简体   繁体   中英

I can't turn off Real Time Protection via Powershell

I want to try reverse shell. I tried to turn off Real Time Protection using Powershell command: Set-MpPreference -DisableRealtimeMonitoring $true

But it doesn't work. I am pretty sure I did everything right. I opened it as administrator and ran the command. I tried restarting the windows, but it still doesn't work

Make sure you also turn off firewall, too. In PowerShell use this command:

netsh advfirewall set all profiles state off

This should do the trick; just tested it with reverse shell in Empire.

Also, keep in mind that uponr reboot, Realtime Monitoring is activated again (if you want persistence, you should find a workaround). Firewall, though, remains deactivated until you enable it again.

I found it guys. I had to turn the tamper protection off. But I found no way to turn it off via powershell on internet

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM