搜索
查看: 621|回复: 17
收起左侧

[求助] 火绒自启项如何恢复

[复制链接]
ideal-3d
发表于 2019-11-9 21:06:42 | 显示全部楼层 |阅读模式
一时手贱,使用注册表文件关闭微软自带防病毒,结果却把火绒给干掉了

关闭Defender
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
"AllowFastServiceStartup"=dword:00000000
"DisableRoutinelyTakingAction"=dword:00000001
"ServiceKeepAlive"=dword:00000000
"RandomizeScheduleTaskTimes"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001
"DisableBehaviorMonitoring"=dword:00000001
"DisableIOAVProtection"=dword:00000001
"DisableInformationProtectionControl"=dword:00000001
"DisableIntrusionPreventionSystem"=dword:00000001
"DisableOnAccessProtection"=dword:00000001
"DisableRawWriteNotification"=dword:00000001
"DisableScanOnRealtimeEnable"=dword:00000001
"LocalSettingOverrideDisableRealtimeMonitoring"=dword:00000000
"LocalSettingOverrideDisableIntrusionPreventionSystem"=dword:00000001
"LocalSettingOverrideDisableIOAVProtection"=dword:00000000
"LocalSettingOverrideDisableBehaviorMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation]
"LocalSettingOverrideScan_ScheduleTime"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet]
"LocalSettingOverrideSpynetReporting"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\UX Configuration]
"SuppressRebootNotification"=dword:00000001
"Notification_Suppress"=dword:00000001
"UILockdown"=dword:00000001
;
;去除Windows10右键"使用Windows Defender扫描"
[-HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EPP]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPP]
;
;彻底去除任务栏Windows Defender 托盘图标
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
  46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
  00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,\
  53,00,41,00,53,00,43,00,75,00,69,00,4c,00,2e,00,65,00,78,00,65,00,22,00,00,\
  00
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDefender"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
  46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
  00,73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,\
  53,00,41,00,53,00,43,00,75,00,69,00,4c,00,2e,00,65,00,78,00,65,00,22,00,00,\
  00
;

重启后,现在任务管理器的火绒启动项没有了,火绒托盘也没有了

问题1:此时火绒是否还在防护状态?

问题2:如何在不覆盖安装的前提下,恢复火绒启动项和火绒托盘

问题3:上述的注册表文件中究竟是哪一项干掉了火绒
ideal-3d
 楼主| 发表于 2019-11-9 21:13:10 | 显示全部楼层
覆盖安装火绒后,查看注册表启动项,发现

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysdiag"="\"C:\\Program Files (x86)\\Huorong\\Sysdiag\\bin\\HipsTray.exe\""

再次干掉火绒,导入注册表,结果发现还无法导入

原因何在?
ideal-3d
 楼主| 发表于 2019-11-9 21:19:59 | 显示全部楼层
导入时,系统报警:
未能将所有数据成功写入注册表,某些项是由系统或其他进程打开的,或者你没有足够的权限执行此操作

干掉火绒启动项居然这么容易,加入火绒启动项居然这么难

我也是服了


ideal-3d
 楼主| 发表于 2019-11-9 21:22:05 | 显示全部楼层
今天周6,工程师不上班?
生命在于运动
发表于 2019-11-9 22:05:24 | 显示全部楼层
恶意灌水,这样的情况直接重装
ideal-3d
 楼主| 发表于 2019-11-10 08:38:45 | 显示全部楼层
星期天,或许火绒工程师又不上班

今天试了一下,在火绒的“注册表保护”中,勾选“启动项”,照样被干掉
ideal-3d
 楼主| 发表于 2019-11-10 08:40:51 | 显示全部楼层
@火绒工程师
ideal-3d
 楼主| 发表于 2019-11-10 08:59:46 | 显示全部楼层
原以为某个破解软件干掉了火绒,出了一身大汗。

笨人笨办法,重装原版W10,先装火绒,装一个软件就重启一次,看看火绒还健在不。

重启了几十次后,突然发现,原来是W10优化文件干掉了火绒

然后把注册表优化文件(网上收集的),按功能分成几十段,一段一重启,最终才发现,根源是关闭Defender这一段
火绒工程师
发表于 2019-11-10 12:04:09 | 显示全部楼层
您好,我们本地测试不会导致火绒起不来等情况,那个注册表无法导入是因为火绒保护着,所以不能导入~

您那边还可以复现此问题吗?如果还能复现,麻烦您录屏后将文件上传,我们看下或者直接加QQ:2109561508通过QQ发送哦~
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|卡饭乐购| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2019-11-18 12:04 , Processed in 0.081480 second(s), 17 queries .

快速回复 返回顶部 返回列表