{"id":13546748,"url":"https://github.com/ionuttbara/windows-defender-remover","last_synced_at":"2025-05-13T19:03:22.278Z","repository":{"id":38416291,"uuid":"395791156","full_name":"ionuttbara/windows-defender-remover","owner":"ionuttbara","description":"A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.","archived":false,"fork":false,"pushed_at":"2025-02-13T20:21:07.000Z","size":5302,"stargazers_count":5294,"open_issues_count":31,"forks_count":359,"subscribers_count":59,"default_branch":"main","last_synced_at":"2025-04-28T00:42:40.103Z","etag":null,"topics":["defender","defender-disabler","defender-remover","security","tweaking","windows","windows-defender"],"latest_commit_sha":null,"homepage":"","language":"Batchfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ionuttbara.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":"https://paypal.me/johnbarapay?country.x=RO\u0026locale.x=en_US"}},"created_at":"2021-08-13T20:44:46.000Z","updated_at":"2025-04-28T00:30:37.000Z","dependencies_parsed_at":"2023-11-16T07:27:34.426Z","dependency_job_id":"a9cc1407-8e5a-4b03-90fd-5e42f754c915","html_url":"https://github.com/ionuttbara/windows-defender-remover","commit_stats":null,"previous_names":["ionuttbara/windows-defender-remover"],"tags_count":59,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ionuttbara%2Fwindows-defender-remover","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ionuttbara%2Fwindows-defender-remover/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ionuttbara%2Fwindows-defender-remover/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ionuttbara%2Fwindows-defender-remover/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ionuttbara","download_url":"https://codeload.github.com/ionuttbara/windows-defender-remover/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254010793,"owners_count":21998993,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["defender","defender-disabler","defender-remover","security","tweaking","windows","windows-defender"],"created_at":"2024-08-01T12:00:44.221Z","updated_at":"2025-05-13T19:03:22.257Z","avatar_url":"https://github.com/ionuttbara.png","language":"Batchfile","funding_links":["https://paypal.me/johnbarapay?country.x=RO\u0026locale.x=en_US"],"categories":["Batchfile","PowerShell","security"],"sub_categories":[],"readme":"# ❌️ Defender Remover / Defender Disabler\n\n\u003ca href=\"https://github.com/ionuttbara/windows-defender-remover\"\u003e\n    \u003cpicture\u003e\n        \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://github.com/drunkwinter/windows-defender-remover/assets/38593134/8072a566-5bf0-4f05-9994-808145406bdc\"\u003e\n        \u003cimg alt=\"Defender Remover\" src=\"https://user-images.githubusercontent.com/79479952/239704528-c017473e-1d2a-4d4a-a215-bf71d137b86a.png\"\u003e\n    \u003c/picture\u003e\n\u003c/a\u003e\n\n## ❓️ What does the app do?\n\nThis application removes / disables Windows Defender, including the Windows Security App, Windows Virtualization-Based Security (VBS), Windows SmartScreen, Windows Security Services, Windows Web-Threat Service, Windows File Virtualization (UAC), Microsoft Defender App Guard, Microsoft Driver Block List, System Mitigations and the Windows Defender page in the Settings App on Windows 10 or later.\n\n\n## ❓️ What components are removing?\n\n### Removing Security Components\n    This script removes/disables following security components:\n        - support for Windows Security Center including Windows Security Center Service (wscsvc), Windows Security Service (SgrmBroker, Sgrm Drivers) which are needed to run Windows Security App.\n        - virtualization support.\n            - Hypervisor startup (this fixes disablation of Virtualization Based Security, this will auto enable if you use Hyper-V and/or WSL (Windows Subsystem for Linux), WSA (Windows Subsystem for Android))\n            - LUA (disables File Virtualization and User Account Control, which will run all apps as administrator priviliges (also fixes old app errors))\n            - Exploit Guard (something about Exploits)\n            - Windows Smart Control\n            - Tamper Protection (for Windows 11 21H2 or earlier)\n        - SecHealthUI (Windows Security UWP App)\n        - SmartScreen\n        - Pluton Support and Pluton Services Support\n        - System Mitigations\n          - \"Services Mitigations\" (search on admx.help for more informations, its policy)\n          - Spectre and Meltdown Mitigation (for get +30% performance on old Intel CPUs)\n        - Windows Security Section from Settings App.\n\n### Removing Antivirus Components\n    This script forcily removes following antivirus components:\n      - Windows Defender Definition Update List (this will disable updating definitions of Defender because its removed)\n      - Windows Defender SpyNet Telemetry\n      - Antivirus Service\n      - Windows Defender Antivirus filter and windows defender rootkit scanner drivers\n      - Antivirus Scanning Tasks\n      - Shell Associations (Context Menu)\n      - Hides Antivirus Protection section from Windows Security App.\n\n## 📃 Instructions\n\n\u003e [!NOTE]\n\u003e A system restore point is recommended before you run the script. (if you don't know what are you doing)\n\n1. Download the packed script from [Releases](https://github.com/ionuttbara/windows-defender-remover/releases)\n2. Run the \".exe\" as administrator\n3. Follow the instructions displayed\n\nOR\n\nyou can use git\n\n```\ngit clone https://github.com/ionuttbara/windows-defender-remover.git\ncd windows-defender-remover\nScript_Run.bat\n```\n\n\nOR\n\nyou can use download entire source code\n1. Download the source code from [Releases](https://github.com/jbara2002/windows-defender-remover/releases).\n2. Choose the file **Source Code(.zip)** from last version and download it.\n3. Unarchive the file into a folder and run the Script_Run.bat.\n\n![cli](https://github.com/drunkwinter/windows-defender-remover/assets/38593134/46007191-0a65-43c2-b451-a993ff90e00e)\n\nYou can file an [issue](https://github.com/ionuttbara/windows-defender-remover/issues) if you experience any problems.\n\n## 📃 Automation of the script\n\nYou can remove Defender with arguments.\n\n#### Removing\n\n```PowerShell\n# Removal\nDefender.Remover.exe /r \u003c# or /R #\u003e\n```\n\n\n## Disable or Remove Windows Defender *Application Guard Policies* (advanced)\n\nIf you have any problems when opening an app (*extremely rare*) and get the message \"The app can not run because Device Guard\" or \"Windows Defender Application Guard Blocked this app\", you have to remove 4 files with the same name, from different locations.\n\n\n- In EFI Partition\n\n```PowerShell\nRemove-Item -LiteralPath \"$((Get-Partition | ? IsSystem).AccessPaths[0])Microsoft\\Boot\\WiSiPolicy.p7b\"\n```\n\n- In Code Integrity Folder\n\n```PowerShell\nRemove-Item -LiteralPath \"$env:windir\\System32\\CodeIntegrity\\WiSiPolicy.p7b\"\n```\n\n- In Windows Folder\n\n```PowerShell\nRemove-Item -LiteralPath \"$env:windir\\Boot\\EFI\\wisipolicy.p7b\"\n```\n\n- In WinSxS Folder\n\n```PowerShell\nRemove-Item -Path \"$env:windir\\WinSxS\" -Include *winsipolicy.p7b* -Recurse\n```\n\n## Creating an ISO with Windows Defender and Services disabled\n\nYou can create an ISO with Windoows Defender and Security Services Disabled. It's easy, so this is a fiie which it can helps you.\nHere are the rules:\n1. Mount the ISO and extract it into location.\n2. Open the **sources** folder and create the **$OEM$** folder. (this is needed to run the DefenderRemover part in OOBE).\n3. Open the **$OEM$** folder and create the folder with **$$** name.\n4. Open the **$$** folder and create the folder with **Panther** name.\n5. Open the **Panther** folder.\n   The path it shown like to\n    **%location of extracted ISO%\\sources\\$OEM$\\$$\\Panther\\**\n6. Download the unnatended.xml file from repo in ISO_Maker folder and put it in Panther folder.\n7. Save this as bootable ISO. (for now the script can't do this automaticly, but it will do in next version).\n    \n\n## ❓ Frequently Asked Questions\n#### ⭕ How to remove Windows Security Center / Windows SecurityApp from PC without downloading Script?\nPaste this code into a powershell file and after **Run as Administrator**.\n```\n$remove_appx = @(\"SecHealthUI\"); $provisioned = get-appxprovisionedpackage -online; $appxpackage = get-appxpackage -allusers; $eol = @()\n$store = 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Appx\\AppxAllUserStore'\n$users = @('S-1-5-18'); if (test-path $store) {$users += $((dir $store -ea 0 |where {$_ -like '*S-1-5-21*'}).PSChildName)}\nforeach ($choice in $remove_appx) { if ('' -eq $choice.Trim()) {continue}\n  foreach ($appx in $($provisioned |where {$_.PackageName -like \"*$choice*\"})) {\n    $next = !1; foreach ($no in $skip) {if ($appx.PackageName -like \"*$no*\") {$next = !0}} ; if ($next) {continue}\n    $PackageName = $appx.PackageName; $PackageFamilyName = ($appxpackage |where {$_.Name -eq $appx.DisplayName}).PackageFamilyName \n    ni \"$store\\Deprovisioned\\$PackageFamilyName\" -force \u003e''; $PackageFamilyName  \n    foreach ($sid in $users) {ni \"$store\\EndOfLife\\$sid\\$PackageName\" -force \u003e''} ; $eol += $PackageName\n    dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 \u003e''\n    remove-appxprovisionedpackage -packagename $PackageName -online -allusers \u003e''\n  }\n  foreach ($appx in $($appxpackage |where {$_.PackageFullName -like \"*$choice*\"})) {\n    $next = !1; foreach ($no in $skip) {if ($appx.PackageFullName -like \"*$no*\") {$next = !0}} ; if ($next) {continue}\n    $PackageFullName = $appx.PackageFullName; \n    ni \"$store\\Deprovisioned\\$appx.PackageFamilyName\" -force \u003e''; $PackageFullName\n    foreach ($sid in $users) {ni \"$store\\EndOfLife\\$sid\\$PackageFullName\" -force \u003e''} ; $eol += $PackageFullName\n    dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 \u003e''\n    remove-appxpackage -package $PackageFullName -allusers \u003e''\n  }\n}\n```\n\n#### ⭕ Why is the downloaded executable being flagged as a virus?\n\nThat is a false positive.\n\nSome security apps flag this app as a virus because of the way the \".exe\" files are created. Download with **git** or source code .zip will indicate virus-free.\nStarting with Defender 12.6.x , some versions are considered as virus, some are not (its a bug from me, so do not file for this).\n\n#### ⭕ Why is the patch not working when Windows is updated?\n\nWindows Update includes a ```Intelligence Update``` which blocks certain actions and modifies Windows Defender/Security policies.\nIf the script is not working for you, check if you have the Windows Security Intelligence Update installed. If you do, disable tamper protection, and re-run the script.\n\n#### ⭕ How to use the package remover without downloading the executable from the release?\n\nRun the desired \".bat\" file from cmd with PowerRun (by dragging to the executable). You must reboot for the changes to take effect.\n\n#### ⭕ How to disable VBS if the removal script does not work\n\nDisable with this command and reboot.\n\n```\nbcdedit /set hypervisorlaunchtype off\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fionuttbara%2Fwindows-defender-remover","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fionuttbara%2Fwindows-defender-remover","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fionuttbara%2Fwindows-defender-remover/lists"}