Disable or Modify Firewall, EDR, or AV

Secondary Categories: 02-Defense Evasion

Basic Commands

# Disable real-time monitoring for Windows Defender
Set-MpPreference -DisableRealtimeMonitoring $true
 
# Disable Windows firewall
netsh advfirewall set allprofiles state off
 
# Manually disable antivirus 
taskkill /F /IM avprocess.exe
 
# Stop an antivirus service
net stop "$service_name"
 
# Disable a Windows service
sc config "service name" start= disabled

Disable Antivirus via GUI

If the user is has permissions to modify the AV settings you can set exclusions on directories or file to ignore when scanning.

Cisco AMP
Windows Defender

You may also be able to view the list of exclusions on some antivirus/EDR endpoints too

Resources:

Title	URL
place	holder

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Disable or Modify Firewall, EDR, or AV

Basic Commands

Disable Antivirus via GUI

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer