From 10eddcd7ad58cc07fa6dfdb96b8db9c8de6cf701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alan=20P=C5=82=C3=B3cieniak?= Date: Sun, 18 Dec 2022 22:39:46 +0100 Subject: [PATCH] #430 | DefenderServices check (edge-cases) --- .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ 6 files changed, 60 insertions(+), 108 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 index db1b7228..00ea2c74 100644 --- a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 @@ -289,24 +289,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion" -Name EditionID) -ne "EnterpriseG") @@ -8444,7 +8436,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 index e54b89ba..82aad2d1 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 @@ -271,24 +271,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -6877,7 +6869,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 index 6b32f48a..fd16ab34 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 @@ -271,24 +271,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -7498,7 +7490,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 index d1e6aae8..dc36228b 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 @@ -289,24 +289,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion" -Name EditionID) -ne "EnterpriseG") @@ -8452,7 +8444,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 index 68125233..d8ce6493 100644 --- a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 @@ -298,24 +298,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -7915,7 +7907,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 index 38a56ed7..01e2083f 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 @@ -298,24 +298,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -7923,7 +7915,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) {