windows 10 1903 defender real time protection turn off command line
파워셀을 이용한 커맨드 라인 명령


//=======
* 기본 조건
- '변조 보호'가 꺼져야 명령어로 설정 변경이 가능하다
 변조 보호가 켜져있으면 , DisableAntiSpyware 그룹 정책 키도 무효화 된다

윈도우 설정 -> 업데이트 및 보안 -> Windows 보안 -> 바이러스 위협 방지
-> 바이러스 및 위협 방지 설정 : 설정 관리 -> 변조 보호 : 끄기

- 이 메뉴에서 실기간 보호도 끌수 있다.


//======================
* 명령어로 끄기

- 관리자 권한으로 PowerShell 실행 (Windows key + X + A)
    
- 디펜더 실시간 감시 끄기(OFF)
    Set-MpPreference -DisableRealtimeMonitoring $true

- 디펜더 실시간 감시 켜기(ON)
    Set-MpPreference -DisableRealtimeMonitoring $false

- 설정 토글
$preferences = Get-MpPreference
Set-MpPreference -DisableRealtimeMonitoring (!$preferences.DisableRealtimeMonitoring)


//================
* cmd.exe 명령으로 실행
PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Unrestricted -Command ""Set-MpPreference -DisableRealtimeMonitoring 1""' -Verb RunAs}";



//=================================
* 관리자 권한으로 *.ps1 스크립트 파일 실행 방법

* ps1 스크립트 실행
powershell.exe -ExecutionPolicy Bypass -File "D:\def_off.ps1"


* *.bat 배치파일 이용
PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Unrestricted -File ""d:\def_off.ps1""' -Verb RunAs}";



* 단축 아이콘 이용
단축 아이콘 생성
생성된 단축 아이콘 우클릭 -> 속성 -> 대상
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "D:\def_off.ps1"

고급 : 관리자 권한으로 실행 : 체크



//============================
* *.ps1 스크립트 파일 powershell 로 연결

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Microsoft.PowerShellScript.1\Shell\Open\Command]
@="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe \"%1\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" ""& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -File \"%1\"' -Verb RunAs}"


//======================
// 참고
https://www.winhelponline.com/blog/enable-or-disable-defender-shortcut-command-line/

//Set-MpPreference 옵션
https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps


https://www.top-password.com/blog/add-run-with-powershell-admin-context-menu-for-ps1-files/


//==============================================
// ps1 파일에 관리자로 실행 컨텍스트 메뉴(마우스 우클릭) 추가 => 실패
ps1 powershell script file context menu run as administrator
https://winaero.com/blog/run-as-administrator-context-menu-for-power-shell-ps1-files/  - 안됨
powershell.exe "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1'"


https://www.top-password.com/blog/add-run-with-powershell-admin-context-menu-for-ps1-files/ - 안됨
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" ""& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -File \"%1\"' -Verb RunAs}"


https://www.thewindowsclub.com/add-run-administrator-ps1-file-context-menu - 안됨


반응형
Posted by codens