Windows Defender detects my scripts as “HackTool:BAT/AutoKMS”

Posted by in Microsoft Software Products | Last updated on

Based on testing on some Windows devices, I have just relized that Microsoft disallowed to use KMS scripts in the recent update. To reconfirm this, I uploaded a batch script file to VirusTotal and here is the result.

There is no offical reason or notification and it just was a quiet event. I think many you guys here were surprised, even shocked as soon as you heard this news. However, Microsoft’s move this time is easy to understand.

1. Batch script is not recommend anymore

KMS commands are developed by Microsoft but the batch scripts are not. They are just contain a batch of KMS commands and written by individuals like me. My purpose of creating the scripts is help you guys save your time instead of running all commands, one by one in the command prompt or Windows power shell. But this method has never been treated as an official method because opening batch file with admin rights is not recommended by Microsoft. For example, if the author inserts the command formatting disk into the script, all you data will be lost.

2. Batch script is used to fleece others

As you know, my Paypal accounts has been limited permanently because many people reported me to Paypal and said that I had sold them fake product keys on eBay. Someone has used my name to create an online shop and sell all my scripts. He told buyers a brazen lie that the scripts he sold is the new generation of digital license. It goes without saying people who are willing to spend a few dozen of dollars to order them have never known my site and my work. And they are willing to report the author of the scripts too when they realized the truth without finding out carefully. 🙁

The move of Microsoft will clear all opportunists and swindlers and I’m all for it. I will replace the KMS scripts from all my posts with the manual method in the coming time. Finally, I would like to thank you guys for always standing by my side. Your support and your encouragement mean a lot to me. It only remains for me to thank.

Windows Defender detects my scripts as “HackTool:BAT/AutoKMS”
  • 4.90 / 5 5
59 votes, 4.90 avg. rating (96% score)

If you would have any questions or concerns, please leave your comments. I would be glad to explain in more details. Thank you so much for all your feedback and support!

For faster support, please visit here for troubleshooting. Need more help? Please email me at

Leave a Reply

Your email address will not be published. Required fields are marked *

44 thoughts on “Windows Defender detects my scripts as “HackTool:BAT/AutoKMS”

  1. IsmaeeL

    Dude, come on! You can’t just stop making scripts! I tried once to use manual but wasted two hours in vain. But in a few seconds using script I was successful. You can’t man, we love you, we love your work, you make everything easier, and most importantly we believe in and entirely trust you. I helped two schools in my town using your work. I helped many relatives. You are a legend, don’t stop, think of others; like me, and whomever you’ve helped. Every time I use your work on any machine, I disable the antivirus because I know it’s a false alert. YOU CAN’T STOP, YOU CAN’T QUIT. MICROSOFT AND THOSE PEOPLE WHO REPORTED YOU CAN GO TO H**L!!

  2. Burak Sahin

    Thank you very much !
    Now only 4 engines detected this file at virustotal.
    i think a few days later , all engines will say the file is clean 🙂
    i think its false positive. i trust and i know the batch file is clean.
    Thank you again sir.

  3. Flip

    Question #1. I have a licenced Office 2019 (\Office15\ folder) that does not have Visio or Project included.
    If I use your batch script to convert Office to Volume, will this affect the other Legitimate office products???
    Please add a statement about this in your guides. I think it is important for people to know what to do if they have Legit Office Student / Standard / Pro / Office365 Pro Plus / etc…
    Question #2. How do you convert from Volume back to the non-Volume “standard” licencing system? How can someone reverse the changes made?
    Cheers mate!!! Thank you for answering my questions! 😀

    1. kWong

      – C2R source is universal, you cannot remove or pick apps files

      – C2R ISO is not Retail or Volume, it’s the matter of how do you install it and what SKU you use
      with YAOCTRI, you can install Volume directly, with setup.exe you install Retail

  4. Selvin Funez

    Just want to thank you for your effort on helping us, too bad hear that news about people missusing your tools.

  5. DefenderOfRealm

    Thanks for your efforts to make our lives easier.

    I used your guide on how to activate office 2019 and created .cmd file and then auto execute it every a few days using task manager. It’s been great.

  6. Edgar


    I’m having trouble installing the MSProject 2019.
    I disabled my windows defender, and I followed every step on the way for both the batch and the manual steps (including admin rights), and I still can’t activate it.
    The process just stops in this step:

    I tried with both 2016 e 2019 versions already.
    Is there another way? Or am I missing something?

    Thanks in advance!

    1. kWong

      1st, all method here, fail can reactivate until success.

      Don’t have Office project 2019 and Office project 2016 on same PC.

      All method here, must run with admin right online as well.

      If your third party virus program block activation, disable for a while, retry activation. Then enable virus program.

      If still fail at activation, scan your windows system, solve all error found.

      restart PC, then retry the above step to activate your Project program.

  7. Doug

    My Office 2019 is still working normally, has all the updates and Windows Defender has not detected anything. Will my Office 2019 be deactivate in the future? Should I activate by manual method?

  8. gnig

    Change the contents of the file a bit.
    I moved all echo commands to new lines (replaced all “&echo” with “echo”) and windows defender no longer detects the script (uploaded to virustotal as well and only eset antivirus saw it)

  9. Sandra Wood

    Hi i am unable to activate MS Office 2019.
    I am not able to open a new text file as the New is not an option (not highlited)
    Is there amother way to activate.

  10. Joe Marsillo

    Cannot activate MS Office 2016 Pro Plus using 1click or activator as admin. Says it contains virus. I purchased an unlimited license for 64 bit and not everytime it loads it says I’ve exceeded limit. And your script no longer works.
    Joe Marsillo

  11. Ger

    Hello from Chile

    I commented that I just activated with the Script method as it appears in your Blog, Windows 10 1903 and Office 2016 and I had no problems, I also deactivated the Windows Defender momentarily to avoid problems.

    Regards, Great job and keep it up

    1. kWong

      Top search: Install and activate Office 2019 for FREE legally using Volume license

      Top search: How to install and use Project / Visio (2016/2019) without product key



      1. Alps

        Dear All and kWong,
        There is a way to still use KMS activation. Mine failed and I tried different ways. So kWong – please keep up the good work and keep making these activations going as I confirm it still can be done.
        Here is the method.

        1. Make a folder on the desktop (anyname). Keep the office installer on a separate USB and dont copy in it till you complete the process as under. Otherwise defender will delete the activator file while copying to this folder.
        2. Go to Settings-update & Security-windows security-virus & threat protection-vrus & threat protection settings-manage settings
        3. Turn off Real time protection, Turn off Automatic sample submission, turn off Tamper protection
        4. Click on Add or remove in Exclusions. Click Add exclusion and add the folder you created on desktop. Copy the Office 2019 installer iso and the activaton batch/cmd file to the folder we made on the desktop.
        5. Now add the activator cmd files or batch file in exclusions.
        6. Add process ‘cmd’ also in exclusions.

        Thats it.

        Now run as admin the activator cmd/batch file. You may get a red or blue bannertelling you that it is a threat. Just look for ‘Allow’ or Run anyway or More info on the same banner and it will run the files and activate.

        Remove now the contents from the folder and re enable all the virus & threat setting and ENJOY!

        1. kWong

          My internet security program won’t come up any problem to activate Windows and Office program.

          Here all method is provide by Microsoft, only server for activation is different between KMS host key members.

          I have no hint why Microsoft Defender etc go to stop activation, thanks for your reply.

          1. Alps

            Isn’t the reason obvious 🙂
            The are scared of you !!!
            So they are now blocking their own functionality. Anyways, this method works 100 percent. It was so bad otherwise that it even deleted the activation scripts from the USB etc that I tried to copy it from on the system. Luckily i had this stored on cloud as well.
            Thanks for your work!


        2. kWong

          May be Some people sell the same method for money but include Trojan or virus in the method provide. So , Microsoft simply block everyone use the KMS Activation method.

          It is not fair for everyone to use this site activation method, Microsoft should only block the one provide with Trojan or virus instead.

    1. Blitz

      you can keep using the batch files, but you have to turn off windows defender for the time being. (not recommend) so if you turn off to do this, be sure to turn right back on

      1. Jim Raynor

        I overrided Windows Defender (it says “this is threat”, and I specified that “this is NOT a threat, allow it”. Then WD allow the file to be there and allowed me to run it. However, the message I receive is always “The connection to KMS server failed”…. so I don’t know if the author removed this method server-side.