REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]" REG: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv" /s REG: Reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /s ListPermissions: C:\Windows\System32\drivers\luafv.sys ListPermissions: C:\Program Files\Windows Defender\MsMpEng.exe ListPermissions: C:\Program Files\Windows Defender\MpAsDesc.dll Unlock: C:\Windows\System32\drivers\luafv.sys Unlock: C:\Program Files\Windows Defender\MsMpEng.exe Unlock: C:\Program Files\Windows Defender\MpAsDesc.dll Unlock: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv" Unlock: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" Folder: C:\Program Files\Windows Defender CMD: sc query luafv CMD: sc query WinDefend CMD: sc start luafv CMD: sc start WinDefend CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"