Windows Defender detects my scripts as “HackTool:BAT/AutoKMS”

Posted by in Microsoft Software Products | Last updated on

Based on testing on some Windows devices, I have just relized that Microsoft disallowed to use KMS scripts in the recent update. To reconfirm this, I uploaded a batch script file to VirusTotal and here is the result.

There is no offical reason or notification and it just was a quiet event. I think many you guys here were surprised, even shocked as soon as you heard this news. However, Microsoft’s move this time is easy to understand.

1. Batch script is not recommend anymore

KMS commands are developed by Microsoft but the batch scripts are not. They are just contain a batch of KMS commands and written by individuals like me. My purpose of creating the scripts is help you guys save your time instead of running all commands, one by one in the command prompt or Windows power shell. But this method has never been treated as an official method because opening batch file with admin rights is not recommended by Microsoft. For example, if the author inserts the command formatting disk into the script, all you data will be lost.

2. Batch script is used to fleece others

As you guys know, my Paypal accounts has been limited permanently because many people reported me to Paypal and said that I had sold them fake product keys on eBay. Someone has used my name to create an online shop and sell all my scripts. He told buyers a brazen lie that the scripts he sold is the new generation of digital license. It goes without saying people who are willing to spend a few dozen of dollars to order them have never known my site and my work. And they are willing to report the author of the scripts too when they realized the truth without finding out carefully. 🙁

The move of Microsoft will clear all opportunists and swindlers and I’m all for it. I will replace the KMS scripts from all my posts with the manual method in the coming time. Finally, I would like to thank you guys for always standing by my side. Your support and your encouragement mean a lot to me. It only remains for me to thank.

If you would have any questions or concerns, please leave your comments. I would be glad to explain in more details. Thank you so much for all your feedback and support!

For faster support, please visit here for troubleshooting. Need more help? Please email me at

Leave a Reply

Your email address will not be published. Required fields are marked *

21 thoughts on “Windows Defender detects my scripts as “HackTool:BAT/AutoKMS”

  1. gnig

    Change the contents of the file a bit.
    I moved all echo commands to new lines (replaced all “&echo” with “echo”) and windows defender no longer detects the script (uploaded to virustotal as well and only eset antivirus saw it)

  2. Sandra Wood

    Hi i am unable to activate MS Office 2019.
    I am not able to open a new text file as the New is not an option (not highlited)
    Is there amother way to activate.

  3. Joe Marsillo

    Cannot activate MS Office 2016 Pro Plus using 1click or activator as admin. Says it contains virus. I purchased an unlimited license for 64 bit and not everytime it loads it says I’ve exceeded limit. And your script no longer works.
    Joe Marsillo

  4. Ger

    Hello from Chile

    I commented that I just activated with the Script method as it appears in your Blog, Windows 10 1903 and Office 2016 and I had no problems, I also deactivated the Windows Defender momentarily to avoid problems.

    Regards, Great job and keep it up

    1. kWong

      Top search: Install and activate Office 2019 for FREE legally using Volume license

      Top search: How to install and use Project / Visio (2016/2019) without product key



    1. Blitz

      you can keep using the batch files, but you have to turn off windows defender for the time being. (not recommend) so if you turn off to do this, be sure to turn right back on

      1. Jim Raynor

        I overrided Windows Defender (it says “this is threat”, and I specified that “this is NOT a threat, allow it”. Then WD allow the file to be there and allowed me to run it. However, the message I receive is always “The connection to KMS server failed”…. so I don’t know if the author removed this method server-side.