Disable or Modify Tools
MITRE ATT&CK, Defense Evasion, Sub-technique T1562.001
Methods
# Disable real-time monitoring for Windows Defender
Set-MpPreference -DisableRealtimeMonitoring $true
# Disable Windows firewall
netsh advfirewall set allprofiles state off
# Manually disable antivirus
taskkill /F /IM avprocess.exe
# Stop an antivirus service
net stop "$service_name"
# Disable a Windows service
sc config "service name" start= disabledDisable Antivirus via the GUI
Last updated