@echo off
:: 检查管理员权限
fltmc >nul 2>&1 || (echo 请以管理员身份运行 && pause && exit /b 1)
echo 正在深度清理Windows Defender残留组件...
:: 服务控制
net stop WinDefend >nul 2>&1
net stop WdNisSvc >nul 2>&1
net stop SecurityHealthService >nul 2>&1
net stop Sense >nul 2>&1
sc config WinDefend start= disabled >nul 2>&1
sc config WdNisSvc start= disabled >nul 2>&1
sc config SecurityHealthService start= disabled >nul 2>&1
sc config Sense start= disabled >nul 2>&1
:: 注册表清理
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f >nul 2>&1
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f >nul 2>&1
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v HideSCAHealth /t REG_DWORD /d 1 /f >nul 2>&1
reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f >nul 2>&1
:: 托盘缓存清除
taskkill /f /im explorer.exe >nul 2>&1
reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" /v IconStreams /f >nul 2>&1
reg delete "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify" /v PastIconsStream /f >nul 2>&1
start explorer.exe >nul 2>&1
:: 组策略强化
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Client Interface" /v EnableHeadlessUI /t REG_DWORD /d 1 /f >nul 2>&1
echo 操作完成!请重启计算机使设置生效。
pause