Secondary Categories: 02-Defense Evasion
Basic Commands
# Disable real-time monitoring for Windows Defender
Set-MpPreference -DisableRealtimeMonitoring $true
# Disable Windows firewall
netsh advfirewall set allprofiles state off
# Manually disable antivirus
taskkill /F /IM avprocess.exe
# Stop an antivirus service
net stop "$service_name"
# Disable a Windows service
sc config "service name" start= disabled
Disable Antivirus via GUI
If the user is has permissions to modify the AV settings you can set exclusions on directories or file to ignore when scanning.
- Cisco AMP
- Windows Defender
You may also be able to view the list of exclusions on some antivirus/EDR endpoints too
Resources:
Title | URL |
---|---|
place | holder |
Also Check Out:
- PLACEHOLDER