From 10eddcd7ad58cc07fa6dfdb96b8db9c8de6cf701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alan=20P=C5=82=C3=B3cieniak?= Date: Sun, 18 Dec 2022 22:39:46 +0100 Subject: [PATCH 1/7] #430 | DefenderServices check (edge-cases) --- .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ .../Module/Sophia.psm1 | 28 +++++++------------ 6 files changed, 60 insertions(+), 108 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 index db1b7228..00ea2c74 100644 --- a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 @@ -289,24 +289,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion" -Name EditionID) -ne "EnterpriseG") @@ -8444,7 +8436,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 index e54b89ba..82aad2d1 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 @@ -271,24 +271,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -6877,7 +6869,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 index 6b32f48a..fd16ab34 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 @@ -271,24 +271,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -7498,7 +7490,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 index d1e6aae8..dc36228b 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 @@ -289,24 +289,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion" -Name EditionID) -ne "EnterpriseG") @@ -8452,7 +8444,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 index 68125233..d8ce6493 100644 --- a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 @@ -298,24 +298,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -7915,7 +7907,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 index 38a56ed7..01e2083f 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 @@ -298,24 +298,16 @@ function Checks } # Checking services - @("Windefend", "SecurityHealthService", "wscsvc") | ForEach-Object -Process { - if ($null -eq (Get-Service -Name $_ -ErrorAction Ignore)) - { - $Localization.WindowsBroken - exit - } - else - { - if ((Get-Service -Name $_).Status -eq "running") - { - $Script:DefenderServices = $true - } - else - { - $Script:DefenderServices = $false - } - } + try + { + $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } + catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + $Localization.WindowsBroken + exit + } + [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender).AntispywareEnabled) @@ -7923,7 +7915,7 @@ namespace RegistryUtils uint maxValueLen; uint securityDescriptor; StringBuilder sb; - + if (RegQueryInfoKey(hKey, out sb, ref lpcbClass, lpReserved, out lpcbSubKeys, out lpcbMaxKeyLen, out lpcbMaxClassLen, out lpcValues, out maxValueName, out maxValueLen, out securityDescriptor, ref lastModified) != 0) { From 2283fc39e3a13bb34a087772c2de52a118a8add7 Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 19 Dec 2022 15:07:58 +0300 Subject: [PATCH 2/7] Update Sophia.psm1 --- src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 index 00ea2c74..82faf721 100644 --- a/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10/Module/Sophia.psm1 @@ -291,13 +291,14 @@ function Checks # Checking services try { - $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + $Services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } - catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + catch [Microsoft.PowerShell.Commands.ServiceCommandException] + { $Localization.WindowsBroken exit } - [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + [array]$notRunning = $Services | Where-Object -FilterScript {$_.Status -ne "running"} $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled From f095515d87e4046dba8688968f316182bcdae742 Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 19 Dec 2022 15:08:26 +0300 Subject: [PATCH 3/7] Update Sophia.psm1 --- .../Module/Sophia.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 index 82aad2d1..b1d224c1 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2019/Module/Sophia.psm1 @@ -273,13 +273,14 @@ function Checks # Checking services try { - $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + $Services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } - catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + catch [Microsoft.PowerShell.Commands.ServiceCommandException] + { $Localization.WindowsBroken exit } - [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + [array]$notRunning = $Services | Where-Object -FilterScript {$_.Status -ne "running"} $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled From 770a009e08c461918e6bd30d39011bdbe35c113b Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 19 Dec 2022 15:08:51 +0300 Subject: [PATCH 4/7] Update Sophia.psm1 --- .../Module/Sophia.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 index fd16ab34..5353bebc 100644 --- a/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_LTSC_2021/Module/Sophia.psm1 @@ -273,13 +273,14 @@ function Checks # Checking services try { - $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + $Services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } - catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + catch [Microsoft.PowerShell.Commands.ServiceCommandException] + { $Localization.WindowsBroken exit } - [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + [array]$notRunning = $Services | Where-Object -FilterScript {$_.Status -ne "running"} $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled From 0380bc10afadc6cc5cc0272f024c4026a171daab Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 19 Dec 2022 15:09:11 +0300 Subject: [PATCH 5/7] Update Sophia.psm1 --- .../Module/Sophia.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 index dc36228b..d2c45411 100644 --- a/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_10_PowerShell_7/Module/Sophia.psm1 @@ -291,13 +291,14 @@ function Checks # Checking services try { - $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + $Services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } - catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + catch [Microsoft.PowerShell.Commands.ServiceCommandException] + { $Localization.WindowsBroken exit } - [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + [array]$notRunning = $Services | Where-Object -FilterScript {$_.Status -ne "running"} $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled From c8224c91e591e12cdbeeb3a31c0e5adc4b1ea221 Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 19 Dec 2022 15:09:22 +0300 Subject: [PATCH 6/7] Update Sophia.psm1 --- src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 index d8ce6493..4f4815e3 100644 --- a/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11/Module/Sophia.psm1 @@ -300,13 +300,14 @@ function Checks # Checking services try { - $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + $Services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } - catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + catch [Microsoft.PowerShell.Commands.ServiceCommandException] + { $Localization.WindowsBroken exit } - [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + [array]$notRunning = $Services | Where-Object -FilterScript {$_.Status -ne "running"} $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled From 5bd7cb9b7bc25e755cbddab9ce1481fb3ccb51df Mon Sep 17 00:00:00 2001 From: Dmitry Nefedov Date: Mon, 19 Dec 2022 15:09:29 +0300 Subject: [PATCH 7/7] Update Sophia.psm1 --- .../Module/Sophia.psm1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 index 01e2083f..fab8124e 100644 --- a/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 +++ b/src/Sophia_Script_for_Windows_11_PowerShell_7/Module/Sophia.psm1 @@ -300,13 +300,14 @@ function Checks # Checking services try { - $services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop + $Services = Get-Service -Name Windefend, SecurityHealthService, wscsvc -ErrorAction Stop } - catch [Microsoft.PowerShell.Commands.ServiceCommandException] { + catch [Microsoft.PowerShell.Commands.ServiceCommandException] + { $Localization.WindowsBroken exit } - [array]$notRunning = $services | Where-Object -FilterScript {$_.Status -ne "running"} + [array]$notRunning = $Services | Where-Object -FilterScript {$_.Status -ne "running"} $Script:DefenderServices = $notRunning.Count -eq 0 # Specifies whether Antispyware protection is enabled