设为首页收藏本站
开启辅助访问 切换到宽版

无忧启动论坛

 找回密码
 注册
搜索
无忧启动论坛»论坛 ::启动制作:: 综合讨论区 一个 安全中心的 右键菜单(能实时开启和关闭 Win defen ...
系统gho:最纯净好用系统下载站投放广告、加入VIP会员,请联系 微信:wuyouceo
返回列表 发新帖
查看: 449|回复: 29
打印 上一主题 下一主题

[分享] 一个 安全中心的 右键菜单(能实时开启和关闭 Win defender实时防护和防篡改)

[复制链接]
跳转到指定楼层
1#
发表于 昨天 16:34 | 只看该作者 |只看大图 回帖奖励 |倒序浏览 |阅读模式
加入VIP会员,获无忧币,赠积分,送勋章,下载无限制,获论坛最高级会员权限 !
本帖最后由 qq8899399 于 2025-12-13 21:20 编辑

MDL 论坛 翻到的 一个小软件  原作者项目地址是https://github.com/wesmar/WinDefCtl
核心能力
实时保护控制- 启用/禁用/检查 RTP 状态
防篡改保护控制- 启用/禁用/检查防篡改保护状态
隐蔽执行- 使用 DWM 隐形技术的隐形窗口管理
自动UAC处理- 临时抑制UAC并自动恢复
冷启动检测- 登录后首次运行时的智能预热
可靠的操作确认- 用于 UI 更改的结构密度检测

技术实施
UI自动化API - 无需操作注册表或服务
多层窗口隐藏- 不透明度控制、DWM 隐身、屏幕外定位
智能超时机制- 延长慢速硬件的等待时间(10 秒)
会话感知预热- 用于优化性能的易失性注册表标记
原子操作- 完全成功或自动回滚
UAC恢复系统- 崩溃或中断时自动恢复



对作者PS1 脚本做了修改,支持   
WinDefCtl.ps1 all on 一键启用
WinDefCtl.ps1 all off 一键关闭

使用方法WinDefCtl.ps1和 右键整合的批处理放同一目录 然后运行批处理 进行 右键功能添加和删除


如图  


WinDefCtl脚本如下
  1. #Requires -RunAsAdministrator
  2. # WinDefCtl.ps1 - Windows Defender Automation & Control Utility
  3. # PowerShell Edition - Real-Time Protection and Tamper Protection Management
  4. # Author: Marek Wesolowski - WESMAR - 2025

  6. param(
  7.     [Parameter(Mandatory=$true, Position=0)]
  8.     [ValidateSet('rtp', 'tp', 'all')]
  9.     [string]$Command,
  10.    
  11.     [Parameter(Mandatory=$false, Position=1)]
  12.     [ValidateSet('on', 'off', 'status')]
  13.     [string]$Action = 'status'
  14. )

  16. # ============================================================================
  17. # UI Automation Setup
  18. # ============================================================================

  20. Add-Type -AssemblyName UIAutomationClient
  21. Add-Type -AssemblyName UIAutomationTypes

  23. Add-Type @"
  24. using System;
  25. using System.Runtime.InteropServices;
  26. using System.Text;
  27. public class WinAPI {
  28.     [DllImport("user32.dll")]
  29.     public static extern bool EnumWindows(EnumWindowsProc enumProc, IntPtr lParam);
  30.    
  31.     [DllImport("user32.dll")]
  32.     public static extern int GetClassName(IntPtr hWnd, StringBuilder text, int count);
  33.    
  34.     [DllImport("user32.dll")]
  35.     public static extern bool IsWindowVisible(IntPtr hWnd);
  36.    
  37.     [DllImport("user32.dll")]
  38.     public static extern bool SetForegroundWindow(IntPtr hWnd);
  39.    
  40.     [DllImport("user32.dll")]
  41.     public static extern IntPtr SendMessage(IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam);
  42.    
  43.     [DllImport("user32.dll")]
  44.     public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
  45.    
  46.     [DllImport("user32.dll")]
  47.     public static extern bool IsWindow(IntPtr hWnd);
  48.    
  49.     public delegate bool EnumWindowsProc(IntPtr hWnd, IntPtr lParam);
  50.    
  51.     public const uint WM_SYSCOMMAND = 0x0112;
  52.     public const uint SC_CLOSE = 0xF060;
  53.     public const uint WM_CLOSE = 0x0010;
  54.     public const int SW_SHOWMINNOACTIVE = 7;
  55. }
  56. "@

  58. # ============================================================================
  59. # Registry Helper Functions
  60. # ============================================================================

  62. $UAC_REG_PATH = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
  63. $VOLATILE_KEY_PATH = "HKCU:\Software\Temp"
  64. $KEY_NOT_EXISTED = 0xFF

  66. function Read-RegistryDword {
  67.     param(
  68.         [string]$Path,
  69.         [string]$Name
  70.     )
  71.    
  72.     try {
  73.         if (Test-Path $Path) {
  74.             $value = Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue
  75.             if ($null -ne $value) {
  76.                 return @{
  77.                     Value = $value.$Name
  78.                     Existed = $true
  79.                 }
  80.             }
  81.         }
  82.     }
  83.     catch { }
  84.    
  85.     return @{
  86.         Value = 0
  87.         Existed = $false
  88.     }
  89. }

  91. function Write-RegistryDword {
  92.     param(
  93.         [string]$Path,
  94.         [string]$Name,
  95.         [int]$Value
  96.     )
  97.    
  98.     try {
  99.         if (-not (Test-Path $Path)) {
  100.             New-Item -Path $Path -Force | Out-Null
  101.         }
  102.         Set-ItemProperty -Path $Path -Name $Name -Value $Value -Type DWord -Force
  103.         return $true
  104.     }
  105.     catch {
  106.         return $false
  107.     }
  108. }

  110. function Remove-RegistryValue {
  111.     param(
  112.         [string]$Path,
  113.         [string]$Name
  114.     )
  115.    
  116.     try {
  117.         if (Test-Path $Path) {
  118.             Remove-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue
  119.         }
  120.         return $true
  121.     }
  122.     catch {
  123.         return $false
  124.     }
  125. }

  127. # ============================================================================
  128. # UAC Management Functions
  129. # ============================================================================

  131. function Encode-UACStatus {
  132.     param(
  133.         [int]$CPBA,
  134.         [bool]$CPBAExisted,
  135.         [int]$POSD,
  136.         [bool]$POSDExisted
  137.     )
  138.    
  139.     $cpbaValue = if ($CPBAExisted) { $CPBA -band 0xFF } else { $KEY_NOT_EXISTED }
  140.     $posdValue = if ($POSDExisted) { $POSD -band 0xFF } else { $KEY_NOT_EXISTED }
  141.    
  142.     $encoded = $cpbaValue -bor ($posdValue -shl 8)
  143.    
  144.     return $encoded
  145. }

  147. function Decode-UACStatus {
  148.     param([int]$Encoded)
  149.    
  150.     $cpbaByte = $Encoded -band 0xFF
  151.     $posdByte = ($Encoded -shr 8) -band 0xFF
  152.    
  153.     return @{
  154.         CPBA = if ($cpbaByte -ne $KEY_NOT_EXISTED) { $cpbaByte } else { 0 }
  155.         CPBAExisted = ($cpbaByte -ne $KEY_NOT_EXISTED)
  156.         POSD = if ($posdByte -ne $KEY_NOT_EXISTED) { $posdByte } else { 0 }
  157.         POSDExisted = ($posdByte -ne $KEY_NOT_EXISTED)
  158.     }
  159. }

  161. function Backup-UAC {
  162.     Write-Host "  [*] Backing up and disabling UAC prompts..."
  163.    
  164.     $cpba = Read-RegistryDword -Path $UAC_REG_PATH -Name "ConsentPromptBehaviorAdmin"
  165.     $posd = Read-RegistryDword -Path $UAC_REG_PATH -Name "PromptOnSecureDesktop"
  166.    
  167.     $encoded = Encode-UACStatus -CPBA $cpba.Value -CPBAExisted $cpba.Existed -POSD $posd.Value -POSDExisted $posd.Existed
  168.    
  169.     if (-not (Write-RegistryDword -Path $UAC_REG_PATH -Name "UACStatus" -Value $encoded)) {
  170.         return $false
  171.     }
  172.    
  173.     $success = $true
  174.     $success = $success -and (Write-RegistryDword -Path $UAC_REG_PATH -Name "ConsentPromptBehaviorAdmin" -Value 0)
  175.     $success = $success -and (Write-RegistryDword -Path $UAC_REG_PATH -Name "PromptOnSecureDesktop" -Value 0)
  176.    
  177.     return $success
  178. }

  180. function Restore-UAC {
  181.     Write-Host "  [*] Restoring original UAC settings..."
  182.    
  183.     $backup = Read-RegistryDword -Path $UAC_REG_PATH -Name "UACStatus"
  184.    
  185.     if (-not $backup.Existed) {
  186.         return $false
  187.     }
  188.    
  189.     $decoded = Decode-UACStatus -Encoded $backup.Value
  190.    
  191.     if ($decoded.CPBAExisted) {
  192.         Write-RegistryDword -Path $UAC_REG_PATH -Name "ConsentPromptBehaviorAdmin" -Value $decoded.CPBA | Out-Null
  193.     }
  194.     else {
  195.         Remove-RegistryValue -Path $UAC_REG_PATH -Name "ConsentPromptBehaviorAdmin" | Out-Null
  196.     }
  197.    
  198.     if ($decoded.POSDExisted) {
  199.         Write-RegistryDword -Path $UAC_REG_PATH -Name "PromptOnSecureDesktop" -Value $decoded.POSD | Out-Null
  200.     }
  201.     else {
  202.         Remove-RegistryValue -Path $UAC_REG_PATH -Name "PromptOnSecureDesktop" | Out-Null
  203.     }
  204.    
  205.     Remove-RegistryValue -Path $UAC_REG_PATH -Name "UACStatus" | Out-Null
  206.     return $true
  207. }

  209. function Test-UACBackupExists {
  210.     $backup = Read-RegistryDword -Path $UAC_REG_PATH -Name "UACStatus"
  211.     return $backup.Existed
  212. }

  214. function Recover-UACIfNeeded {
  215.     if (Test-UACBackupExists) {
  216.         Write-Host "  [RECOVERY] Found incomplete UAC backup, restoring..."
  217.         return Restore-UAC
  218.     }
  219.     return $true
  220. }

  222. # ============================================================================
  223. # Cold Boot Detection (Volatile Registry Marker)
  224. # ============================================================================

  226. function Test-ColdBoot {
  227.     # Volatile key in HKCU:\Software\Temp - disappears on logout/reboot
  228.     try {
  229.         $marker = Get-ItemProperty -Path "$VOLATILE_KEY_PATH" -Name "WinDefCtl_Warmed" -ErrorAction SilentlyContinue
  230.         return ($null -eq $marker)
  231.     }
  232.     catch {
  233.         return $true
  234.     }
  235. }

  237. function Set-WarmMarker {
  238.     try {
  239.         # Create volatile registry key - will disappear on session end
  240.         if (-not (Test-Path $VOLATILE_KEY_PATH)) {
  241.             New-Item -Path $VOLATILE_KEY_PATH -Force | Out-Null
  242.         }
  243.         
  244.         # Unfortunately PowerShell doesn't support REG_OPTION_VOLATILE directly
  245.         # We'll use reg.exe for true volatile key creation
  246.         & reg add "HKCU\Software\Temp" /v "WinDefCtl_Warmed" /t REG_DWORD /d 1 /f | Out-Null
  247.         
  248.         return $true
  249.     }
  250.     catch {
  251.         return $false
  252.     }
  253. }

  255. # ============================================================================
  256. # Window Management Functions
  257. # ============================================================================

  259. function Find-SecurityWindow {
  260.     param([int]$MaxRetries = 10)
  261.    
  262.     $script:foundWindow = $null
  263.    
  264.     for ($i = 0; $i -lt $MaxRetries; $i++) {
  265.         $callback = [WinAPI+EnumWindowsProc] {
  266.             param($hwnd, $lParam)
  267.             
  268.             $className = New-Object System.Text.StringBuilder 256
  269.             [WinAPI]::GetClassName($hwnd, $className, 256) | Out-Null
  270.             
  271.             if ($className.ToString() -eq "ApplicationFrameWindow" -and [WinAPI]::IsWindowVisible($hwnd)) {
  272.                 $script:foundWindow = $hwnd
  273.                 return $false
  274.             }
  275.             return $true
  276.         }
  277.         
  278.         [WinAPI]::EnumWindows($callback, [IntPtr]::Zero) | Out-Null
  279.         
  280.         if ($script:foundWindow) {
  281.             return $script:foundWindow
  282.         }
  283.         
  284.         Start-Sleep -Milliseconds 100
  285.     }
  286.    
  287.     return $null
  288. }

  290. function Close-SecurityWindow {
  291.     param([IntPtr]$WindowHandle)
  292.    
  293.     if ($WindowHandle -eq [IntPtr]::Zero -or -not [WinAPI]::IsWindow($WindowHandle)) {
  294.         return
  295.     }
  296.    
  297.     # Try SetForegroundWindow + SC_CLOSE
  298.     [WinAPI]::SetForegroundWindow($WindowHandle) | Out-Null
  299.     Start-Sleep -Milliseconds 100
  300.     [WinAPI]::SendMessage($WindowHandle, [WinAPI]::WM_SYSCOMMAND, [IntPtr][WinAPI]::SC_CLOSE, [IntPtr]::Zero) | Out-Null
  301.    
  302.     # Wait for window to close
  303.     $closed = $false
  304.     for ($i = 0; $i -lt 30; $i++) {
  305.         if (-not [WinAPI]::IsWindow($WindowHandle)) {
  306.             $closed = $true
  307.             break
  308.         }
  309.         Start-Sleep -Milliseconds 100
  310.     }
  311.    
  312.     # Fallback to WM_CLOSE if needed
  313.     if (-not $closed) {
  314.         [WinAPI]::SendMessage($WindowHandle, [WinAPI]::WM_CLOSE, [IntPtr]::Zero, [IntPtr]::Zero) | Out-Null
  315.         Start-Sleep -Milliseconds 1000
  316.     }
  317. }

  319. # ============================================================================
  320. # Pre-Warming for Cold Boot
  321. # ============================================================================

  323. function Invoke-PreWarmDefender {
  324.     Write-Host "  [*] Cold boot detected - pre-warming Windows Defender..."
  325.    
  326.     Start-Process "windowsdefender://threatsettings" -WindowStyle Hidden
  327.     Start-Sleep -Milliseconds 800
  328.    
  329.     $hwnd = Find-SecurityWindow -MaxRetries 10
  330.    
  331.     if ($hwnd) {
  332.         Write-Host "  [*] Pre-warm window found, waiting for full initialization..."
  333.         Start-Sleep -Milliseconds 800
  334.         
  335.         Write-Host "  [*] Closing pre-warm window..."
  336.         Close-SecurityWindow -WindowHandle $hwnd
  337.         
  338.         Set-WarmMarker | Out-Null
  339.         Write-Host "  [*] Pre-warm complete"
  340.         return $true
  341.     }
  342.    
  343.     Write-Host "  [WARN] Pre-warm window not found, continuing anyway..."
  344.     return $false
  345. }

  347. # ============================================================================
  348. # UI Automation Functions
  349. # ============================================================================

  351. function Wait-UILoaded {
  352.     param(
  353.         [System.Windows.Automation.AutomationElement]$RootElement,
  354.         [int]$MaxRetries = 50
  355.     )
  356.    
  357.     for ($i = 0; $i -lt $MaxRetries; $i++) {
  358.         try {
  359.             $descendants = $RootElement.FindAll(
  360.                 [System.Windows.Automation.TreeScope]::Descendants,
  361.                 [System.Windows.Automation.Condition]::TrueCondition
  362.             )
  363.             
  364.             if ($descendants.Count -gt 10) {
  365.                 return $true
  366.             }
  367.         }
  368.         catch { }
  369.         
  370.         Start-Sleep -Milliseconds 100
  371.     }
  372.    
  373.     return $false
  374. }

  376. function Get-ElementCount {
  377.     param([System.Windows.Automation.AutomationElement]$RootElement)
  378.    
  379.     try {
  380.         $descendants = $RootElement.FindAll(
  381.             [System.Windows.Automation.TreeScope]::Descendants,
  382.             [System.Windows.Automation.Condition]::TrueCondition
  383.         )
  384.         return $descendants.Count
  385.     }
  386.     catch {
  387.         return 0
  388.     }
  389. }

  391. function Wait-StructureChange {
  392.     param(
  393.         [System.Windows.Automation.AutomationElement]$RootElement,
  394.         [int]$BaselineCount,
  395.         [bool]$ExpectIncrease,
  396.         [int]$TimeoutSeconds = 10
  397.     )
  398.    
  399.     Write-Host "  [*] Waiting for UI update..." -NoNewline
  400.     $maxLoops = $TimeoutSeconds * 10
  401.    
  402.     for ($i = 0; $i -lt $maxLoops; $i++) {
  403.         $currentCount = Get-ElementCount -RootElement $RootElement
  404.         
  405.         $structureChanged = if ($ExpectIncrease) {
  406.             $currentCount -gt $BaselineCount
  407.         } else {
  408.             $currentCount -lt $BaselineCount
  409.         }
  410.         
  411.         if ($structureChanged) {
  412.             Start-Sleep -Milliseconds 200
  413.             $recheckCount = Get-ElementCount -RootElement $RootElement
  414.             
  415.             $stable = if ($ExpectIncrease) {
  416.                 $recheckCount -gt $BaselineCount
  417.             } else {
  418.                 $recheckCount -lt $BaselineCount
  419.             }
  420.             
  421.             if ($stable) {
  422.                 Write-Host " [OK]"
  423.                 return $true
  424.             }
  425.         }
  426.         
  427.         Start-Sleep -Milliseconds 100
  428.     }
  429.    
  430.     Write-Host " [WARN] Timeout."
  431.     return $false
  432. }

  434. function Find-FirstToggleSwitch {
  435.     param([System.Windows.Automation.AutomationElement]$RootElement)
  436.    
  437.     $condition = New-Object System.Windows.Automation.PropertyCondition(
  438.         [System.Windows.Automation.AutomationElement]::ControlTypeProperty,
  439.         [System.Windows.Automation.ControlType]::Button
  440.     )
  441.    
  442.     $buttons = $RootElement.FindAll([System.Windows.Automation.TreeScope]::Descendants, $condition)
  443.    
  444.     foreach ($button in $buttons) {
  445.         try {
  446.             $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  447.             if ($togglePattern) {
  448.                 return $button
  449.             }
  450.         }
  451.         catch { }
  452.     }
  453.    
  454.     return $null
  455. }

  457. function Find-LastToggleSwitch {
  458.     param([System.Windows.Automation.AutomationElement]$RootElement)
  459.    
  460.     $condition = New-Object System.Windows.Automation.PropertyCondition(
  461.         [System.Windows.Automation.AutomationElement]::ControlTypeProperty,
  462.         [System.Windows.Automation.ControlType]::Button
  463.     )
  464.    
  465.     $buttons = $RootElement.FindAll([System.Windows.Automation.TreeScope]::Descendants, $condition)
  466.     $lastToggle = $null
  467.    
  468.     foreach ($button in $buttons) {
  469.         try {
  470.             $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  471.             if ($togglePattern) {
  472.                 $lastToggle = $button
  473.             }
  474.         }
  475.         catch { }
  476.     }
  477.    
  478.     return $lastToggle
  479. }

  481. # ============================================================================
  482. # Real-Time Protection Functions
  483. # ============================================================================

  485. function Get-RTPStatus {
  486.     param([System.Windows.Automation.AutomationElement]$RootElement)
  487.    
  488.     $button = Find-FirstToggleSwitch -RootElement $RootElement
  489.     if (-not $button) {
  490.         return $null
  491.     }
  492.    
  493.     try {
  494.         $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  495.         $state = $togglePattern.Current.ToggleState
  496.         $isEnabled = ($state -eq [System.Windows.Automation.ToggleState]::On)
  497.         
  498.         Write-Host "  [*] RTP Status: $(if ($isEnabled) { 'ENABLED' } else { 'DISABLED' })"
  499.         return $isEnabled
  500.     }
  501.     catch {
  502.         return $null
  503.     }
  504. }

  506. function Enable-RTP {
  507.     param([System.Windows.Automation.AutomationElement]$RootElement)
  508.    
  509.     if (-not (Backup-UAC)) {
  510.         return $false
  511.     }
  512.    
  513.     $button = Find-FirstToggleSwitch -RootElement $RootElement
  514.     if (-not $button) {
  515.         Restore-UAC | Out-Null
  516.         return $false
  517.     }
  518.    
  519.     try {
  520.         $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  521.         $state = $togglePattern.Current.ToggleState
  522.         
  523.         if ($state -eq [System.Windows.Automation.ToggleState]::Off) {
  524.             $baseline = Get-ElementCount -RootElement $RootElement
  525.             $togglePattern.Toggle()
  526.             $result = Wait-StructureChange -RootElement $RootElement -BaselineCount $baseline -ExpectIncrease $false
  527.         }
  528.         else {
  529.             Write-Host "  [*] RTP already enabled"
  530.             $result = $true
  531.         }
  532.         
  533.         Restore-UAC | Out-Null
  534.         return $result
  535.     }
  536.     catch {
  537.         Restore-UAC | Out-Null
  538.         return $false
  539.     }
  540. }

  542. function Disable-RTP {
  543.     param([System.Windows.Automation.AutomationElement]$RootElement)
  544.    
  545.     if (-not (Backup-UAC)) {
  546.         return $false
  547.     }
  548.    
  549.     $button = Find-FirstToggleSwitch -RootElement $RootElement
  550.     if (-not $button) {
  551.         Restore-UAC | Out-Null
  552.         return $false
  553.     }
  554.    
  555.     try {
  556.         $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  557.         $state = $togglePattern.Current.ToggleState
  558.         
  559.         if ($state -eq [System.Windows.Automation.ToggleState]::On) {
  560.             $baseline = Get-ElementCount -RootElement $RootElement
  561.             $togglePattern.Toggle()
  562.             $result = Wait-StructureChange -RootElement $RootElement -BaselineCount $baseline -ExpectIncrease $true
  563.         }
  564.         else {
  565.             Write-Host "  [*] RTP already disabled"
  566.             $result = $true
  567.         }
  568.         
  569.         Restore-UAC | Out-Null
  570.         return $result
  571.     }
  572.     catch {
  573.         Restore-UAC | Out-Null
  574.         return $false
  575.     }
  576. }

  578. # ============================================================================
  579. # Tamper Protection Functions
  580. # ============================================================================

  582. function Get-TPStatus {
  583.     param([System.Windows.Automation.AutomationElement]$RootElement)
  584.    
  585.     $button = Find-LastToggleSwitch -RootElement $RootElement
  586.     if (-not $button) {
  587.         return $null
  588.     }
  589.    
  590.     try {
  591.         $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  592.         $state = $togglePattern.Current.ToggleState
  593.         $isEnabled = ($state -eq [System.Windows.Automation.ToggleState]::On)
  594.         
  595.         Write-Host "  [*] Tamper Protection Status: $(if ($isEnabled) { 'ENABLED' } else { 'DISABLED' })"
  596.         return $isEnabled
  597.     }
  598.     catch {
  599.         return $null
  600.     }
  601. }

  603. function Enable-TP {
  604.     param([System.Windows.Automation.AutomationElement]$RootElement)
  605.    
  606.     if (-not (Backup-UAC)) {
  607.         return $false
  608.     }
  609.    
  610.     $button = Find-LastToggleSwitch -RootElement $RootElement
  611.     if (-not $button) {
  612.         Restore-UAC | Out-Null
  613.         return $false
  614.     }
  615.    
  616.     try {
  617.         $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  618.         $state = $togglePattern.Current.ToggleState
  619.         
  620.         if ($state -eq [System.Windows.Automation.ToggleState]::Off) {
  621.             $baseline = Get-ElementCount -RootElement $RootElement
  622.             $togglePattern.Toggle()
  623.             $result = Wait-StructureChange -RootElement $RootElement -BaselineCount $baseline -ExpectIncrease $false
  624.         }
  625.         else {
  626.             Write-Host "  [*] Tamper Protection already enabled"
  627.             $result = $true
  628.         }
  629.         
  630.         Restore-UAC | Out-Null
  631.         return $result
  632.     }
  633.     catch {
  634.         Restore-UAC | Out-Null
  635.         return $false
  636.     }
  637. }

  639. function Disable-TP {
  640.     param([System.Windows.Automation.AutomationElement]$RootElement)
  641.    
  642.     if (-not (Backup-UAC)) {
  643.         return $false
  644.     }
  645.    
  646.     $button = Find-LastToggleSwitch -RootElement $RootElement
  647.     if (-not $button) {
  648.         Restore-UAC | Out-Null
  649.         return $false
  650.     }
  651.    
  652.     try {
  653.         $togglePattern = $button.GetCurrentPattern([System.Windows.Automation.TogglePattern]::Pattern)
  654.         $state = $togglePattern.Current.ToggleState
  655.         
  656.         if ($state -eq [System.Windows.Automation.ToggleState]::On) {
  657.             $baseline = Get-ElementCount -RootElement $RootElement
  658.             $togglePattern.Toggle()
  659.             $result = Wait-StructureChange -RootElement $RootElement -BaselineCount $baseline -ExpectIncrease $true
  660.         }
  661.         else {
  662.             Write-Host "  [*] Tamper Protection already disabled"
  663.             $result = $true
  664.         }
  665.         
  666.         Restore-UAC | Out-Null
  667.         return $result
  668.     }
  669.     catch {
  670.         Restore-UAC | Out-Null
  671.         return $false
  672.     }
  673. }

  675. # ============================================================================
  676. # Process Single Command
  677. # ============================================================================

  679. function Process-SingleCommand {
  680.     param(
  681.         [string]$Cmd,
  682.         [string]$Act
  683.     )
  684.    
  685.     Write-Host ""
  686.     Write-Host "=== Windows Defender $(if ($Cmd -eq 'rtp') { 'RTP' } else { 'Tamper Protection' }) Control ===" -ForegroundColor Cyan
  687.     Write-Host ""

  689.     # Check for incomplete UAC backup from previous crash
  690.     Recover-UACIfNeeded | Out-Null

  692.     Write-Host "  [*] Opening Windows Defender..."

  694.     # Pre-warming on cold boot
  695.     if (Test-ColdBoot) {
  696.         Invoke-PreWarmDefender | Out-Null
  697.         Start-Sleep -Milliseconds 800
  698.     }

  700.     # Open Windows Security
  701.     Start-Process "windowsdefender://threatsettings" -WindowStyle Hidden
  702.     $hwndSecurity = Find-SecurityWindow -MaxRetries 10

  704.     if (-not $hwndSecurity) {
  705.         Write-Host "  [ERROR] Failed to find Windows Security window" -ForegroundColor Red
  706.         return $false
  707.     }

  709.     # Get UI Automation root element
  710.     try {
  711.         $rootElement = [System.Windows.Automation.AutomationElement]::FromHandle($hwndSecurity)
  712.     }
  713.     catch {
  714.         Write-Host "  [ERROR] Failed to get automation element" -ForegroundColor Red
  715.         Close-SecurityWindow -WindowHandle $hwndSecurity
  716.         return $false
  717.     }

  719.     # Wait for UI to load
  720.     if (-not (Wait-UILoaded -RootElement $rootElement -MaxRetries 50)) {
  721.         Write-Host "  [ERROR] Failed to load UI (Timeout on slow system)" -ForegroundColor Red
  722.         Close-SecurityWindow -WindowHandle $hwndSecurity
  723.         return $false
  724.     }

  726.     # Execute requested action
  727.     $result = $false

  729.     if ($Cmd -eq 'rtp') {
  730.         switch ($Act) {
  731.             'status' {
  732.                 $result = (Get-RTPStatus -RootElement $rootElement) -ne $null
  733.             }
  734.             'on' {
  735.                 $result = Enable-RTP -RootElement $rootElement
  736.             }
  737.             'off' {
  738.                 $result = Disable-RTP -RootElement $rootElement
  739.             }
  740.         }
  741.     }
  742.     elseif ($Cmd -eq 'tp') {
  743.         switch ($Act) {
  744.             'status' {
  745.                 $result = (Get-TPStatus -RootElement $rootElement) -ne $null
  746.             }
  747.             'on' {
  748.                 $result = Enable-TP -RootElement $rootElement
  749.             }
  750.             'off' {
  751.                 $result = Disable-TP -RootElement $rootElement
  752.             }
  753.         }
  754.     }

  756.     # Close security window
  757.     Close-SecurityWindow -WindowHandle $hwndSecurity

  759.     return $result
  760. }

  762. # ============================================================================
  763. # Main Execution Flow
  764. # ============================================================================

  766. $overallResult = $true

  768. if ($Command -eq 'all') {
  769.     Write-Host ""
  770.     Write-Host "=== Windows Defender ALL Control ($Action) ===" -ForegroundColor Cyan
  771.     Write-Host ""
  772.    
  773.     if ($Action -eq 'status') {
  774.         # Process RTP status
  775.         $rtpResult = Process-SingleCommand -Cmd 'rtp' -Act 'status'
  776.         
  777.         Write-Host ""
  778.         Write-Host "---" -ForegroundColor DarkGray
  779.         
  780.         # Process TP status
  781.         $tpResult = Process-SingleCommand -Cmd 'tp' -Act 'status'
  782.         
  783.         $overallResult = $rtpResult -and $tpResult
  784.     }
  785.     else {
  786.         # Process RTP action
  787.         Write-Host "[1/2] Processing RTP ($Action)..." -ForegroundColor Cyan
  788.         $rtpResult = Process-SingleCommand -Cmd 'rtp' -Act $Action
  789.         
  790.         Write-Host ""
  791.         Write-Host "--- Waiting 1 second ---" -ForegroundColor DarkGray
  792.         Start-Sleep -Seconds 1
  793.         
  794.         # Process TP action
  795.         Write-Host "[2/2] Processing Tamper Protection ($Action)..." -ForegroundColor Cyan
  796.         $tpResult = Process-SingleCommand -Cmd 'tp' -Act $Action
  797.         
  798.         $overallResult = $rtpResult -and $tpResult
  799.         
  800.         Write-Host ""
  801.         Write-Host "=== Summary ===" -ForegroundColor Cyan
  802.         Write-Host "  [*] RTP ($Action): $(if ($rtpResult) { 'SUCCESS' } else { 'FAILED' })" -ForegroundColor $(if ($rtpResult) { 'Green' } else { 'Red' })
  803.         Write-Host "  [*] Tamper Protection ($Action): $(if ($tpResult) { 'SUCCESS' } else { 'FAILED' })" -ForegroundColor $(if ($tpResult) { 'Green' } else { 'Red' })
  804.     }
  805. }
  806. else {
  807.     $overallResult = Process-SingleCommand -Cmd $Command -Act $Action
  808. }

  810. Write-Host ""
  811. Write-Host "  [*] Operation completed." -ForegroundColor $(if ($overallResult) { 'Green' } else { 'Yellow' })
  812. Write-Host ""

  814. exit $(if ($overallResult) { 0 } else { 1 })
复制代码


整合右键菜单批处理如下
  1. @ECHO OFF
  2. PUSHD %~dp0
  3. TITLE Hello World
  4. >nul reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set "f0=%%2" &call "%%2" %%3" & set "_= %*"
  5. >nul fltmc || if "%f0%" neq "%~f0" ( cd.>"%tmp%\runas.Admin" & start "%~n0" /high "%tmp%\runas.Admin" "%~f0" "%_:"=""%" &exit /b )


  8. cd /d "%~dp0"
  9. if "%PROCESSOR_ARCHITECTURE%"=="x86" set bits=32
  10. if "%PROCESSOR_ARCHITECTURE%"=="AMD64" set bits=64


  13. REM 检查命令行参数
  14. if "%~1"=="install" (
  15.     goto install
  16. )
  17. if "%~1"=="uninstall" (
  18.     goto uninstall
  19. )

  21. Rem 设置程序路径
  22. SET "_file_path=%~dp0"
  23. Rem 设置命令行
  24. SET "_cmd_cmd_enable=powershell Start-Process cmd -Verb RunAs -ArgumentList '/S /K pushd "%%V" &"%~dp0WinDefCtl.exe" rtp on &"%~dp0WinDefCtl.exe" tp on &exit'"
  25. SET "_cmd_cmd_disabled=powershell Start-Process cmd -Verb RunAs -ArgumentList '/S /K pushd "%%V" &"%~dp0WinDefCtl.exe" rtp off &"%~dp0WinDefCtl.exe" tp off &exit'"
  26. SET "_cmd_scripts_enable="powershell.exe" "-Command" ""& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -File "%~dp0WinDefCtl.ps1" all on' -Verb RunAs}""
  27. SET "_cmd_scripts_disabled="powershell.exe" "-Command" ""& {Start-Process PowerShell.exe -ArgumentList '-ExecutionPolicy RemoteSigned -File "%~dp0WinDefCtl.ps1" all off' -Verb RunAs}""
  28. Rem 设置注册表初始值
  29. SET "_regkey1=HKCR\*\Shell\WindowsSecurity"
  30. SET "_regkey2=HKCR\Directory\Shell\WindowsSecurity"
  31. SET "_regkey3=HKCR\Directory\background\Shell\WindowsSecurity"
  32. SET "_regkey4=HKCR\Drive\Shell\WindowsSecurity"
  33. SET "_regkey5=HKCR\DesktopBackground\Shell\WindowsSecurity"

  35. :Menu
  36. SET Options=
  37. ECHO.&ECHO. 1.安装 WinDefCtl 鼠标右键菜单
  38. ECHO.&ECHO. 2.卸载 WinDefCtl 鼠标右键菜单
  39. ECHO.&ECHO. 3.退出
  40. ECHO.
  41. SET /P Options=请输入选择项目序号并按回车确认:
  42. IF /I "%Options%"=="1" GOTO install
  43. IF /I "%Options%"=="2" GOTO uninstall
  44. IF /I "%Options%"=="3" GOTO OUT
  45. ECHO.&ECHO.序号无效,请重新输入!
  46. PING -n 2 127.1>NUL
  47. CLS
  48. GOTO Menu

  50. :install
  51. REM 删除残留注册项
  52. reg delete "%_regkey1%" /f
  53. for %%i in ("%_regkey2%" "%_regkey3%" "%_regkey4%" "%_regkey5%") do reg delete %%i /f
  54. Rem 单独处理 HKCR\*\Shell\WindowsSecurity(for循环直接导入通配符*会失败)
  55. Reg.exe add "%_regkey1%" /v "Icon" /t REG_SZ /d "%%ProgramFiles%%\Windows Defender\EppManifest.dll,-101" /f
  56. Reg.exe add "%_regkey1%" /v "MUIVerb" /t REG_SZ /d "Windows 安全中心" /f
  57. Reg.exe add "%_regkey1%" /v "Position" /t REG_SZ /d "Bottom" /f
  58. Reg.exe add "%_regkey1%" /v "SubCommands" /t REG_SZ /d "" /f
  59. Reg.exe add "%_regkey1%" /v "SeparatorBefore" /t REG_SZ /d "" /f
  60. Reg.exe add "%_regkey1%" /v "SeparatorAfter" /t REG_SZ /d "" /f
  61. Reg.exe add "%_regkey1%\shell\001flyout" /v "Icon" /t REG_SZ /d "%%ProgramFiles%%\Windows Defender\EppManifest.dll,-101" /f
  62. Reg.exe add "%_regkey1%\shell\001flyout" /v "MUIVerb" /t REG_SZ /d "&安全中心主页" /f
  63. Reg.exe add "%_regkey1%\shell\001flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  64. Reg.exe add "%_regkey1%\shell\001flyout" /v "SeparatorBefore" /t REG_SZ /d "" /f
  65. Reg.exe add "%_regkey1%\shell\001flyout" /v "SeparatorAfter" /t REG_SZ /d "" /f
  66. Reg.exe add "%_regkey1%\shell\001flyout" /v "CommandFlags" /t REG_DWORD /d "64" /f
  67. Reg.exe add "%_regkey1%\shell\001flyout\command" /ve /t REG_SZ /d "explorer windowsdefender:" /f
  68. Reg.exe add "%_regkey1%\shell\002flyout" /v "MUIVerb" /t REG_SZ /d "&病毒和威胁防护" /f
  69. Reg.exe add "%_regkey1%\shell\002flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  70. Reg.exe add "%_regkey1%\shell\002flyout" /v "Position" /t REG_SZ /d "Bottom" /f
  71. Reg.exe add "%_regkey1%\shell\002flyout" /v "SubCommands" /t REG_SZ /d "" /f
  72. Reg.exe add "%_regkey1%\shell\002flyout\shell" /v "SubCommands" /t REG_SZ /d "" /f
  73. Reg.exe add "%_regkey1%\shell\002flyout\shell\001" /v "MUIVerb" /t REG_SZ /d "病毒和威胁防护 设置主页" /f
  74. Reg.exe add "%_regkey1%\shell\002flyout\shell\001" /v "HasLUAShield" /t REG_SZ /d "" /f
  75. Reg.exe add "%_regkey1%\shell\002flyout\shell\001" /v "SeparatorBefore" /t REG_SZ /d "" /f
  76. Reg.exe add "%_regkey1%\shell\002flyout\shell\001" /v "SeparatorAfter" /t REG_SZ /d "" /f
  77. Reg.exe add "%_regkey1%\shell\002flyout\shell\001" /v "CommandFlags" /t REG_DWORD /d "64" /f
  78. Reg.exe add "%_regkey1%\shell\002flyout\shell\001\command" /ve /t REG_SZ /d "explorer windowsdefender://threat" /f
  79. Reg.exe add "%_regkey1%\shell\002flyout\shell\002" /v "MUIVerb" /t REG_SZ /d "启用 实时防护和防篡改" /f
  80. Reg.exe add "%_regkey1%\shell\002flyout\shell\002" /v "HasLUAShield" /t REG_SZ /d "" /f
  81. Reg.exe add "%_regkey1%\shell\002flyout\shell\002\command" /ve /t REG_SZ /d "%_cmd_scripts_enable%" /f
  82. Reg.exe add "%_regkey1%\shell\002flyout\shell\003" /v "MUIVerb" /t REG_SZ /d "禁用 实时防护和防篡改" /f
  83. Reg.exe add "%_regkey1%\shell\002flyout\shell\003" /v "HasLUAShield" /t REG_SZ /d "" /f
  84. Reg.exe add "%_regkey1%\shell\002flyout\shell\003\command" /ve /t REG_SZ /d "%_cmd_scripts_disabled%" /f
  85. Reg.exe add "%_regkey1%\shell\003flyout" /v "MUIVerb" /t REG_SZ /d "&账户保护" /f
  86. Reg.exe add "%_regkey1%\shell\003flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  87. Reg.exe add "%_regkey1%\shell\003flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://account" /f
  88. Reg.exe add "%_regkey1%\shell\004flyout" /v "MUIVerb" /t REG_SZ /d "&防火墙和网络保护" /f
  89. Reg.exe add "%_regkey1%\shell\004flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  90. Reg.exe add "%_regkey1%\shell\004flyout" /v "Position" /t REG_SZ /d "Bottom" /f
  91. Reg.exe add "%_regkey1%\shell\004flyout" /v "SubCommands" /t REG_SZ /d "" /f
  92. Reg.exe add "%_regkey1%\shell\004flyout\shell" /v "SubCommands" /t REG_SZ /d "" /f
  93. Reg.exe add "%_regkey1%\shell\004flyout\shell\001" /v "MUIVerb" /t REG_SZ /d "防火墙和网络保护 设置主页" /f
  94. Reg.exe add "%_regkey1%\shell\004flyout\shell\001" /v "HasLUAShield" /t REG_SZ /d "" /f
  95. Reg.exe add "%_regkey1%\shell\004flyout\shell\001" /v "SeparatorBefore" /t REG_SZ /d "" /f
  96. Reg.exe add "%_regkey1%\shell\004flyout\shell\001" /v "SeparatorAfter" /t REG_SZ /d "" /f
  97. Reg.exe add "%_regkey1%\shell\004flyout\shell\001" /v "CommandFlags" /t REG_DWORD /d "64" /f
  98. Reg.exe add "%_regkey1%\shell\004flyout\shell\001\command" /ve /t REG_SZ /d "explorer windowsdefender://network" /f
  99. Reg.exe add "%_regkey1%\shell\004flyout\shell\002" /v "MUIVerb" /t REG_SZ /d "启用 Windows 防火墙" /f
  100. Reg.exe add "%_regkey1%\shell\004flyout\shell\002" /v "HasLUAShield" /t REG_SZ /d "" /f
  101. Reg.exe add "%_regkey1%\shell\004flyout\shell\002\command" /ve /t REG_SZ /d "powershell.exe -windowstyle hidden -command "Start-Process cmd -ArgumentList '/s,/c,netsh advfirewall set allprofiles state on' -Verb runAs"" /f
  102. Reg.exe add "%_regkey1%\shell\004flyout\shell\003" /v "MUIVerb" /t REG_SZ /d "禁用 Windows 防火墙" /f
  103. Reg.exe add "%_regkey1%\shell\004flyout\shell\003" /v "HasLUAShield" /t REG_SZ /d "" /f
  104. Reg.exe add "%_regkey1%\shell\004flyout\shell\003\command" /ve /t REG_SZ /d "powershell.exe -windowstyle hidden -command "Start-Process cmd -ArgumentList '/s,/c,netsh advfirewall set allprofiles state off' -Verb runAs"" /f
  105. Reg.exe add "%_regkey1%\shell\005flyout" /v "MUIVerb" /t REG_SZ /d "应用和浏览器控制" /f
  106. Reg.exe add "%_regkey1%\shell\005flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  107. Reg.exe add "%_regkey1%\shell\005flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://appbrowser" /f
  108. Reg.exe add "%_regkey1%\shell\006flyout" /v "MUIVerb" /t REG_SZ /d "&设备安全性" /f
  109. Reg.exe add "%_regkey1%\shell\006flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  110. Reg.exe add "%_regkey1%\shell\006flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://devicesecurity" /f
  111. Reg.exe add "%_regkey1%\shell\007flyout" /v "MUIVerb" /t REG_SZ /d "&设备性能和运行状况" /f
  112. Reg.exe add "%_regkey1%\shell\007flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  113. Reg.exe add "%_regkey1%\shell\007flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://perfhealth" /f
  114. Reg.exe add "%_regkey1%\shell\008flyout" /v "MUIVerb" /t REG_SZ /d "&家庭选项" /f
  115. Reg.exe add "%_regkey1%\shell\008flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  116. Reg.exe add "%_regkey1%\shell\008flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://family" /f
  117. Reg.exe add "%_regkey1%\shell\009flyout" /v "MUIVerb" /t REG_SZ /d "&保护历史记录" /f
  118. Reg.exe add "%_regkey1%\shell\009flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  119. Reg.exe add "%_regkey1%\shell\009flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://history" /f
  120. Reg.exe add "%_regkey1%\shell\010flyout" /v "MUIVerb" /t REG_SZ /d "&安全提供程序" /f
  121. Reg.exe add "%_regkey1%\shell\010flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  122. Reg.exe add "%_regkey1%\shell\010flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://providers" /f
  123. Reg.exe add "%_regkey1%\shell\011flyout" /v "MUIVerb" /t REG_SZ /d "&通知" /f
  124. Reg.exe add "%_regkey1%\shell\011flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  125. Reg.exe add "%_regkey1%\shell\011flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://settings" /f
  126. Rem Windows安全中心菜单总项
  127. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  128.     Reg.exe add %%k /v "Icon" /t REG_SZ /d "%ProgramFiles%\Windows Defender\EppManifest.dll,-101" /f
  129.     Reg.exe add %%k /v "MUIVerb" /t REG_SZ /d "Windows 安全中心" /f
  130.     Reg.exe add %%k /v "Position" /t REG_SZ /d "Bottom" /f
  131.     Reg.exe add %%k /v "SeparatorAfter" /t REG_SZ /d "" /f
  132.     Reg.exe add %%k /v "SeparatorBefore" /t REG_SZ /d "" /f
  133.     Reg.exe add %%k /v "SubCommands" /t REG_SZ /d "" /f
  134. )
  135. Rem 二级菜单 安全中心主页
  136. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  137.     Reg.exe add "%%k\shell\001flyout" /v "Icon" /t REG_SZ /d "%ProgramFiles%\Windows Defender\EppManifest.dll,-101" /f
  138.     Reg.exe add "%%k\shell\001flyout" /v "MUIVerb" /t REG_SZ /d "&安全中心主页" /f
  139.     Reg.exe add "%%k\shell\001flyout" /v "SeparatorAfter" /t REG_SZ /d "" /f
  140.     Reg.exe add "%%k\shell\001flyout" /v "SeparatorBefore" /t REG_SZ /d "" /f
  141.     Reg.exe add "%%k\shell\001flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  142.     Reg.exe add "%%k\shell\001flyout" /v "CommandFlags" /t REG_DWORD /d "64" /f
  143.     Reg.exe add "%%k\shell\001flyout\command" /ve /t REG_SZ /d "explorer windowsdefender:" /f
  144. )
  145. Rem 二级菜单 病毒和威胁防护
  146. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  147.     Reg.exe add "%%k\shell\002flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  148.     Reg.exe add "%%k\shell\002flyout" /v "MUIVerb" /t REG_SZ /d "&病毒和威胁防护" /f
  149.     Reg.exe add "%%k\shell\002flyout" /v "Position" /t REG_SZ /d "Bottom" /f
  150.     Reg.exe add "%%k\shell\002flyout" /v "SubCommands" /t REG_SZ /d "" /f
  151.     Reg.exe add "%%k\shell\002flyout\shell" /v "SubCommands" /t REG_SZ /d "" /f
  152.     Reg.exe add "%%k\shell\002flyout\shell\001" /v "MUIVerb" /t REG_SZ /d "病毒和威胁防护 设置主页" /f
  153.     Reg.exe add "%%k\shell\002flyout\shell\001" /v "SeparatorAfter" /t REG_SZ /d "" /f
  154.     Reg.exe add "%%k\shell\002flyout\shell\001" /v "SeparatorBefore" /t REG_SZ /d "" /f
  155.     Reg.exe add "%%k\shell\002flyout\shell\001" /v "HasLUAShield" /t REG_SZ /d "" /f
  156.     Reg.exe add "%%k\shell\002flyout\shell\001" /v "CommandFlags" /t REG_DWORD /d "64" /f
  157.     Reg.exe add "%%k\shell\002flyout\shell\001\command" /ve /t REG_SZ /d "explorer windowsdefender://threat" /f
  158.     Reg.exe add "%%k\shell\002flyout\shell\002" /v "HasLUAShield" /t REG_SZ /d "" /f
  159.     Reg.exe add "%%k\shell\002flyout\shell\002" /v "MUIVerb" /t REG_SZ /d "启用 实时防护和防篡改" /f
  160.     Reg.exe add "%%k\shell\002flyout\shell\002\command" /ve /t REG_SZ /d "%_cmd_scripts_enable%" /f
  161.     Reg.exe add "%%k\shell\002flyout\shell\003" /v "HasLUAShield" /t REG_SZ /d "" /f
  162.     Reg.exe add "%%k\shell\002flyout\shell\003" /v "MUIVerb" /t REG_SZ /d "禁用 实时防护和防篡改" /f
  163.     Reg.exe add "%%k\shell\002flyout\shell\003\command" /ve /t REG_SZ /d "%_cmd_scripts_disabled%" /f
  164. )
  165. Rem 二级菜单 账户保护
  166. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  167.     Reg.exe add "%%k\shell\003flyout" /v "MUIVerb" /t REG_SZ /d "&账户保护" /f
  168.     Reg.exe add "%%k\shell\003flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  169.     Reg.exe add "%%k\shell\003flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://account" /f
  170. )
  171. Rem 二级菜单 防火墙和网络保护
  172. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  173.     Reg.exe add "%%k\shell\004flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  174.     Reg.exe add "%%k\shell\004flyout" /v "MUIVerb" /t REG_SZ /d "&防火墙和网络保护" /f
  175.     Reg.exe add "%%k\shell\004flyout" /v "Position" /t REG_SZ /d "Bottom" /f
  176.     Reg.exe add "%%k\shell\004flyout" /v "SubCommands" /t REG_SZ /d "" /f
  177.     Reg.exe add "%%k\shell\004flyout\shell" /v "SubCommands" /t REG_SZ /d "" /f
  178.     Reg.exe add "%%k\shell\004flyout\shell\001" /v "MUIVerb" /t REG_SZ /d "防火墙和网络保护 设置主页" /f
  179.     Reg.exe add "%%k\shell\004flyout\shell\001" /v "SeparatorAfter" /t REG_SZ /d "" /f
  180.     Reg.exe add "%%k\shell\004flyout\shell\001" /v "SeparatorBefore" /t REG_SZ /d "" /f
  181.     Reg.exe add "%%k\shell\004flyout\shell\001" /v "HasLUAShield" /t REG_SZ /d "" /f
  182.     Reg.exe add "%%k\shell\004flyout\shell\001" /v "CommandFlags" /t REG_DWORD /d "64" /f
  183.     Reg.exe add "%%k\shell\004flyout\shell\001\command" /ve /t REG_SZ /d "explorer windowsdefender://network" /f
  184.     Reg.exe add "%%k\shell\004flyout\shell\002" /v "HasLUAShield" /t REG_SZ /d "" /f
  185.     Reg.exe add "%%k\shell\004flyout\shell\002" /v "MUIVerb" /t REG_SZ /d "启用 Windows 防火墙" /f
  186.     Reg.exe add "%%k\shell\004flyout\shell\002\command" /ve /t REG_SZ /d "powershell.exe -windowstyle hidden -command "Start-Process cmd -ArgumentList '/s,/c,netsh advfirewall set allprofiles state on' -Verb runAs"" /f
  187.     Reg.exe add "%%k\shell\004flyout\shell\003" /v "HasLUAShield" /t REG_SZ /d "" /f
  188.     Reg.exe add "%%k\shell\004flyout\shell\003" /v "MUIVerb" /t REG_SZ /d "禁用 Windows 防火墙" /f
  189.     Reg.exe add "%%k\shell\004flyout\shell\003\command" /ve /t REG_SZ /d "powershell.exe -windowstyle hidden -command "Start-Process cmd -ArgumentList '/s,/c,netsh advfirewall set allprofiles state off' -Verb runAs"" /f
  190. )
  191.   Rem 二级菜单 应用和浏览器控制
  192. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  193.     Reg.exe add "%%k\shell\005flyout" /v "MUIVerb" /t REG_SZ /d "&应用和浏览器控制" /f
  194.     Reg.exe add "%%k\shell\005flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  195.     Reg.exe add "%%k\shell\005flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://appbrowser" /f
  196. )
  197. Rem 二级菜单 设备安全性
  198. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  199.     Reg.exe add "%%k\shell\006flyout" /v "MUIVerb" /t REG_SZ /d "&设备安全性" /f
  200.     Reg.exe add "%%k\shell\006flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  201.     Reg.exe add "%%k\shell\006flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://devicesecurity" /f
  202. )
  203. Rem 二级菜单 设备性能和运行状况
  204. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  205.     Reg.exe add "%%k\shell\007flyout" /v "MUIVerb" /t REG_SZ /d "&设备性能和运行状况" /f
  206.     Reg.exe add "%%k\shell\007flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  207.     Reg.exe add "%%k\shell\007flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://perfhealth" /f
  208. )
  209. Rem 二级菜单 家庭选项
  210. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  211.     Reg.exe add "%%k\shell\008flyout" /v "MUIVerb" /t REG_SZ /d "&家庭选项" /f
  212.     Reg.exe add "%%k\shell\008flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  213.     Reg.exe add "%%k\shell\008flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://family" /f
  214. )
  215. Rem 二级菜单 保护历史记录
  216. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  217.     Reg.exe add "%%k\shell\009flyout" /v "MUIVerb" /t REG_SZ /d "&保护历史记录" /f
  218.     Reg.exe add "%%k\shell\009flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  219.     Reg.exe add "%%k\shell\009flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://history" /f
  220. )
  221. Rem 二级菜单 安全提供程序
  222. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  223.     Reg.exe add "%%k\shell\010flyout" /v "MUIVerb" /t REG_SZ /d "&安全提供程序" /f
  224.     Reg.exe add "%%k\shell\010flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  225.     Reg.exe add "%%k\shell\010flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://providers" /f
  226. )
  227. Rem 二级菜单 通知
  228. for %%k in ("%_regkey2%" "%_regkey3%" "%_regkey4%") do (
  229.     Reg.exe add "%%k\shell\011flyout" /v "MUIVerb" /t REG_SZ /d "&通知" /f
  230.     Reg.exe add "%%k\shell\011flyout" /v "HasLUAShield" /t REG_SZ /d "" /f
  231.     Reg.exe add "%%k\shell\011flyout\command" /ve /t REG_SZ /d "explorer windowsdefender://settings" /f
  232. )
  233. REM 添加排除WinDefCtl件夹限制访问及白名单
  234. powershell -ExecutionPolicy Bypass -NoProfile -Command "Add-MpPreference -ExclusionProcess '%~dp0WinDefCtl.exe'"
  235. powershell -ExecutionPolicy Bypass -NoProfile -Command "Add-MpPreference -ControlledFolderAccessAllowedApplications '%ComSpec%'"
  236. powershell -ExecutionPolicy Bypass -NoProfile -Command "Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Windows\System32\cmd.exe'"
  237. powershell -ExecutionPolicy Bypass -NoProfile -Command "Add-MpPreference -ControlledFolderAccessAllowedApplications '%~dp0WinDefCtl.exe'"
  238. exit

  240. :uninstall
  241. REM 删除残留注册项
  242. reg delete "%_regkey1%" /f
  243. for %%i in ("%_regkey2%" "%_regkey3%" "%_regkey4%" "%_regkey5%") do reg delete %%i /f
  244. REM 移除排除WinDefCtl文件夹限制访问及白名单
  245. powershell -ExecutionPolicy Bypass -NoProfile -Command "Remove-MpPreference -ExclusionProcess '%~dp0WinDefCtl.exe'"
  246. powershell -ExecutionPolicy Bypass -NoProfile -Command "Remove-MpPreference -ControlledFolderAccessAllowedApplications '%ComSpec%'"
  247. powershell -ExecutionPolicy Bypass -NoProfile -Command "Remove-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Windows\System32\cmd.exe'"
  248. powershell -ExecutionPolicy Bypass -NoProfile -Command "Remove-MpPreference -ControlledFolderAccessAllowedApplications '%~dp0WinDefCtl.exe'"
  249. exit

  251. :OUT
  252. exit
复制代码



使用方法WinDefCtl.ps1和 右键整合的批处理放同一目录 然后运行批处理 进行 右键功能添加和删除
网盘下载 自解压包也行https://cloud.189.cn/t/qUf6va6n6N3q(访问码:df2a)



回复

使用道具 举报

2#
发表于 昨天 16:36 | 只看该作者
感谢您的分享!
回复

使用道具 举报

3#
发表于 昨天 16:44 | 只看该作者
感谢分享!
回复

使用道具 举报

4#
发表于 昨天 16:55 | 只看该作者
感谢分享!
回复

使用道具 举报

smile_z
5#
发表于 昨天 17:00 | 只看该作者
感谢分享
回复

使用道具 举报

6#
发表于 昨天 17:09 | 只看该作者
谢谢大佬分享
回复

使用道具 举报

7#
发表于 昨天 17:16 | 只看该作者
感谢分享
回复

使用道具 举报

8#
发表于 昨天 17:27 | 只看该作者
感谢分享
回复

使用道具 举报

9#
发表于 昨天 17:50 | 只看该作者
这个强大
回复

使用道具 举报

womwom
10#
发表于 昨天 18:06 | 只看该作者
感谢分享
回复

使用道具 举报

bnsyy
11#
发表于 昨天 18:07 | 只看该作者
感谢分享!
回复

使用道具 举报

hmaaaa
12#
发表于 昨天 18:08 | 只看该作者
感謝大大分享!^^ 辛苦了!
回复

使用道具 举报

13#
发表于 昨天 18:28 | 只看该作者
谢谢楼主分享
回复

使用道具 举报

nie956
14#
发表于 昨天 18:41 | 只看该作者
这个好,感谢分享
回复

使用道具 举报

lyrgcy
15#
发表于 昨天 18:44 | 只看该作者
感谢分享,收下了
回复

使用道具 举报

it323
16#
发表于 昨天 19:16 | 只看该作者
感谢分享!
回复

使用道具 举报

17#
发表于 昨天 19:27 | 只看该作者
感谢分享
回复

使用道具 举报

18#
发表于 昨天 20:06 | 只看该作者
可以直接分析文件吗?复制出来的好像有中文符号

点评

qq8899399
我上传不了压缩文件。。。。。  详情 回复 发表于 昨天 20:13
回复

使用道具 举报

19#
 楼主| 发表于 昨天 20:13 | 只看该作者
yuaijueyuan 发表于 2025-12-13 20:06
可以直接分析文件吗?复制出来的好像有中文符号

我上传不了压缩文件。。。。。
回复

使用道具 举报

20#
发表于 昨天 20:29 | 只看该作者
qq8899399 发表于 2025-12-13 20:13
我上传不了压缩文件。。。。。

上链接

点评

qq8899399
https://cloud.189.cn/t/qUf6va6n6N3q(访问码:df2a)  详情 回复 发表于 昨天 20:47
回复

使用道具 举报

21#
 楼主| 发表于 昨天 20:47 | 只看该作者
yuaijueyuan 发表于 2025-12-13 20:29
上链接

https://cloud.189.cn/t/qUf6va6n6N3q(访问码:df2a)

点评

zhtq
好人  详情 回复 发表于 昨天 21:13
回复

使用道具 举报

zhtq
22#
发表于 昨天 21:13 | 只看该作者
qq8899399 发表于 2025-12-13 20:47
https://cloud.189.cn/t/qUf6va6n6N3q(访问码:df2a)

好人
回复

使用道具 举报

in9
23#
发表于 昨天 21:14 | 只看该作者
谢谢楼主分享,谢谢20楼朋友上传分享!
回复

使用道具 举报

a66
24#
发表于 昨天 21:36 | 只看该作者
支持折腾~
回复

使用道具 举报

25#
发表于 昨天 21:54 | 只看该作者
感谢您的分享!
回复

使用道具 举报

26#
发表于 昨天 22:03 | 只看该作者
这个有点意思  谢谢分享
回复

使用道具 举报

27#
发表于 昨天 22:43 | 只看该作者
有能卸载 小娜的吗
回复

使用道具 举报

ynb168c
28#
发表于 昨天 22:49 | 只看该作者
感谢分享
回复

使用道具 举报

1801403
29#
发表于 1 小时前 | 只看该作者
原版系统很有用的。
回复

使用道具 举报

30#
发表于 1 小时前 | 只看该作者
纯路过~
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2025-12-14 02:16

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表