关闭所有的安全缓解措施-卡顿元凶
Windows Registry Editor Version 5.00
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableDevDriveProtection.reg
"DisableAsyncScanOnOpen"=dword:00000001
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableLSAProtection.reg
"RunAsPPL"=dword:00000000
"restrictanonymous"=dword:00000001
"everyoneincludesanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"SCENoApplyLegacyAuditPolicy"=dword:00000000
"LsaConfigFlags"=dword:00000000
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000
"LmCompatibilityLevel"=-
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMaintenanceTaskreportinginSecurityHealthUI.reg
; disables reporting of things from Maintenance Task in Windows Security App
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health]
"Disabled"=dword:00000001
"Registered"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMicrosoftVulnerabileDriverBlocklist.reg
"VulnerableDriverBlocklistEnable"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSmartScreen.reg
; Disable SmartScreen for Microsoft Edge
"EnabledV9"=dword:00000000
"PreventOverride"=dword:00000000
"SmartScreenEnabled"=dword:00000000
@=dword:00000000
; Disable SmartScreen in File Explorer and Windows Shell
"SmartScreenEnabled"="off"
"EnableSmartScreen"=dword:00000000
"ShellSmartScreenLevel"=-
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
; Disable SmartScreen for Microsoft Store Apps
"EnableWebContentEvaluation"=dword:00000000
"PreventOverride"=dword:00000000
; Configure App Install Control
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"="Anywhere"
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSpyNetTelemetry.reg
"DisableBlockAtFirstSeen"=dword:00000001
"LocalSettingOverrideSpynetReporting"=dword:00000000
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002
"SpyNetReporting"=dword:00000000
"LocalSettingOverrideSpyNetReporting"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSystemMitigations.reg
"UserPreference"=dword:00000002
; In-kernel Mitigations
"MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00
"MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00
"KernelSEHOPEnabled"=dword:00000000
; Disable Spectre & Meltdown Mitigations
"FeatureSettings"=dword:00000001
"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003
; Services Mitigations
"EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableTamperProtection.reg
; Remove Defender's Tamper Protection
"MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00
"TamperProtectionSource"=dword:00000000
"MpCapability"=hex:00,00,00,00,00,00,00,00
"TamperProtection"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableUAC.reg
; Disable UAC
"EnableLUA"=dword:00000000
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000000
"FilterAdministratorToken"=dword:00000001
"LocalAccountTokenFilterPolicy"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000001
"EnableSecureUIAPaths"=dword:00000000
"DelayedDesktopSwitchTimemout"=dword:00000000
"PromptOnSecureDesktop"=dword:00000000
; Fix mouse cursor dissapeiring
"EnableCursorSuppression"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableVBS.reg
; Reset values for Virtualization Settings
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology]
; Disable Virtualization Based Security
"EnableVirtualizationBasedSecurity"=dword:00000000
"HypervisorEnforcedCodeIntegrity"=dword:00000000
"HVCIMATRequired"=dword:00000000
"LsaCfgFlags"=dword:00000000
"ConfigureSystemGuardLaunch"=dword:00000002
"RequirePlatformSecurityFeature"=dword:00000000
"CachedDrtmAuthIndex"=dword:00000000
"RequireMicrosoftSignedBootChain"=dword:00000001
"Locked"=dword:00000000
"RequirePlatformSecurityFeatures"=dword:00000000
"Enabled"=dword:00000000
"Locked"=dword:00000000
"WasEnabledBy"=-
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
"DeployConfigCIPolicy"=dword:00000000
"Enabled"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\ExploitGuard_d.reg
"EnableControlledFolderAccess"=dword:00000000
"EnableNetworkProtection"=-
"ExploitGuard_ASR_Rules"=dword:00000000
"EnableNetworkProtection"=-
"HeartbeatTrackingIndex"=dword:00000000
"SpyNetReportingLocation"="0"
"EnableASRConsumers"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\MitigationofFaultTorelantHeap.reg
"Enabled"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemovalofAnti-PhishingServices.reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]
"WebThreatDefense"=-
; From Disabler
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense]
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS]
"NotifyPasswordReuse"=dword:00000000
"NotifyMalicious"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
"value"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]
"WebThreatDefense"=-
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\Remove and Disable Microsoft Pluton.reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp]
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveSecurityandMaintenance.reg
[-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveWindowsDefenderFirewallRules.reg
"WebThreatDefSvc_Allow_In"=-
"WebThreatDefSvc_Allow_Out"=-
"WebThreatDefSvc_Block_In"=-
"WebThreatDefSvc_Block_Out"=-
"{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=-
"72e33e44-dc4c-40c5-a688-a77b6e988c69"=-
"b23879b5-1ef3-45b7-8933-554a4303d2f3"=-
来个勇士测试一下 同意,有没有人测试一下 试过了,用了半个小时了,貌似确实有效 谢谢分享,辛苦了 谢谢分享 谢谢 可惜没有币扣了 老电脑提速效果明显,但近几年的配置不建议用,这些安全设置对运行速度影响不大。 VM中测试下 有机会试一试效果,谢谢分享。 感谢楼主的热心分享! 同意,有没有人测试一下
本帖最后由 大脸狼 于 2025-3-14 21:32 编辑
我来试试喽、、、、、
系统:Windows 11 IoTEnterpriseS 24H2 26100.3037
基本硬件信息:
CPU:AMD A10-9620P RADEON R5, 10 COMPUTE CORES 4C+6G
内存:物理内存条数量:2
内存条1容量:8G 制造商:Hynix
内存条2容量:4G 制造商:Samsung
合计内存条容量:12G
显卡:显卡数量:3
显卡1:OrayIddDriver Device
驱动版本:17.1.58.818
显卡2:AMD Radeon (TM) 535DX
驱动版本:23.20.808.1536
显卡3:AMD Radeon R5 Graphics
驱动版本:23.20.808.1536
DPI:120 分辨率:1920 X 1080 缩放比例:1.25
硬盘:硬盘数量:1
硬盘1:SanDisk SD8SN8U-256G-1006 容量:238G
硬盘总容量:238G
只是设置为默认关闭,用不用看的是程序。古董程序或许有用。 感谢楼主的热心分享! 出错,无法导入注册表 楼主辛苦了,谢谢 感谢分享精品 不敢用,怕系统瘫痪了
1. 禁用WindowsDefender相关功能
DisableDevDriveProtection.reg
[*]关闭实时保护中的异步扫描功能(DisableAsyncScanOnOpen=1)
[*]影响:降低文件访问时的实时扫描效率
DisableTamperProtection.reg
[*]禁用篡改保护(TamperProtection=0)
[*]清除Defender平台能力标志(MpCapability=0)
[*]影响:允许修改Defender核心设置
DisableSpyNetTelemetry.reg
[*]关闭威胁情报共享(SpynetReporting=0)
[*]禁止自动提交样本(SubmitSamplesConsent=2)
[*]影响:削弱威胁情报更新能力
2. 系统安全机制降级
DisableLSAProtection.reg
[*]禁用LSA保护模式(RunAsPPL=0)
[*]限制匿名访问SAM(restrictanonymoussam=1)
[*]影响:增加凭证窃取风险
DisableVBS.reg
[*]完全关闭基于虚拟化的安全(EnableVirtualizationBasedSecurity=0)
[*]禁用Hypervisor强制代码完整性
[*]关闭Credential Guard
[*]影响:削弱内存隔离保护
DisableSystemMitigations.reg
[*]禁用内核缓解措施(MitigationOptions/MitigationAuditOptions)
[*]关闭Spectre/Meltdown防护(FeatureSettings=1)
[*]影响:增加漏洞利用成功率
3. 用户账户控制(UAC)
DisableUAC.reg
[*]完全禁用UAC(EnableLUA=0)
[*]关闭安全桌面提示(PromptOnSecureDesktop=0)
[*]影响:所有操作默认以管理员权限运行
4. 智能防护功能
DisableSmartScreen.reg
[*]禁用Edge/文件资源管理器的SmartScreen
[*]关闭应用安装控制(ConfigureAppInstallControl="Anywhere")
[*]影响:失去恶意URL/文件下载防护
RemovalofAnti-PhishingServices.reg
[*]移除Web威胁防御服务相关注册表项
[*]影响:禁用反钓鱼保护
5. 攻击面减少规则(ASR)
ExploitGuard_d.reg
[*]关闭受控文件夹访问(EnableControlledFolderAccess=0)
[*]禁用网络保护(EnableNetworkProtection=0)
[*]停用攻击面减少规则(ExploitGuard_ASR_Rules=0)
[*]影响:失去勒索软件防护
6. 其他安全调整
DisableMicrosoftVulnerabileDriverBlocklist.reg
[*]禁用漏洞驱动程序阻止列表(VulnerableDriverBlocklistEnable=0)
[*]影响:允许加载已知不安全驱动
MitigationofFaultTorelantHeap.reg
[*]关闭容错堆(FTH)(Enabled=0)
[*]影响:可能降低应用稳定性
DisableMaintenanceTaskreportinginSecurityHealthUI.reg
[*]隐藏安全中心维护任务报告(Disabled=1)
[*]影响:无法查看安全健康状态
关键安全影响总结
[*]防御能力瓦解:Windows Defender核心功能被瘫痪
[*]提权风险激增:UAC关闭+LSASS保护禁用
[*]漏洞利用门槛降低:系统缓解措施全面回退
[*]数据泄露风险:智能屏幕/反钓鱼保护失效
[*]持久化攻击可能:允许加载恶意驱动