#cmd注册表关闭Windows defender
reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v DisableAntiSpyware /t reg_dword /d 1 /f
#cmd注册表恢复Windows defender
reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v DisableAntiSpyware /t reg_dword /d 0 /f
#cmd添加Windows defender排除项
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths" /v "c:\temp" /d 0 /t REG_DWORD /f
#NSudoLG.exe关闭Windows defender
NSudoLG.exe -U:T cmd /c "reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v DisableAntiSpyware /t reg_dword /d 1 /f"
#NSudoLG.exe恢复Windows defender
NSudoLG.exe -U:T cmd /c "reg add "HKLM\SOFTWARE\Microsoft\Windows Defender" /v DisableAntiSpyware /t reg_dword /d 0 /f"
#NSudoLG.exe添加Windows defender排除项
NSudoLG.exe -U:T cmd /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows De

AdvancedRun.exe /EXEFilename "%windir%\system32\cmd.exe" /CommandLine '/c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /d 1 /t REG_DWORD /f' /RunAs 8 /Run

#查看排除项
Get-MpPreference | select ExclusionPath
#关闭Windows defender
Set-MpPreference -DisableRealTimeMonitoring $true
#增加排除项
Add-MpPreference -ExclusionPath "c:\temp"
#删除排除项
Remove-MpPreference -ExclusionPath "C:\test"

Set-MpPreference -DisableRealtimeMonitoring $true

#查看版本（查看<antimalware platform version>）
dir "C:\ProgramData\Microsoft\Windows Defender\Platform\" /od /ad /b
#验证
dir "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\" | findstr

#查看被隔离的文件列表
MpCmdRun -Restore -ListAll
#恢复指定名称的文件至原目录
MpCmdRun -Restore -FilePath C:\phpstudy_pro\WWW\shell.php
#恢复所有文件至原目录
MpCmdRun -Restore -All
#查看指定路径是否位于排除列表中
MpCmdRun -CheckExclusion -path C:\phpstudy_pro\WWW\