Windows Defender & Firewall Repair Tool
Restore Windows security components after privacy tools have disabled them
DefenderShield is a comprehensive repair tool designed to restore Windows Defender and Windows Firewall after they've been disabled by privacy tools like privacy.sexy, O&O ShutUp10, Windows debloaters, or manual registry modifications.
Many users run privacy scripts to reduce telemetry but accidentally disable critical security components. DefenderShield reverses these changes with a simple GUI interface, letting you choose exactly which components to restore.
- Restores firewall service registry configurations
- Removes Group Policy blocks
- Enables all firewall profiles (Domain, Private, Public)
- Resets firewall to default settings
- Starts dependent services in correct order (BFE β mpssvc β IKEEXT β PolicyAgent)
- Restores all Defender service registry keys
- Removes 20+ known disabling registry values from Policy and direct paths
- Repairs Defender driver configurations (WdFilter, WdBoot, WdNisDrv)
- Re-enables disabled scheduled tasks
- Detects and removes malicious scheduled tasks that re-disable Defender
- Checks for and removes WMI event subscriptions targeting Defender
- Resets local Group Policy blocking Defender
- Re-registers Windows Security UWP app
- Enables all protection features via Set-MpPreference
- Triggers signature update
- Selective Repair: Choose to repair Firewall only, Defender only, or both
- System Restore Point: Optionally creates a restore point before making changes
- Comprehensive Logging: Detailed log saved to Desktop
- Registry Backup: Backs up registry keys before modification
- Error Resilient: Continues execution even if individual operations fail
- Auto-Elevation: Automatically requests administrator privileges
Main Interface
- OS: Windows 10 / Windows 11
- Privileges: Administrator
- PowerShell: 5.1 or later (included with Windows)
- Download
DefenderShield.ps1from the Releases page - Save to a convenient location (e.g., Desktop)
- Right-click
DefenderShield.ps1 - Select Run with PowerShell
- If prompted by UAC, click Yes
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
.\DefenderShield.ps1-
Select components to repair using the checkboxes:
- β Windows Firewall
- β Windows Defender Antivirus
- β Create System Restore Point (recommended)
-
Click Start Repair
-
Watch the status output for progress
-
When complete, click Restart PC (recommended)
If Windows Defender won't start after repair, you may need to:
- Open Windows Security
- Go to Virus & threat protection β Manage settings
- Turn OFF Tamper Protection
- Run DefenderShield again
- Turn Tamper Protection back ON
Tamper Protection is a security feature that prevents programs from modifying Defender settings. While it protects against malware, it also blocks legitimate repair tools.
| Component | Registry Keys | Services | Policies | Tasks |
|---|---|---|---|---|
| Firewall | β | β | β | β |
| Defender | β | β | β | β |
The tool removes/resets these common blocking values:
Policy Keys (HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\...)
DisableAntiSpywareDisableAntiVirusDisableRealtimeMonitoringDisableBehaviorMonitoringDisableOnAccessProtectionDisableIOAVProtectionDisableScanOnRealtimeEnable- And more...
Direct Keys (HKLM:\SOFTWARE\Microsoft\Windows Defender\...)
- Same values as above in the non-policy locations
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force- Restart your computer after running DefenderShield
- Check if Tamper Protection needs to be temporarily disabled
- Some deep modifications require Safe Mode to fully reverse
- Ensure Tamper Protection is OFF
- Run DefenderShield again
- Restart computer
- Check Windows Security app
- Ensure no third-party firewall is installed (they often disable Windows Firewall)
- Check if antivirus software is managing the firewall
| File | Location | Purpose |
|---|---|---|
DefenderShield_[timestamp].log |
Desktop | Detailed operation log |
DefenderShield_Backup_[timestamp]/ |
Desktop | Registry backups |
- β No data collection - Everything runs locally
- β No network requests - Except Windows Update signature downloads
- β Open source - Full source code available for review
- β Creates backups - Registry exported before changes
- β Restore point - Optional system restore point creation
Contributions are welcome! If you find a privacy tool that breaks Defender/Firewall in a way DefenderShield doesn't fix:
- Note the exact tool and settings used
- Check which registry keys were modified
- Open an issue with the details
This project is licensed under the MIT License - see the LICENSE file for details.
This tool modifies Windows system settings and registry values. While it creates backups and is designed to be safe:
- Use at your own risk
- Always have backups of important data
- Test in a VM first if unsure
- The author is not responsible for any issues arising from use of this tool
- Inspired by the need to help users who went too aggressive with privacy tools
- Thanks to the privacy.sexy project for documenting what registry keys control Windows security features
Made with β by Matt