关闭所有的安全缓解措施-卡顿元凶

fulibo

Windows Registry Editor Version 5.00
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableDevDriveProtection.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection]
"DisableAsyncScanOnOpen"=dword:00000001
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableLSAProtection.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"RunAsPPL"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001
"everyoneincludesanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"SCENoApplyLegacyAuditPolicy"=dword:00000000
"LsaConfigFlags"=dword:00000000
"RunAsPPL"=dword:00000000
"RunAsPPLBoot"=dword:00000000
"LmCompatibilityLevel"=-
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMaintenanceTaskreportinginSecurityHealthUI.reg

; disables reporting of things from Maintenance Task in Windows Security App

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health]

[HKEY_CURRENT_USER\Software\Microsoft\Windows Security Health\State]
"Disabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Security Health\Platform]
"Registered"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableMicrosoftVulnerabileDriverBlocklist.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config]
"VulnerableDriverBlocklistEnable"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSmartScreen.reg

; Disable SmartScreen for Microsoft Edge

[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter]
"EnabledV9"=dword:00000000
"PreventOverride"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Edge]
"SmartScreenEnabled"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Edge\SmartScreenEnabled]
@=dword:00000000

; Disable SmartScreen in File Explorer and Windows Shell

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="off"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000
"ShellSmartScreenLevel"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableSmartScreenInShell]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\EnableAppInstallControl]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\SmartScreen\PreventOverrideForFilesInShell]
"value"=dword:00000000

; Disable SmartScreen for Microsoft Store Apps

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000000
"PreventOverride"=dword:00000000

; Configure App Install Control

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SmartScreen]
"ConfigureAppInstallControlEnabled"=dword:00000001
"ConfigureAppInstallControl"="Anywhere"
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSpyNetTelemetry.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"DisableBlockAtFirstSeen"=dword:00000001
"LocalSettingOverrideSpynetReporting"=dword:00000000
"SpynetReporting"=dword:00000000
"SubmitSamplesConsent"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\SpyNet]
"SpyNetReporting"=dword:00000000
"LocalSettingOverrideSpyNetReporting"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableSystemMitigations.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsMitigation]
"UserPreference"=dword:00000002

; In-kernel Mitigations

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationAuditOptions"=hex:00,00,00,00,00,00,20,22,00,00,00,00,00,00,00,20,00,00,00,00,00,00,00,00
"MitigationOptions"=hex:00,22,22,20,22,20,22,22,20,00,00,00,00,20,00,20,00,00,00,00,00,00,00,00
"KernelSEHOPEnabled"=dword:00000000

; Disable Spectre & Meltdown Mitigations

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"FeatureSettings"=dword:00000001
"FeatureSettingsOverride"=dword:00000003
"FeatureSettingsOverrideMask"=dword:00000003

; Services Mitigations

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SCMConfig]
"EnableSvchostMitigationPolicy"=hex(b):00,00,00,00,00,00,00,00
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableTamperProtection.reg

; Remove Defender's Tamper Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"MpPlatformKillbitsFromEngine"=hex:00,00,00,00,00,00,00,00
"TamperProtectionSource"=dword:00000000
"MpCapability"=hex:00,00,00,00,00,00,00,00
"TamperProtection"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableUAC.reg

; Disable UAC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"ConsentPromptBehaviorAdmin"=dword:00000000
"ConsentPromptBehaviorUser"=dword:00000000
"FilterAdministratorToken"=dword:00000001
"LocalAccountTokenFilterPolicy"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000001
"EnableSecureUIAPaths"=dword:00000000
"DelayedDesktopSwitchTimemout"=dword:00000000
"PromptOnSecureDesktop"=dword:00000000

; Fix mouse cursor dissapeiring

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableCursorSuppression"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\DisableVBS.reg

; Reset values for Virtualization Settings

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology]

; Disable Virtualization Based Security

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"EnableVirtualizationBasedSecurity"=dword:00000000
"HypervisorEnforcedCodeIntegrity"=dword:00000000
"HVCIMATRequired"=dword:00000000
"LsaCfgFlags"=dword:00000000
"ConfigureSystemGuardLaunch"=dword:00000002
"RequirePlatformSecurityFeature"=dword:00000000
"CachedDrtmAuthIndex"=dword:00000000
"RequireMicrosoftSignedBootChain"=dword:00000001
"Locked"=dword:00000000
"RequirePlatformSecurityFeatures"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity]
"Enabled"=dword:00000000
"Locked"=dword:00000000
"WasEnabledBy"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\HypervisorEnforcedCodeIntegrity]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\EnableVirtualizationBasedSecurity]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\ConfigureSystemGuardLaunch]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\LsaCfgFlags]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeviceGuard\RequirePlatformSecurityFeatures]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\VirtualizationBasedTechnology\RequireUEFIMemoryAttributesTable]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard]
"DeployConfigCIPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\CredentialGuard]
"Enabled"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\ExploitGuard_d.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access]
"EnableControlledFolderAccess"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"ExploitGuard_ASR_Rules"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MpGears]
"HeartbeatTrackingIndex"=dword:00000000
"SpyNetReportingLocation"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR]
"EnableASRConsumers"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\MitigationofFaultTorelantHeap.reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"Enabled"=dword:00000000
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemovalofAnti-PhishingServices.reg

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\WebThreatDefSvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-

; From Disabler

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyPasswordReuse"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WTDS\Components]
"NotifyMalicious"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\AuditMode]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\NotifyUnsafeOrReusedPassword]
"value"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WebThreatDefense\ServiceEnabled]
"value"=dword:00000000

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webthreatdefusersvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WebThreatDefense]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"WebThreatDefense"=-
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\Remove and Disable Microsoft Pluton.reg

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHsp2]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlutonHeci]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hsp]
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveSecurityandMaintenance.reg

[-HKEY_CLASSES_ROOT\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}]
; File: E:\Projects\Development\GitHub Repos\Listed Repos\windows-defender-remover\Remove_SecurityComp_moduled\RemoveWindowsDefenderFirewallRules.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WebThreatDefSvc_Allow_In"=-
"WebThreatDefSvc_Allow_Out"=-
"WebThreatDefSvc_Block_In"=-
"WebThreatDefSvc_Block_Out"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2A5FE97D-01A4-4A9C-8241-BB3755B65EE0}"=-
"72e33e44-dc4c-40c5-a688-a77b6e988c69"=-
"b23879b5-1ef3-45b7-8933-554a4303d2f3"=-

oar

谢谢分享，这个有必要讨论一波的

oar

腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡顿的操作确实可能对性能产生一定影响，但需结合具体场景和风险综合评估：

​一、关闭安全功能对性能的影响
​减少实时资源占用
注册表文件中禁用了Windows Defender实时防护（DisableAsyncScanOnOpen）、SmartScreen文件扫描、漏洞驱动阻止列表（VulnerableDriverBlocklistEnable）等功能。

这些安全机制通常会在文件打开、程序启动时进行扫描，关闭后可减少CPU和磁盘I/O的瞬时占用，从而缓解文件资源管理器卡顿或程序启动延迟。
​降低内存和内核负担

禁用虚拟化安全（VBS）、内核隔离（MitigationOptions）和内存完整性保护（HypervisorEnforcedCodeIntegrity）会释放被安全机制占用的内存，减少系统服务的后台负载。
例如，VBS需要专用内存区域（如Credential Guard），关闭后可释放这部分资源。
​优化系统响应

关闭用户账户控制（UAC）和部分安全策略（如RunAsPPL）能减少权限验证的等待时间，提升操作流畅度。
​二、实际效果与局限性
​卡顿改善的适用场景

若卡顿主要由安全组件的实时扫描引起（如打开含大量文件的文件夹、运行未签名程序），此类优化会较明显。例如，网页1提到修改FolderType键值可加快文件夹加载速度，而禁用Defender扫描进一步减少干扰。
但若卡顿源于硬件性能不足（如机械硬盘、内存≤8GB），关闭安全功能的效果可能有限，需配合硬件升级。
​潜在风险与副作用

​安全防护降级：禁用Defender、SmartScreen等会增加恶意软件感染风险，尤其在访问不明文件或网站时。
​系统稳定性问题：例如关闭虚拟化安全（VBS）可能导致依赖该技术的应用（如某些游戏反作弊系统）无法运行。
​功能缺失：禁用UAC后，部分需要管理员权限的操作可能无法正常触发提示，增加误操作风险。
​三、替代优化建议
若希望平衡性能与安全性，可参考以下方案：

​针对性关闭高负载功能

仅禁用对当前场景影响较大的安全组件（如保留Defender但关闭实时扫描），而非全部关闭。
​清理无效注册表项

使用CCleaner等工具清理残留无效键值（如已卸载程序的注册表信息），避免注册表臃肿拖慢系统。
​硬件与系统设置优化

升级SSD、增加内存，或关闭透明效果/动画（通过性能选项调整），这些改动更安全且效果显著。
​总结
您的注册表修改可能缓解由安全组件引起的卡顿，尤其在文件操作、多任务场景下。然而，全面禁用安全措施会显著增加系统风险。建议：

优先关闭已验证对当前使用场景影响较大的功能（如文件夹扫描），而非“一刀切”禁用所有防护。
结合硬件升级（如更换SSD）和系统优化（清理启动项、关闭动画），实现更安全的性能提升。
操作前备份注册表，以便出现兼容性问题时快速恢复。

yc2428

谢谢分享

y迎旭

学习一啵

2010zihan

DefenderRemover不是专干这活儿的吗

9zhmke

感谢波波同学为大家带来自己获取知识的分享。
呃，不过波波同学啊，能不能在你的每个注册表段的前面加个注释？这样大家可能更能够领会到技术界的分享精神。

valen21

没有注释，都不知道具体关闭了什么

hmaaaa

感謝大大分享!^^ 辛苦了！

小灰兔

感谢分享

andylxh

感谢楼主分享

花盗睡鼠

感谢资源共享经济

ylac

谢谢楼主分享

ddonglliu

注册表下手需谨慎！！！

wang1126

谢谢楼主分享

董大

感谢楼主分享!知识的分享给力！

fegr

谢谢分享

wuhu3000

oar 发表于 2025-3-14 20:26
腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡 ...

谢谢分享

gamezboy

正好电脑卡，谢谢楼主分享

wjkw

谢谢大佬分享！

qytjc

装的影子系统，开机就还原了！从不担心病毒！

2011lanz

学习了，谢谢大佬分享！

无痕Love恨天

oar 发表于 2025-3-14 20:26
腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡 ...

哈哈

昔日石琴

所以是哪个系统用的？10还是11？

zxas1218

oar 发表于 2025-3-14 20:26
腾讯元宝这么叽歪的

根据您提供的注册表文件内容和相关技术文档分析，这类通过禁用系统安全功能来缓解卡 ...

现在的ai都这么厉害了？注册表都能解读吗

iwkd00

谢谢