' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1903' { '10.0.18362' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for maximum Windows '$versionName'"^""; }; }; $maxVersion=[System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -gt $maxVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is above maximum $maxVersion ($versionName)"^""; Exit 0; }; $serviceName = 'SgrmAgent'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
:: Disable service(s): `SgrmAgent`
:: This operation will not run on Windows versions earlier than Windows11-22H2.
PowerShell -ExecutionPolicy Unrestricted -Command "$versionName = 'Windows11-22H2'; $buildNumber = switch ($versionName) { 'Windows11-FirstRelease' { '10.0.22000' }; 'Windows11-22H2' { '10.0.22621' }; 'Windows11-21H2' { '10.0.22000' }; 'Windows10-22H2' { '10.0.19045' }; 'Windows10-21H2' { '10.0.19044' }; 'Windows10-20H2' { '10.0.19042' }; 'Windows10-1909' { '10.0.18363' }; 'Windows10-1607' { '10.0.14393' }; default { throw "^""Internal privacy$([char]0x002E)sexy error: No build for minimum Windows '$versionName'"^""; }; }; $minVersion = [System.Version]::Parse($buildNumber); $ver = [Environment]::OSVersion.Version; $verNoPatch = [System.Version]::new($ver.Major, $ver.Minor, $ver.Build); if ($verNoPatch -lt $minVersion) { Write-Output "^""Skipping: Windows ($verNoPatch) is below minimum $minVersion ($versionName)"^""; Exit 0; }; $serviceName = 'SgrmAgent'; Write-Host "^""Disabling service: `"^""$serviceName`"^""."^""; <# -- 1. Skip if service does not exist #>; $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue; if(!$service) { Write-Host "^""Service `"^""$serviceName`"^"" could not be not found, no need to disable it."^""; Exit 0; }; <# -- 2. Stop if running #>; if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { Write-Host "^""`"^""$serviceName`"^"" is running, stopping it."^""; try { Stop-Service -Name "^""$serviceName"^"" -Force -ErrorAction Stop; Write-Host "^""Stopped `"^""$serviceName`"^"" successfully."^""; } catch { Write-Warning "^""Could not stop `"^""$serviceName`"^"", it will be stopped after reboot: $_"^""; }; } else { Write-Host "^""`"^""$serviceName`"^"" is not running, no need to stop."^""; }; <# -- 3. Skip if already disabled #>; $startupType = $service.StartType <# Does not work before .NET 4.6.1 #>; if (!$startupType) { $startupType = (Get-WmiObject -Query "^""Select StartMode From Win32_Service Where Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; if(!$startupType) { $startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "^""Name='$serviceName'"^"" -ErrorAction Ignore).StartMode; }; }; if ($startupType -eq 'Disabled') { Write-Host "^""$serviceName is already disabled, no further action is needed"^""; Exit 0; }; <# -- 4. Disable service #>; try { Set-Service -Name "^""$serviceName"^"" -StartupType Disabled -Confirm:$false -ErrorAction Stop; Write-Host "^""Disabled `"^""$serviceName`"^"" successfully."^""; } catch { Write-Error "^""Could not disable `"^""$serviceName`"^"": $_"^""; }"
:: Soft delete files matching pattern: "%SYSTEMROOT%\System32\drivers\SgrmAgent.sys" with additional permissions 
PowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = "^""%SYSTEMROOT%\System32\drivers\SgrmAgent.sys"^""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host "^""Searching for items matching pattern: `"^""$($expandedPath)`"^""."^""; $renamedCount   = 0; $skippedCount   = 0; $failedCount    = 0; Add-Type -TypeDefinition "^""using System;`r`nusing System.Runtime.InteropServices;`r`npublic class Privileges {`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,`r`n        ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);`r`n    [DllImport(`"^""advapi32.dll`"^"", ExactSpelling = true, SetLastError = true)]`r`n    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);`r`n    [DllImport(`"^""advapi32.dll`"^"", SetLastError = true)]`r`n    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);`r`n    [StructLayout(LayoutKind.Sequential, Pack = 1)]`r`n    internal struct TokPriv1Luid {`r`n        public int Count;`r`n        public long Luid;`r`n        public int Attr;`r`n    }`r`n    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;`r`n    internal const int TOKEN_QUERY = 0x00000008;`r`n    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;`r`n    public static bool AddPrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = SE_PRIVILEGE_ENABLED;`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    public static bool RemovePrivilege(string privilege) {`r`n        try {`r`n            bool retVal;`r`n            TokPriv1Luid tp;`r`n            IntPtr hproc = GetCurrentProcess();`r`n            IntPtr htok = IntPtr.Zero;`r`n            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);`r`n            tp.Count = 1;`r`n            tp.Luid = 0;`r`n            tp.Attr = 0;  // This line is changed to revoke the privilege`r`n            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);`r`n            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);`r`n            return retVal;`r`n        } catch (Exception ex) {`r`n            throw new Exception(`"^""Failed to adjust token privileges`"^"", ex);`r`n        }`r`n    }`r`n    [DllImport(`"^""kernel32.dll`"^"", CharSet = CharSet.Auto)]`r`n    public static extern IntPtr GetCurrentProcess();`r`n}"^""; [Privileges]::AddPrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::AddPrivilege('SeTakeOwnershipPrivilege') | Out-Null; $adminSid = New-Object System.Security.Principal.SecurityIdentifier 'S-1-5-32-544'; $adminAccount = $adminSid.Translate([System.Security.Principal.NTAccount]); $adminFullControlAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule( $adminAccount, [System.Security.AccessControl.FileSystemRights]::FullControl, [System.Security.AccessControl.AccessControlType]::Allow ); $foundAbsolutePaths = @(); try { $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] { <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) { Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host "^""Initiating processing of $($foundAbsolutePaths.Count) items from `"^""$expandedPath`"^""."^""; foreach ($path in $foundAbsolutePaths) { if (Test-Path -Path $path -PathType Container) { Write-Host "^""Skipping folder (not its contents): `"^""$path`"^""."^""; $skippedCount++; continue; }; if($revert -eq $true) { if (-not $path.EndsWith('.OLD')) { Write-Host "^""Skipping non-backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; } else { if ($path.EndsWith('.OLD')) { Write-Host "^""Skipping backup file: `"^""$path`"^""."^""; $skippedCount++; continue; }; }; $originalFilePath = $path; Write-Host "^""Processing file: `"^""$originalFilePath`"^""."^""; if (-Not (Test-Path $originalFilePath)) { Write-Host "^""Skipping, file `"^""$originalFilePath`"^"" not found."^""; $skippedCount++; exit 0; }; $originalAcl = Get-Acl -Path "^""$originalFilePath"^""; $accessGranted = $false; try { $acl = Get-Acl -Path "^""$originalFilePath"^""; $acl.SetOwner($adminAccount) <# Take Ownership (because file is owned by TrustedInstaller) #>; $acl.AddAccessRule($adminFullControlAccessRule) <# Grant rights to be able to move the file #>; Set-Acl -Path $originalFilePath -AclObject $acl -ErrorAction Stop; $accessGranted = $true; } catch { Write-Warning "^""Failed to grant access to `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; if ($revert -eq $true) { $newFilePath = $originalFilePath.Substring(0, $originalFilePath.Length - 4); } else { $newFilePath = "^""$($originalFilePath).OLD"^""; }; try { Move-Item -LiteralPath "^""$($originalFilePath)"^"" -Destination "^""$newFilePath"^"" -Force -ErrorAction Stop; Write-Host "^""Successfully processed `"^""$originalFilePath`"^""."^""; $renamedCount++; if ($accessGranted) { try { Set-Acl -Path $newFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; }; }; } catch { Write-Error "^""Failed to rename `"^""$originalFilePath`"^"" to `"^""$newFilePath`"^"": $($_.Exception.Message)"^""; $failedCount++; if ($accessGranted) { try { Set-Acl -Path $originalFilePath -AclObject $originalAcl -ErrorAction Stop; } catch { Write-Warning "^""Failed to restore access on `"^""$originalFilePath`"^"": $($_.Exception.Message)"^""; }; }; }; }; if (($renamedCount -gt 0) -or ($skippedCount -gt 0)) { Write-Host "^""Successfully processed $renamedCount items and skipped $skippedCount items."^""; }; if ($failedCount -gt 0) { Write-Warning "^""Failed to process $($failedCount) items."^""; }; [Privileges]::RemovePrivilege('SeRestorePrivilege') | Out-Null; [Privileges]::RemovePrivilege('SeTakeOwnershipPrivilege') | Out-Null"

Revert

Restore changes

Ijo6IFJlc3RvcmUgc2VydmljZShzKSB0byBkZWZhdWx0IHN0YXRlOiBgU2dybUFnZW50YFxuOjogVGhpcyBvcGVyYXRpb24gd2lsbCBub3QgcnVuIG9uIFdpbmRvd3MgdmVyc2lvbnMgbGF0ZXIgdGhhbiBXaW5kb3dzMTEtMjFIMi5cblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCIkdmVyc2lvbk5hbWUgPSAnV2luZG93czExLTIxSDInOyAkYnVpbGROdW1iZXIgPSBzd2l0Y2ggKCR2ZXJzaW9uTmFtZSkgeyAnV2luZG93czExLTIxSDInIHsgJzEwLjAuMjIwMDAnIH07ICdXaW5kb3dzMTAtTW9zdFJlY2VudCcgeyAnMTAuMC4xOTA0NScgfTsgJ1dpbmRvd3MxMC0yMkgyJyB7ICcxMC4wLjE5MDQ1JyB9OyAnV2luZG93czEwLTE5MDknIHsgJzEwLjAuMTgzNjMnIH07ICdXaW5kb3dzMTAtMTkwMycgeyAnMTAuMC4xODM2MicgfTsgZGVmYXVsdCB7IHRocm93IFwiXlwiXCJJbnRlcm5hbCBwcml2YWN5JChbY2hhcl0weDAwMkUpc2V4eSBlcnJvcjogTm8gYnVpbGQgZm9yIG1heGltdW0gV2luZG93cyAnJHZlcnNpb25OYW1lJ1wiXlwiXCI7IH07IH07ICRtYXhWZXJzaW9uPVtTeXN0ZW0uVmVyc2lvbl06OlBhcnNlKCRidWlsZE51bWJlcik7ICR2ZXIgPSBbRW52aXJvbm1lbnRdOjpPU1ZlcnNpb24uVmVyc2lvbjsgJHZlck5vUGF0Y2ggPSBbU3lzdGVtLlZlcnNpb25dOjpuZXcoJHZlci5NYWpvciwgJHZlci5NaW5vciwgJHZlci5CdWlsZCk7IGlmICgkdmVyTm9QYXRjaCAtZ3QgJG1heFZlcnNpb24pIHsgV3JpdGUtT3V0cHV0IFwiXlwiXCJTa2lwcGluZzogV2luZG93cyAoJHZlck5vUGF0Y2gpIGlzIGFib3ZlIG1heGltdW0gJG1heFZlcnNpb24gKCR2ZXJzaW9uTmFtZSlcIl5cIlwiOyBFeGl0IDA7IH07ICRzZXJ2aWNlTmFtZSA9ICdTZ3JtQWdlbnQnOyAkZGVmYXVsdFN0YXJ0dXBNb2RlID0gJ0Jvb3QnOyAkaWdub3JlTWlzc2luZ09uUmV2ZXJ0ID0gICRmYWxzZTsgV3JpdGUtSG9zdCBcIl5cIlwiUmV2ZXJ0aW5nIHNlcnZpY2UgYFwiXlwiXCIkc2VydmljZU5hbWVgXCJeXCJcIiBzdGFydCB0byBgXCJeXCJcIiRkZWZhdWx0U3RhcnR1cE1vZGVgXCJeXCJcIi5cIl5cIlwiOyA8IyAtLSAxLiBTa2lwIGlmIHNlcnZpY2UgZG9lcyBub3QgZXhpc3QgIz47ICRzZXJ2aWNlID0gR2V0LVNlcnZpY2UgLU5hbWUgJHNlcnZpY2VOYW1lIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlOyBpZiAoISRzZXJ2aWNlKSB7IGlmICgkaWdub3JlTWlzc2luZ09uUmV2ZXJ0KSB7IFdyaXRlLU91dHB1dCBcIl5cIlwiU2tpcHBpbmc6IFRoZSBzZXJ2aWNlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaXMgbm90IGZvdW5kLiBObyBhY3Rpb24gcmVxdWlyZWQuXCJeXCJcIjsgRXhpdCAwOyB9OyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcmV2ZXJ0IGNoYW5nZXMgdG8gdGhlIHNlcnZpY2UgYFwiXlwiXCIkc2VydmljZU5hbWVgXCJeXCJcIi4gVGhlIHNlcnZpY2UgaXMgbm90IGZvdW5kLlwiXlwiXCI7IEV4aXQgMTsgfTsgPCMgLS0gMi4gRW5hYmxlIG9yIHNraXAgaWYgYWxyZWFkeSBlbmFibGVkICM+OyAkc3RhcnR1cFR5cGUgPSAkc2VydmljZS5TdGFydFR5cGUgPCMgRG9lcyBub3Qgd29yayBiZWZvcmUgLk5FVCA0LjYuMSAjPjsgaWYgKCEkc3RhcnR1cFR5cGUpIHsgJHN0YXJ0dXBUeXBlID0gKEdldC1XbWlPYmplY3QgLVF1ZXJ5IFwiXlwiXCJTZWxlY3QgU3RhcnRNb2RlIEZyb20gV2luMzJfU2VydmljZSBXaGVyZSBOYW1lPSckc2VydmljZU5hbWUnXCJeXCJcIiAtRXJyb3JBY3Rpb24gSWdub3JlKS5TdGFydE1vZGU7IGlmICghJHN0YXJ0dXBUeXBlKSB7ICRzdGFydHVwVHlwZSA9IChHZXQtV21pT2JqZWN0IC1DbGFzcyBXaW4zMl9TZXJ2aWNlIC1Qcm9wZXJ0eSBTdGFydE1vZGUgLUZpbHRlciBcIl5cIlwiTmFtZT0nJHNlcnZpY2VOYW1lJ1wiXlwiXCIgLUVycm9yQWN0aW9uIElnbm9yZSkuU3RhcnRNb2RlOyB9OyB9OyBpZiAoJHN0YXJ0dXBUeXBlIC1lcSBcIl5cIlwiJGRlZmF1bHRTdGFydHVwTW9kZVwiXlwiXCIpIHsgV3JpdGUtSG9zdCBcIl5cIlwiYFwiXlwiXCIkc2VydmljZU5hbWVgXCJeXCJcIiBoYXMgYWxyZWFkeSBleHBlY3RlZCBzdGFydHVwIG1vZGU6IGBcIl5cIlwiJGRlZmF1bHRTdGFydHVwTW9kZWBcIl5cIlwiLiBObyBhY3Rpb24gcmVxdWlyZWQuXCJeXCJcIjsgfSBlbHNlIHsgdHJ5IHsgU2V0LVNlcnZpY2UgLU5hbWUgXCJeXCJcIiRzZXJ2aWNlTmFtZVwiXlwiXCIgLVN0YXJ0dXBUeXBlIFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlXCJeXCJcIiAtQ29uZmlybTokZmFsc2UgLUVycm9yQWN0aW9uIFN0b3A7IFdyaXRlLUhvc3QgXCJeXCJcIlJldmVydGVkIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgd2l0aCBgXCJeXCJcIiRkZWZhdWx0U3RhcnR1cE1vZGVgXCJeXCJcIiBzdGFydCwgdGhpcyBtYXkgcmVxdWlyZSByZXN0YXJ0aW5nIHlvdXIgY29tcHV0ZXIuXCJeXCJcIjsgfSBjYXRjaCB7IFdyaXRlLUVycm9yIFwiXlwiXCJGYWlsZWQgdG8gZW5hYmxlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCI6ICRfXCJeXCJcIjsgRXhpdCAxOyB9OyB9OyA8IyAtLSA0LiBTdGFydCBpZiBub3QgcnVubmluZyAobXVzdCBiZSBlbmFibGVkIGZpcnN0KSAjPjsgaWYgKCRkZWZhdWx0U3RhcnR1cE1vZGUgLWVxICdBdXRvbWF0aWMnIC1vciAkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnQm9vdCcgLW9yICRkZWZhdWx0U3RhcnR1cE1vZGUgLWVxICdTeXN0ZW0nKSB7IGlmICgkc2VydmljZS5TdGF0dXMgLW5lIFtTeXN0ZW0uU2VydmljZVByb2Nlc3MuU2VydmljZUNvbnRyb2xsZXJTdGF0dXNdOjpSdW5uaW5nKSB7IFdyaXRlLUhvc3QgXCJeXCJcImBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaXMgbm90IHJ1bm5pbmcsIHN0YXJ0aW5nIGl0LlwiXlwiXCI7IHRyeSB7IFN0YXJ0LVNlcnZpY2UgJHNlcnZpY2VOYW1lIC1FcnJvckFjdGlvbiBTdG9wOyBXcml0ZS1Ib3N0IFwiXlwiXCJTdGFydGVkIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgc3VjY2Vzc2Z1bGx5LlwiXlwiXCI7IH0gY2F0Y2ggeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gc3RhcnQgYFwiXlwiXCIkc2VydmljZU5hbWVgXCJeXCJcIiwgcmVxdWlyZXMgcmVzdGFydCwgaXQgd2lsbCBiZSBzdGFydGVkIGFmdGVyIHJlYm9vdC5gcmBuJF9cIl5cIlwiOyB9OyB9IGVsc2UgeyBXcml0ZS1Ib3N0IFwiXlwiXCJgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIGlzIGFscmVhZHkgcnVubmluZywgbm8gbmVlZCB0byBzdGFydC5cIl5cIlwiOyB9OyB9XCJcbjo6IFJlc3RvcmUgc2VydmljZShzKSB0byBkZWZhdWx0IHN0YXRlOiBgU2dybUFnZW50YFxuOjogVGhpcyBvcGVyYXRpb24gd2lsbCBub3QgcnVuIG9uIFdpbmRvd3MgdmVyc2lvbnMgZWFybGllciB0aGFuIFdpbmRvd3MxMS0yMkgyLlxuUG93ZXJTaGVsbCAtRXhlY3V0aW9uUG9saWN5IFVucmVzdHJpY3RlZCAtQ29tbWFuZCBcIiR2ZXJzaW9uTmFtZSA9ICdXaW5kb3dzMTEtMjJIMic7ICRidWlsZE51bWJlciA9IHN3aXRjaCAoJHZlcnNpb25OYW1lKSB7ICdXaW5kb3dzMTEtRmlyc3RSZWxlYXNlJyB7ICcxMC4wLjIyMDAwJyB9OyAnV2luZG93czExLTIySDInIHsgJzEwLjAuMjI2MjEnIH07ICdXaW5kb3dzMTEtMjFIMicgeyAnMTAuMC4yMjAwMCcgfTsgJ1dpbmRvd3MxMC0yMkgyJyB7ICcxMC4wLjE5MDQ1JyB9OyAnV2luZG93czEwLTIxSDInIHsgJzEwLjAuMTkwNDQnIH07ICdXaW5kb3dzMTAtMjBIMicgeyAnMTAuMC4xOTA0MicgfTsgJ1dpbmRvd3MxMC0xOTA5JyB7ICcxMC4wLjE4MzYzJyB9OyAnV2luZG93czEwLTE2MDcnIHsgJzEwLjAuMTQzOTMnIH07IGRlZmF1bHQgeyB0aHJvdyBcIl5cIlwiSW50ZXJuYWwgcHJpdmFjeSQoW2NoYXJdMHgwMDJFKXNleHkgZXJyb3I6IE5vIGJ1aWxkIGZvciBtaW5pbXVtIFdpbmRvd3MgJyR2ZXJzaW9uTmFtZSdcIl5cIlwiOyB9OyB9OyAkbWluVmVyc2lvbiA9IFtTeXN0ZW0uVmVyc2lvbl06OlBhcnNlKCRidWlsZE51bWJlcik7ICR2ZXIgPSBbRW52aXJvbm1lbnRdOjpPU1ZlcnNpb24uVmVyc2lvbjsgJHZlck5vUGF0Y2ggPSBbU3lzdGVtLlZlcnNpb25dOjpuZXcoJHZlci5NYWpvciwgJHZlci5NaW5vciwgJHZlci5CdWlsZCk7IGlmICgkdmVyTm9QYXRjaCAtbHQgJG1pblZlcnNpb24pIHsgV3JpdGUtT3V0cHV0IFwiXlwiXCJTa2lwcGluZzogV2luZG93cyAoJHZlck5vUGF0Y2gpIGlzIGJlbG93IG1pbmltdW0gJG1pblZlcnNpb24gKCR2ZXJzaW9uTmFtZSlcIl5cIlwiOyBFeGl0IDA7IH07ICRzZXJ2aWNlTmFtZSA9ICdTZ3JtQWdlbnQnOyAkZGVmYXVsdFN0YXJ0dXBNb2RlID0gJ0Rpc2FibGVkJzsgJGlnbm9yZU1pc3NpbmdPblJldmVydCA9ICAkZmFsc2U7IFdyaXRlLUhvc3QgXCJeXCJcIlJldmVydGluZyBzZXJ2aWNlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgc3RhcnQgdG8gYFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlYFwiXlwiXCIuXCJeXCJcIjsgPCMgLS0gMS4gU2tpcCBpZiBzZXJ2aWNlIGRvZXMgbm90IGV4aXN0ICM+OyAkc2VydmljZSA9IEdldC1TZXJ2aWNlIC1OYW1lICRzZXJ2aWNlTmFtZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZTsgaWYgKCEkc2VydmljZSkgeyBpZiAoJGlnbm9yZU1pc3NpbmdPblJldmVydCkgeyBXcml0ZS1PdXRwdXQgXCJeXCJcIlNraXBwaW5nOiBUaGUgc2VydmljZSBgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIGlzIG5vdCBmb3VuZC4gTm8gYWN0aW9uIHJlcXVpcmVkLlwiXlwiXCI7IEV4aXQgMDsgfTsgV3JpdGUtV2FybmluZyBcIl5cIlwiRmFpbGVkIHRvIHJldmVydCBjaGFuZ2VzIHRvIHRoZSBzZXJ2aWNlIGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIuIFRoZSBzZXJ2aWNlIGlzIG5vdCBmb3VuZC5cIl5cIlwiOyBFeGl0IDE7IH07IDwjIC0tIDIuIEVuYWJsZSBvciBza2lwIGlmIGFscmVhZHkgZW5hYmxlZCAjPjsgJHN0YXJ0dXBUeXBlID0gJHNlcnZpY2UuU3RhcnRUeXBlIDwjIERvZXMgbm90IHdvcmsgYmVmb3JlIC5ORVQgNC42LjEgIz47IGlmICghJHN0YXJ0dXBUeXBlKSB7ICRzdGFydHVwVHlwZSA9IChHZXQtV21pT2JqZWN0IC1RdWVyeSBcIl5cIlwiU2VsZWN0IFN0YXJ0TW9kZSBGcm9tIFdpbjMyX1NlcnZpY2UgV2hlcmUgTmFtZT0nJHNlcnZpY2VOYW1lJ1wiXlwiXCIgLUVycm9yQWN0aW9uIElnbm9yZSkuU3RhcnRNb2RlOyBpZiAoISRzdGFydHVwVHlwZSkgeyAkc3RhcnR1cFR5cGUgPSAoR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2VydmljZSAtUHJvcGVydHkgU3RhcnRNb2RlIC1GaWx0ZXIgXCJeXCJcIk5hbWU9JyRzZXJ2aWNlTmFtZSdcIl5cIlwiIC1FcnJvckFjdGlvbiBJZ25vcmUpLlN0YXJ0TW9kZTsgfTsgfTsgaWYgKCRzdGFydHVwVHlwZSAtZXEgXCJeXCJcIiRkZWZhdWx0U3RhcnR1cE1vZGVcIl5cIlwiKSB7IFdyaXRlLUhvc3QgXCJeXCJcImBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIgaGFzIGFscmVhZHkgZXhwZWN0ZWQgc3RhcnR1cCBtb2RlOiBgXCJeXCJcIiRkZWZhdWx0U3RhcnR1cE1vZGVgXCJeXCJcIi4gTm8gYWN0aW9uIHJlcXVpcmVkLlwiXlwiXCI7IH0gZWxzZSB7IHRyeSB7IFNldC1TZXJ2aWNlIC1OYW1lIFwiXlwiXCIkc2VydmljZU5hbWVcIl5cIlwiIC1TdGFydHVwVHlwZSBcIl5cIlwiJGRlZmF1bHRTdGFydHVwTW9kZVwiXlwiXCIgLUNvbmZpcm06JGZhbHNlIC1FcnJvckFjdGlvbiBTdG9wOyBXcml0ZS1Ib3N0IFwiXlwiXCJSZXZlcnRlZCBgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIHdpdGggYFwiXlwiXCIkZGVmYXVsdFN0YXJ0dXBNb2RlYFwiXlwiXCIgc3RhcnQsIHRoaXMgbWF5IHJlcXVpcmUgcmVzdGFydGluZyB5b3VyIGNvbXB1dGVyLlwiXlwiXCI7IH0gY2F0Y2ggeyBXcml0ZS1FcnJvciBcIl5cIlwiRmFpbGVkIHRvIGVuYWJsZSBgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiOiAkX1wiXlwiXCI7IEV4aXQgMTsgfTsgfTsgPCMgLS0gNC4gU3RhcnQgaWYgbm90IHJ1bm5pbmcgKG11c3QgYmUgZW5hYmxlZCBmaXJzdCkgIz47IGlmICgkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnQXV0b21hdGljJyAtb3IgJGRlZmF1bHRTdGFydHVwTW9kZSAtZXEgJ0Jvb3QnIC1vciAkZGVmYXVsdFN0YXJ0dXBNb2RlIC1lcSAnU3lzdGVtJykgeyBpZiAoJHNlcnZpY2UuU3RhdHVzIC1uZSBbU3lzdGVtLlNlcnZpY2VQcm9jZXNzLlNlcnZpY2VDb250cm9sbGVyU3RhdHVzXTo6UnVubmluZykgeyBXcml0ZS1Ib3N0IFwiXlwiXCJgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIGlzIG5vdCBydW5uaW5nLCBzdGFydGluZyBpdC5cIl5cIlwiOyB0cnkgeyBTdGFydC1TZXJ2aWNlICRzZXJ2aWNlTmFtZSAtRXJyb3JBY3Rpb24gU3RvcDsgV3JpdGUtSG9zdCBcIl5cIlwiU3RhcnRlZCBgXCJeXCJcIiRzZXJ2aWNlTmFtZWBcIl5cIlwiIHN1Y2Nlc3NmdWxseS5cIl5cIlwiOyB9IGNhdGNoIHsgV3JpdGUtV2FybmluZyBcIl5cIlwiRmFpbGVkIHRvIHN0YXJ0IGBcIl5cIlwiJHNlcnZpY2VOYW1lYFwiXlwiXCIsIHJlcXVpcmVzIHJlc3RhcnQsIGl0IHdpbGwgYmUgc3RhcnRlZCBhZnRlciByZWJvb3QuYHJgbiRfXCJeXCJcIjsgfTsgfSBlbHNlIHsgV3JpdGUtSG9zdCBcIl5cIlwiYFwiXlwiXCIkc2VydmljZU5hbWVgXCJeXCJcIiBpcyBhbHJlYWR5IHJ1bm5pbmcsIG5vIG5lZWQgdG8gc3RhcnQuXCJeXCJcIjsgfTsgfVwiXG46OiBSZXN0b3JlIGZpbGVzIG1hdGNoaW5nIHBhdHRlcm46IFwiJVNZU1RFTVJPT1QlXFxTeXN0ZW0zMlxcZHJpdmVyc1xcU2dybUFnZW50LnN5c1wiIHdpdGggYWRkaXRpb25hbCBwZXJtaXNzaW9ucyBcblBvd2VyU2hlbGwgLUV4ZWN1dGlvblBvbGljeSBVbnJlc3RyaWN0ZWQgLUNvbW1hbmQgXCIkcmV2ZXJ0ID0gJHRydWU7ICRwYXRoR2xvYlBhdHRlcm4gPSBcIl5cIlwiJVNZU1RFTVJPT1QlXFxTeXN0ZW0zMlxcZHJpdmVyc1xcU2dybUFnZW50LnN5cy5PTERcIl5cIlwiOyAkZXhwYW5kZWRQYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoR2xvYlBhdHRlcm4pOyBXcml0ZS1Ib3N0IFwiXlwiXCJTZWFyY2hpbmcgZm9yIGl0ZW1zIG1hdGNoaW5nIHBhdHRlcm46IGBcIl5cIlwiJCgkZXhwYW5kZWRQYXRoKWBcIl5cIlwiLlwiXlwiXCI7ICRyZW5hbWVkQ291bnQgICA9IDA7ICRza2lwcGVkQ291bnQgICA9IDA7ICRmYWlsZWRDb3VudCAgICA9IDA7IEFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiBcIl5cIlwidXNpbmcgU3lzdGVtO2ByYG51c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7YHJgbnB1YmxpYyBjbGFzcyBQcml2aWxlZ2VzIHtgcmBuICAgIFtEbGxJbXBvcnQoYFwiXlwiXCJhZHZhcGkzMi5kbGxgXCJeXCJcIiwgRXhhY3RTcGVsbGluZyA9IHRydWUsIFNldExhc3RFcnJvciA9IHRydWUpXWByYG4gICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcyhJbnRQdHIgaHRvaywgYm9vbCBkaXNhbGwsYHJgbiAgICAgICAgcmVmIFRva1ByaXYxTHVpZCBuZXdzdCwgaW50IGxlbiwgSW50UHRyIHByZXYsIEludFB0ciByZWxlbik7YHJgbiAgICBbRGxsSW1wb3J0KGBcIl5cIlwiYWR2YXBpMzIuZGxsYFwiXlwiXCIsIEV4YWN0U3BlbGxpbmcgPSB0cnVlLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV1gcmBuICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKEludFB0ciBoLCBpbnQgYWNjLCByZWYgSW50UHRyIHBodG9rKTtgcmBuICAgIFtEbGxJbXBvcnQoYFwiXlwiXCJhZHZhcGkzMi5kbGxgXCJeXCJcIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldYHJgbiAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgTG9va3VwUHJpdmlsZWdlVmFsdWUoc3RyaW5nIGhvc3QsIHN0cmluZyBuYW1lLCByZWYgbG9uZyBwbHVpZCk7YHJgbiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgUGFjayA9IDEpXWByYG4gICAgaW50ZXJuYWwgc3RydWN0IFRva1ByaXYxTHVpZCB7YHJgbiAgICAgICAgcHVibGljIGludCBDb3VudDtgcmBuICAgICAgICBwdWJsaWMgbG9uZyBMdWlkO2ByYG4gICAgICAgIHB1YmxpYyBpbnQgQXR0cjtgcmBuICAgIH1gcmBuICAgIGludGVybmFsIGNvbnN0IGludCBTRV9QUklWSUxFR0VfRU5BQkxFRCA9IDB4MDAwMDAwMDI7YHJgbiAgICBpbnRlcm5hbCBjb25zdCBpbnQgVE9LRU5fUVVFUlkgPSAweDAwMDAwMDA4O2ByYG4gICAgaW50ZXJuYWwgY29uc3QgaW50IFRPS0VOX0FESlVTVF9QUklWSUxFR0VTID0gMHgwMDAwMDAyMDtgcmBuICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBBZGRQcml2aWxlZ2Uoc3RyaW5nIHByaXZpbGVnZSkge2ByYG4gICAgICAgIHRyeSB7YHJgbiAgICAgICAgICAgIGJvb2wgcmV0VmFsO2ByYG4gICAgICAgICAgICBUb2tQcml2MUx1aWQgdHA7YHJgbiAgICAgICAgICAgIEludFB0ciBocHJvYyA9IEdldEN1cnJlbnRQcm9jZXNzKCk7YHJgbiAgICAgICAgICAgIEludFB0ciBodG9rID0gSW50UHRyLlplcm87YHJgbiAgICAgICAgICAgIHJldFZhbCA9IE9wZW5Qcm9jZXNzVG9rZW4oaHByb2MsIFRPS0VOX0FESlVTVF9QUklWSUxFR0VTIHwgVE9LRU5fUVVFUlksIHJlZiBodG9rKTtgcmBuICAgICAgICAgICAgdHAuQ291bnQgPSAxO2ByYG4gICAgICAgICAgICB0cC5MdWlkID0gMDtgcmBuICAgICAgICAgICAgdHAuQXR0ciA9IFNFX1BSSVZJTEVHRV9FTkFCTEVEO2ByYG4gICAgICAgICAgICByZXRWYWwgPSBMb29rdXBQcml2aWxlZ2VWYWx1ZShudWxsLCBwcml2aWxlZ2UsIHJlZiB0cC5MdWlkKTtgcmBuICAgICAgICAgICAgcmV0VmFsID0gQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGh0b2ssIGZhbHNlLCByZWYgdHAsIDAsIEludFB0ci5aZXJvLCBJbnRQdHIuWmVybyk7YHJgbiAgICAgICAgICAgIHJldHVybiByZXRWYWw7YHJgbiAgICAgICAgfSBjYXRjaCAoRXhjZXB0aW9uIGV4KSB7YHJgbiAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oYFwiXlwiXCJGYWlsZWQgdG8gYWRqdXN0IHRva2VuIHByaXZpbGVnZXNgXCJeXCJcIiwgZXgpO2ByYG4gICAgICAgIH1gcmBuICAgIH1gcmBuICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBSZW1vdmVQcml2aWxlZ2Uoc3RyaW5nIHByaXZpbGVnZSkge2ByYG4gICAgICAgIHRyeSB7YHJgbiAgICAgICAgICAgIGJvb2wgcmV0VmFsO2ByYG4gICAgICAgICAgICBUb2tQcml2MUx1aWQgdHA7YHJgbiAgICAgICAgICAgIEludFB0ciBocHJvYyA9IEdldEN1cnJlbnRQcm9jZXNzKCk7YHJgbiAgICAgICAgICAgIEludFB0ciBodG9rID0gSW50UHRyLlplcm87YHJgbiAgICAgICAgICAgIHJldFZhbCA9IE9wZW5Qcm9jZXNzVG9rZW4oaHByb2MsIFRPS0VOX0FESlVTVF9QUklWSUxFR0VTIHwgVE9LRU5fUVVFUlksIHJlZiBodG9rKTtgcmBuICAgICAgICAgICAgdHAuQ291bnQgPSAxO2ByYG4gICAgICAgICAgICB0cC5MdWlkID0gMDtgcmBuICAgICAgICAgICAgdHAuQXR0ciA9IDA7ICAvLyBUaGlzIGxpbmUgaXMgY2hhbmdlZCB0byByZXZva2UgdGhlIHByaXZpbGVnZWByYG4gICAgICAgICAgICByZXRWYWwgPSBMb29rdXBQcml2aWxlZ2VWYWx1ZShudWxsLCBwcml2aWxlZ2UsIHJlZiB0cC5MdWlkKTtgcmBuICAgICAgICAgICAgcmV0VmFsID0gQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGh0b2ssIGZhbHNlLCByZWYgdHAsIDAsIEludFB0ci5aZXJvLCBJbnRQdHIuWmVybyk7YHJgbiAgICAgICAgICAgIHJldHVybiByZXRWYWw7YHJgbiAgICAgICAgfSBjYXRjaCAoRXhjZXB0aW9uIGV4KSB7YHJgbiAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oYFwiXlwiXCJGYWlsZWQgdG8gYWRqdXN0IHRva2VuIHByaXZpbGVnZXNgXCJeXCJcIiwgZXgpO2ByYG4gICAgICAgIH1gcmBuICAgIH1gcmBuICAgIFtEbGxJbXBvcnQoYFwiXlwiXCJrZXJuZWwzMi5kbGxgXCJeXCJcIiwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldYHJgbiAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgR2V0Q3VycmVudFByb2Nlc3MoKTtgcmBufVwiXlwiXCI7IFtQcml2aWxlZ2VzXTo6QWRkUHJpdmlsZWdlKCdTZVJlc3RvcmVQcml2aWxlZ2UnKSB8IE91dC1OdWxsOyBbUHJpdmlsZWdlc106OkFkZFByaXZpbGVnZSgnU2VUYWtlT3duZXJzaGlwUHJpdmlsZWdlJykgfCBPdXQtTnVsbDsgJGFkbWluU2lkID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLlNlY3VyaXR5SWRlbnRpZmllciAnUy0xLTUtMzItNTQ0JzsgJGFkbWluQWNjb3VudCA9ICRhZG1pblNpZC5UcmFuc2xhdGUoW1N5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50XSk7ICRhZG1pbkZ1bGxDb250cm9sQWNjZXNzUnVsZSA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LkFjY2Vzc0NvbnRyb2wuRmlsZVN5c3RlbUFjY2Vzc1J1bGUoICRhZG1pbkFjY291bnQsIFtTeXN0ZW0uU2VjdXJpdHkuQWNjZXNzQ29udHJvbC5GaWxlU3lzdGVtUmlnaHRzXTo6RnVsbENvbnRyb2wsIFtTeXN0ZW0uU2VjdXJpdHkuQWNjZXNzQ29udHJvbC5BY2Nlc3NDb250cm9sVHlwZV06OkFsbG93ICk7ICRmb3VuZEFic29sdXRlUGF0aHMgPSBAKCk7IHRyeSB7ICRmb3VuZEFic29sdXRlUGF0aHMgKz0gQCg7IEdldC1JdGVtIC1QYXRoICRleHBhbmRlZFBhdGggLUVycm9yQWN0aW9uIFN0b3AgfCBTZWxlY3QtT2JqZWN0IC1FeHBhbmRQcm9wZXJ0eSBGdWxsTmFtZTsgKTsgfSBjYXRjaCBbU3lzdGVtLk1hbmFnZW1lbnQuQXV0b21hdGlvbi5JdGVtTm90Rm91bmRFeGNlcHRpb25dIHsgPCMgU3dhbGxvdywgZG8gbm90IHJ1biBgVGVzdC1QYXRoYCBiZWZvcmUsIGl0J3MgdW5yZWxpYWJsZSBmb3IgZ2xvYnMgcmVxdWlyaW5nIGV4dHJhIHBlcm1pc3Npb25zICM+OyB9OyAkZm91bmRBYnNvbHV0ZVBhdGhzID0gJGZvdW5kQWJzb2x1dGVQYXRocyB8IFNlbGVjdC1PYmplY3QgLVVuaXF1ZSB8IFNvcnQtT2JqZWN0IC1Qcm9wZXJ0eSB7ICRfLkxlbmd0aCB9IC1EZXNjZW5kaW5nOyBpZiAoISRmb3VuZEFic29sdXRlUGF0aHMpIHsgV3JpdGUtSG9zdCAnU2tpcHBpbmcsIG5vIGl0ZW1zIGF2YWlsYWJsZS4nOyBleGl0IDA7IH07IFdyaXRlLUhvc3QgXCJeXCJcIkluaXRpYXRpbmcgcHJvY2Vzc2luZyBvZiAkKCRmb3VuZEFic29sdXRlUGF0aHMuQ291bnQpIGl0ZW1zIGZyb20gYFwiXlwiXCIkZXhwYW5kZWRQYXRoYFwiXlwiXCIuXCJeXCJcIjsgZm9yZWFjaCAoJHBhdGggaW4gJGZvdW5kQWJzb2x1dGVQYXRocykgeyBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcgZm9sZGVyIChub3QgaXRzIGNvbnRlbnRzKTogYFwiXlwiXCIkcGF0aGBcIl5cIlwiLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgY29udGludWU7IH07IGlmKCRyZXZlcnQgLWVxICR0cnVlKSB7IGlmICgtbm90ICRwYXRoLkVuZHNXaXRoKCcuT0xEJykpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcgbm9uLWJhY2t1cCBmaWxlOiBgXCJeXCJcIiRwYXRoYFwiXlwiXCIuXCJeXCJcIjsgJHNraXBwZWRDb3VudCsrOyBjb250aW51ZTsgfTsgfSBlbHNlIHsgaWYgKCRwYXRoLkVuZHNXaXRoKCcuT0xEJykpIHsgV3JpdGUtSG9zdCBcIl5cIlwiU2tpcHBpbmcgYmFja3VwIGZpbGU6IGBcIl5cIlwiJHBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkc2tpcHBlZENvdW50Kys7IGNvbnRpbnVlOyB9OyB9OyAkb3JpZ2luYWxGaWxlUGF0aCA9ICRwYXRoOyBXcml0ZS1Ib3N0IFwiXlwiXCJQcm9jZXNzaW5nIGZpbGU6IGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIi5cIl5cIlwiOyBpZiAoLU5vdCAoVGVzdC1QYXRoICRvcmlnaW5hbEZpbGVQYXRoKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTa2lwcGluZywgZmlsZSBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIgbm90IGZvdW5kLlwiXlwiXCI7ICRza2lwcGVkQ291bnQrKzsgZXhpdCAwOyB9OyAkb3JpZ2luYWxBY2wgPSBHZXQtQWNsIC1QYXRoIFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aFwiXlwiXCI7ICRhY2Nlc3NHcmFudGVkID0gJGZhbHNlOyB0cnkgeyAkYWNsID0gR2V0LUFjbCAtUGF0aCBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhcIl5cIlwiOyAkYWNsLlNldE93bmVyKCRhZG1pbkFjY291bnQpIDwjIFRha2UgT3duZXJzaGlwIChiZWNhdXNlIGZpbGUgaXMgb3duZWQgYnkgVHJ1c3RlZEluc3RhbGxlcikgIz47ICRhY2wuQWRkQWNjZXNzUnVsZSgkYWRtaW5GdWxsQ29udHJvbEFjY2Vzc1J1bGUpIDwjIEdyYW50IHJpZ2h0cyB0byBiZSBhYmxlIHRvIG1vdmUgdGhlIGZpbGUgIz47IFNldC1BY2wgLVBhdGggJG9yaWdpbmFsRmlsZVBhdGggLUFjbE9iamVjdCAkYWNsIC1FcnJvckFjdGlvbiBTdG9wOyAkYWNjZXNzR3JhbnRlZCA9ICR0cnVlOyB9IGNhdGNoIHsgV3JpdGUtV2FybmluZyBcIl5cIlwiRmFpbGVkIHRvIGdyYW50IGFjY2VzcyB0byBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCI6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpXCJeXCJcIjsgfTsgaWYgKCRyZXZlcnQgLWVxICR0cnVlKSB7ICRuZXdGaWxlUGF0aCA9ICRvcmlnaW5hbEZpbGVQYXRoLlN1YnN0cmluZygwLCAkb3JpZ2luYWxGaWxlUGF0aC5MZW5ndGggLSA0KTsgfSBlbHNlIHsgJG5ld0ZpbGVQYXRoID0gXCJeXCJcIiQoJG9yaWdpbmFsRmlsZVBhdGgpLk9MRFwiXlwiXCI7IH07IHRyeSB7IE1vdmUtSXRlbSAtTGl0ZXJhbFBhdGggXCJeXCJcIiQoJG9yaWdpbmFsRmlsZVBhdGgpXCJeXCJcIiAtRGVzdGluYXRpb24gXCJeXCJcIiRuZXdGaWxlUGF0aFwiXlwiXCIgLUZvcmNlIC1FcnJvckFjdGlvbiBTdG9wOyBXcml0ZS1Ib3N0IFwiXlwiXCJTdWNjZXNzZnVsbHkgcHJvY2Vzc2VkIGBcIl5cIlwiJG9yaWdpbmFsRmlsZVBhdGhgXCJeXCJcIi5cIl5cIlwiOyAkcmVuYW1lZENvdW50Kys7IGlmICgkYWNjZXNzR3JhbnRlZCkgeyB0cnkgeyBTZXQtQWNsIC1QYXRoICRuZXdGaWxlUGF0aCAtQWNsT2JqZWN0ICRvcmlnaW5hbEFjbCAtRXJyb3JBY3Rpb24gU3RvcDsgfSBjYXRjaCB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byByZXN0b3JlIGFjY2VzcyBvbiBgXCJeXCJcIiRuZXdGaWxlUGF0aGBcIl5cIlwiOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH07IH07IH0gY2F0Y2ggeyBXcml0ZS1FcnJvciBcIl5cIlwiRmFpbGVkIHRvIHJlbmFtZSBgXCJeXCJcIiRvcmlnaW5hbEZpbGVQYXRoYFwiXlwiXCIgdG8gYFwiXlwiXCIkbmV3RmlsZVBhdGhgXCJeXCJcIjogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSlcIl5cIlwiOyAkZmFpbGVkQ291bnQrKzsgaWYgKCRhY2Nlc3NHcmFudGVkKSB7IHRyeSB7IFNldC1BY2wgLVBhdGggJG9yaWdpbmFsRmlsZVBhdGggLUFjbE9iamVjdCAkb3JpZ2luYWxBY2wgLUVycm9yQWN0aW9uIFN0b3A7IH0gY2F0Y2ggeyBXcml0ZS1XYXJuaW5nIFwiXlwiXCJGYWlsZWQgdG8gcmVzdG9yZSBhY2Nlc3Mgb24gYFwiXlwiXCIkb3JpZ2luYWxGaWxlUGF0aGBcIl5cIlwiOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKVwiXlwiXCI7IH07IH07IH07IH07IGlmICgoJHJlbmFtZWRDb3VudCAtZ3QgMCkgLW9yICgkc2tpcHBlZENvdW50IC1ndCAwKSkgeyBXcml0ZS1Ib3N0IFwiXlwiXCJTdWNjZXNzZnVsbHkgcHJvY2Vzc2VkICRyZW5hbWVkQ291bnQgaXRlbXMgYW5kIHNraXBwZWQgJHNraXBwZWRDb3VudCBpdGVtcy5cIl5cIlwiOyB9OyBpZiAoJGZhaWxlZENvdW50IC1ndCAwKSB7IFdyaXRlLVdhcm5pbmcgXCJeXCJcIkZhaWxlZCB0byBwcm9jZXNzICQoJGZhaWxlZENvdW50KSBpdGVtcy5cIl5cIlwiOyB9OyBbUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgnU2VSZXN0b3JlUHJpdmlsZWdlJykgfCBPdXQtTnVsbDsgW1ByaXZpbGVnZXNdOjpSZW1vdmVQcml2aWxlZ2UoJ1NlVGFrZU93bmVyc2hpcFByaXZpbGVnZScpIHwgT3V0LU51bGxcIiI=

Help

How to apply or restore "Disable System Guard kernel monitoring" using commands

• ≈ 2 min to complete
• Tools: Command Prompt
• Difficulty: Medium
• ≈ 3 instructions

View step-by-step guide with screenshots

---

1. 1

   Open Command Prompt

   Open Command Prompt as Administrator.
2. 2

   Copy code

   Copy the code:

   Copy Apply Code Copy Revert Code
3. 3

   Paste & run

   Paste the commands into Command Prompt and press Enter to run.

   Some changes require a system restart to take effect

Similar Guides

Wider Goal

Guides below includes this guide to achieve a wider goal.

See other more general settings that includes this one as one of its actions.

These plans combine multiple privacy settings, including this one, for stronger protection.

Disable Defender System Guard

This category disables Defender System Guard, a security feature in Windows. This feature is referred to as Windows Defender System Guard, System Guard, and intern...

Visit category page

Disable system modification restrictions

This category disables features that restrict system modifications in Windows. This enables deeper system modifications, enhancing privacy by allowing the removal ...

Visit category page

Disable Defender

This category offers scripts to disable Windows security components related to Defender. Defender is also referred to as Microsoft Defender or Windows Defender. Al...

Visit category page

Privacy over security

Steps to privacy over security on your Windows machine to enhance data privacy protection. Together with that, this feature walks through the procedure to undo the...

Visit category page

Same Goal

Other guides in Disable Defender System Guard 

See settings that are in the same category as this guide.

Using other actions in the same category may help you achieve your goal better.

Disable System Guard startup verification

Disable System Guard sandbox monitoring

Disable System Guard communication hub

Disable System Guard rule definitions

Disable System Guard rule scanner

---

About the Creators

These people have authored this documentation and written its scripts:

• 

  undergroundwires

  • Certified security professional
  • 7+ years experience securing banks
  • Open-source developer since 2005
  • EU advisor, Public Speaker, Moderator
• Open-Source Contributors

  • Hundreds across the globe
  • Testers, reviewers, developers
  • Companies, military agencies
  • Community since 2017

About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

• Expert review by undergroundwires

  • Verified technical accuracy and editorial standards
  • Assessed system impact and user privacy risks

• Public review by large community

  • Privacy enthusiasts and professionals peer-reviewed
  • Millions of end-users tested across different environments

History

We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process