Disable Windows Defender Functionalities Via Registry Keys

Action1: actionname = "Registry value modified" AND (OBJECTNAME contains "\SOFTWARE\Microsoft\Windows Defender\,\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\,\SOFTWARE\Policies\Microsoft\Windows Defender" OR (OBJECTNAME endswith "\SOFTWARE\Microsoft\Windows Defender" AND isExist(OBJECTVALUENAME))) AND (((OBJECTNAME endswith "\DisableAntiSpyware,\DisableAntiVirus,\DisableBehaviorMonitoring,\DisableBlockAtFirstSeen,\DisableEnhancedNotifications,\DisableIntrusionPreventionSystem,\DisableIOAVProtection,\DisableOnAccessProtection,\DisableRealtimeMonitoring,\DisableScanOnRealtimeEnable,\DisableScriptScanning" OR (isExist(OBJECTNAME) AND OBJECTVALUENAME = "DisableAntiSpyware")) AND (INFORMATION = "DWORD (0x00000001)" OR (CHANGES = 1 AND NEWTYPE = "REG_DWORD"))) OR ((OBJECTNAME endswith "\DisallowExploitProtectionOverride,\Features\TamperProtection,\MpEngine\MpEnablePus,\PUAProtection,\Signature Update\ForceUpdateFromMU,\SpyNet\SpynetReporting,\SpyNet\SubmitSamplesConsent,\Windows Defender Exploit Guard\Controlled Folder Access\EnableControlledFolderAccess" OR (isExist(OBJECTNAME) AND OBJECTVALUENAME = "DisallowExploitProtectionOverride")) AND (INFORMATION = "DWORD (0x00000000)" OR (CHANGES = 0 AND NEWTYPE = "REG_DWORD")))) AND (PROCESSNAME notstartswith "C:\Program Files\Symantec\Symantec Endpoint Protection" OR PROCESSNAME notendswith "\sepWscSvc64.exe") select Action1.HOSTNAME,Action1.MESSAGE,Action1.OBJECTNAME,Action1.PROCESSNAME,Action1.PREVVAL,Action1.CHANGES