The Windows Defender Service runs under the SYSTEM account. We prohibit her access to the directory with the defender files (C:\ProgramData\Microsoft\Windows Defender) and at boot the system will not be able to start it.
Disable defender
|
1 2 3 4 |
@echo off takeown /f "C:\ProgramData\Microsoft\Windows Defender" /a icacls "C:\ProgramData\Microsoft\Windows Defender" /deny *S-1-5-18:F pause |
Enable the defender
|
1 2 3 4 |
@echo off takeown /f "C:\ProgramData\Microsoft\Windows Defender" /a icacls "C:\ProgramData\Microsoft\Windows Defender" /grant *S-1-5-18:F pause |
After applying the script, the computer must be restarted.
