Browse Source

Improved Microsoft Dender state checkings

pull/378/head
Dmitry Nefedov 2 years ago
parent
commit
5947bc069f
  1. 93
      Sophia Script/Sophia Script for Windows 10 LTSC 2019/Module/Sophia.psm1
  2. 89
      Sophia Script/Sophia Script for Windows 10 LTSC 2021/Module/Sophia.psm1
  3. 95
      Sophia Script/Sophia Script for Windows 10 PowerShell 7/Module/Sophia.psm1
  4. 93
      Sophia Script/Sophia Script for Windows 10/Module/Sophia.psm1
  5. 125
      Sophia Script/Sophia Script for Windows 11 PowerShell 7/Module/Sophia.psm1
  6. 124
      Sophia Script/Sophia Script for Windows 11/Module/Sophia.psm1

93
Sophia Script/Sophia Script for Windows 10 LTSC 2019/Module/Sophia.psm1

@ -87,6 +87,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -114,6 +116,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -126,6 +130,7 @@ function Checkings
Write-Warning -Message $Localization.UnsupportedLanguageMode
Start-Process -FilePath "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -141,6 +146,7 @@ function Checkings
$true
{
Write-Warning -Message $Localization.LoggedInUserNotAdmin
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -149,6 +155,7 @@ function Checkings
if ($PSVersionTable.PSVersion.Major -ne 5)
{
Write-Warning -Message ($Localization.UnsupportedPowerShell -f $PSVersionTable.PSVersion.Major, $PSVersionTable.PSVersion.Minor)
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -156,6 +163,7 @@ function Checkings
if ($Host.Name -match "ISE")
{
Write-Warning -Message $Localization.UnsupportedISE
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -167,6 +175,7 @@ function Checkings
Start-Process -FilePath "https://youtu.be/na93MS-1EkM"
Start-Process -FilePath "https://pikabu.ru/story/byekdor_v_win_10_tweaker_ili_sovremennyie_metodyi_borbyi_s_piratstvom_8227558"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -194,6 +203,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -249,6 +259,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -273,8 +284,21 @@ function Checkings
Get-ChildItem -Path $PSScriptRoot\..\ -File -Recurse -Force | Unblock-File
#region Defender Checkings
# Turn off Controlled folder access to let the script proceed
# Checking whether Defender wasn't disabled first
# Checking whether WMI is corrupted
try
{
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender -ErrorAction Stop | Out-Null
}
catch [Microsoft.Management.Infrastructure.CimException]
{
# Provider Load Failure exception
$Global:Error.Exception[-1]
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
# Check Microsoft Defender state
$productState = (Get-CimInstance -Namespace root/SecurityCenter2 -ClassName Antivirusproduct | Where-Object -FilterScript {$_.instanceGuid -eq "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"}).productState
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2)
if ($DefenderState -notmatch "00|01")
@ -335,10 +359,56 @@ function Checkings
$Script:DefenderAMEngineVersion = $true
}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and $Script:DefenderAMEngineVersion)
# Check whether Microsoft Defender was turned off
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $false) -eq 1)
{
$Script:DisableAntiSpyware = $true
}
else
{
$Script:DisableAntiSpyware = $false
}
}
catch {}
# Check whether real-time protection prompts for known malware detection
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $false) -eq 1)
{
$Script:DisableRealtimeMonitoring = $true
}
else
{
$Script:DisableRealtimeMonitoring = $false
}
}
catch {}
# Check whether behavior monitoring was disabled
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $false) -eq 1)
{
$Script:DisableBehaviorMonitoring = $true
}
else
{
$Script:DisableBehaviorMonitoring = $false
}
}
catch {}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and
$Script:DefenderAMEngineVersion -and (-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring))
{
# Defender is enabled
$Script:DefenderState = $true
$Script:DefenderEnabled = $true
switch ((Get-MpPreference).EnableControlledFolderAccess)
{
@ -346,6 +416,7 @@ function Checkings
{
Write-Warning -Message $Localization.ControlledFolderAccessDisabled
# Turn off Controlled folder access to let the script proceed
$Script:ControlledFolderAccess = $true
Set-MpPreference -EnableControlledFolderAccess Disabled
@ -7809,14 +7880,14 @@ function NetworkProtection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Disabled
}
@ -7866,14 +7937,14 @@ function PUAppsDetection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Disabled
}
@ -7926,14 +7997,14 @@ function DefenderSandbox
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 1
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 0
}
@ -9571,7 +9642,7 @@ public static void PostMessage()
Stop-Process -Name StartMenuExperienceHost -Force -ErrorAction Ignore
# Turn on Controlled folder access if it was turned off
if ($Script:DefenderState)
if ($Script:DefenderEnabled)
{
if ($Script:ControlledFolderAccess)
{

89
Sophia Script/Sophia Script for Windows 10 LTSC 2021/Module/Sophia.psm1

@ -87,6 +87,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -114,6 +116,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -126,6 +130,7 @@ function Checkings
Write-Warning -Message $Localization.UnsupportedLanguageMode
Start-Process -FilePath "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -141,6 +146,7 @@ function Checkings
$true
{
Write-Warning -Message $Localization.LoggedInUserNotAdmin
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -149,6 +155,7 @@ function Checkings
if ($PSVersionTable.PSVersion.Major -ne 5)
{
Write-Warning -Message ($Localization.UnsupportedPowerShell -f $PSVersionTable.PSVersion.Major, $PSVersionTable.PSVersion.Minor)
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -156,6 +163,7 @@ function Checkings
if ($Host.Name -match "ISE")
{
Write-Warning -Message $Localization.UnsupportedISE
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -167,6 +175,7 @@ function Checkings
Start-Process -FilePath "https://youtu.be/na93MS-1EkM"
Start-Process -FilePath "https://pikabu.ru/story/byekdor_v_win_10_tweaker_ili_sovremennyie_metodyi_borbyi_s_piratstvom_8227558"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -194,6 +203,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -249,6 +259,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -273,8 +284,21 @@ function Checkings
Get-ChildItem -Path $PSScriptRoot\..\ -File -Recurse -Force | Unblock-File
#region Defender Checkings
# Turn off Controlled folder access to let the script proceed
# Checking whether Defender wasn't disabled first
# Checking whether WMI is corrupted
try
{
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender -ErrorAction Stop | Out-Null
}
catch [Microsoft.Management.Infrastructure.CimException]
{
# Provider Load Failure exception
$Global:Error.Exception[-1]
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
# Check Microsoft Defender state
$productState = (Get-CimInstance -Namespace root/SecurityCenter2 -ClassName Antivirusproduct | Where-Object -FilterScript {$_.instanceGuid -eq "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"}).productState
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2)
if ($DefenderState -notmatch "00|01")
@ -335,10 +359,56 @@ function Checkings
$Script:DefenderAMEngineVersion = $true
}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and $Script:DefenderAMEngineVersion)
# Check whether Microsoft Defender was turned off
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $false) -eq 1)
{
$Script:DisableAntiSpyware = $true
}
else
{
$Script:DisableAntiSpyware = $false
}
}
catch {}
# Check whether real-time protection prompts for known malware detection
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $false) -eq 1)
{
$Script:DisableRealtimeMonitoring = $true
}
else
{
$Script:DisableRealtimeMonitoring = $false
}
}
catch {}
# Check whether behavior monitoring was disabled
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $false) -eq 1)
{
$Script:DisableBehaviorMonitoring = $true
}
else
{
$Script:DisableBehaviorMonitoring = $false
}
}
catch {}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and
$Script:DefenderAMEngineVersion -and (-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring))
{
# Defender is enabled
$Script:DefenderState = $true
$Script:DefenderEnabled = $true
switch ((Get-MpPreference).EnableControlledFolderAccess)
{
@ -346,6 +416,7 @@ function Checkings
{
Write-Warning -Message $Localization.ControlledFolderAccessDisabled
# Turn off Controlled folder access to let the script proceed
$Script:ControlledFolderAccess = $true
Set-MpPreference -EnableControlledFolderAccess Disabled
@ -8966,14 +9037,14 @@ function PUAppsDetection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Disabled
}
@ -9026,14 +9097,14 @@ function DefenderSandbox
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 1
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 0
}
@ -10728,7 +10799,7 @@ public static void PostMessage()
Stop-Process -Name StartMenuExperienceHost -Force -ErrorAction Ignore
# Turn on Controlled folder access if it was turned off
if ($Script:DefenderState)
if ($Script:DefenderEnabled)
{
if ($Script:ControlledFolderAccess)
{

95
Sophia Script/Sophia Script for Windows 10 PowerShell 7/Module/Sophia.psm1

@ -16,7 +16,7 @@
.NOTES
Supported Windows 10 versions
Versions: 2004/20H2/21H1/21H2
Build: 1904x.1766+
Builds: 1904x.1766+
Editions: Home/Pro/Enterprise
Architecture: x64
@ -90,6 +90,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -120,6 +122,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -132,6 +136,7 @@ function Checkings
Write-Warning -Message $Localization.UnsupportedLanguageMode
Start-Process -FilePath "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -147,6 +152,7 @@ function Checkings
$true
{
Write-Warning -Message $Localization.LoggedInUserNotAdmin
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -155,6 +161,7 @@ function Checkings
if ($PSVersionTable.PSVersion.Major -ne 7)
{
Write-Warning -Message ($Localization.UnsupportedPowerShell -f $PSVersionTable.PSVersion.Major, $PSVersionTable.PSVersion.Minor)
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -162,6 +169,7 @@ function Checkings
if ($Host.Name -match "ISE")
{
Write-Warning -Message $Localization.UnsupportedISE
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -173,6 +181,7 @@ function Checkings
Start-Process -FilePath "https://youtu.be/na93MS-1EkM"
Start-Process -FilePath "https://pikabu.ru/story/byekdor_v_win_10_tweaker_ili_sovremennyie_metodyi_borbyi_s_piratstvom_8227558"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -202,6 +211,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -257,6 +267,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -281,8 +292,21 @@ function Checkings
Get-ChildItem -Path $PSScriptRoot\..\ -File -Recurse -Force | Unblock-File
#region Defender Checkings
# Turn off Controlled folder access to let the script proceed
# Checking whether Defender wasn't disabled first
# Checking whether WMI is corrupted
try
{
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender -ErrorAction Stop | Out-Null
}
catch [Microsoft.Management.Infrastructure.CimException]
{
# Provider Load Failure exception
$Global:Error.Exception[-1]
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
# Check Microsoft Defender state
$productState = (Get-CimInstance -Namespace root/SecurityCenter2 -ClassName Antivirusproduct | Where-Object -FilterScript {$_.instanceGuid -eq "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"}).productState
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2)
if ($DefenderState -notmatch "00|01")
@ -343,10 +367,56 @@ function Checkings
$Script:DefenderAMEngineVersion = $true
}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and $Script:DefenderAMEngineVersion)
# Check whether Microsoft Defender was turned off
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $false) -eq 1)
{
$Script:DisableAntiSpyware = $true
}
else
{
$Script:DisableAntiSpyware = $false
}
}
catch {}
# Check whether real-time protection prompts for known malware detection
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $false) -eq 1)
{
$Script:DisableRealtimeMonitoring = $true
}
else
{
$Script:DisableRealtimeMonitoring = $false
}
}
catch {}
# Check whether behavior monitoring was disabled
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $false) -eq 1)
{
$Script:DisableBehaviorMonitoring = $true
}
else
{
$Script:DisableBehaviorMonitoring = $false
}
}
catch {}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and
$Script:DefenderAMEngineVersion -and (-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring))
{
# Defender is enabled
$Script:DefenderState = $true
$Script:DefenderEnabled = $true
switch ((Get-MpPreference).EnableControlledFolderAccess)
{
@ -354,6 +424,7 @@ function Checkings
{
Write-Warning -Message $Localization.ControlledFolderAccessDisabled
# Turn off Controlled folder access to let the script proceed
$Script:ControlledFolderAccess = $true
Set-MpPreference -EnableControlledFolderAccess Disabled
@ -11163,14 +11234,14 @@ function NetworkProtection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Disabled
}
@ -11220,14 +11291,14 @@ function PUAppsDetection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Disabled
}
@ -11280,14 +11351,14 @@ function DefenderSandbox
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 1
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 0
}
@ -13159,7 +13230,7 @@ public static void PostMessage()
Stop-Process -Name StartMenuExperienceHost -Force -ErrorAction Ignore
# Turn on Controlled folder access if it was turned off
if ($Script:DefenderState)
if ($Script:DefenderEnabled)
{
if ($Script:ControlledFolderAccess)
{

93
Sophia Script/Sophia Script for Windows 10/Module/Sophia.psm1

@ -90,6 +90,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -120,6 +122,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -132,6 +136,7 @@ function Checkings
Write-Warning -Message $Localization.UnsupportedLanguageMode
Start-Process -FilePath "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -147,6 +152,7 @@ function Checkings
$true
{
Write-Warning -Message $Localization.LoggedInUserNotAdmin
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -155,6 +161,7 @@ function Checkings
if ($PSVersionTable.PSVersion.Major -ne 5)
{
Write-Warning -Message ($Localization.UnsupportedPowerShell -f $PSVersionTable.PSVersion.Major, $PSVersionTable.PSVersion.Minor)
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -162,6 +169,7 @@ function Checkings
if ($Host.Name -match "ISE")
{
Write-Warning -Message $Localization.UnsupportedISE
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -173,6 +181,7 @@ function Checkings
Start-Process -FilePath "https://youtu.be/na93MS-1EkM"
Start-Process -FilePath "https://pikabu.ru/story/byekdor_v_win_10_tweaker_ili_sovremennyie_metodyi_borbyi_s_piratstvom_8227558"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -200,6 +209,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -255,6 +265,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -279,8 +290,21 @@ function Checkings
Get-ChildItem -Path $PSScriptRoot\..\ -File -Recurse -Force | Unblock-File
#region Defender Checkings
# Turn off Controlled folder access to let the script proceed
# Checking whether Defender wasn't disabled first
# Checking whether WMI is corrupted
try
{
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender -ErrorAction Stop | Out-Null
}
catch [Microsoft.Management.Infrastructure.CimException]
{
# Provider Load Failure exception
$Global:Error.Exception[-1]
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
# Check Microsoft Defender state
$productState = (Get-CimInstance -Namespace root/SecurityCenter2 -ClassName Antivirusproduct | Where-Object -FilterScript {$_.instanceGuid -eq "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"}).productState
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2)
if ($DefenderState -notmatch "00|01")
@ -341,10 +365,56 @@ function Checkings
$Script:DefenderAMEngineVersion = $true
}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and $Script:DefenderAMEngineVersion)
# Check whether Microsoft Defender was turned off
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $false) -eq 1)
{
$Script:DisableAntiSpyware = $true
}
else
{
$Script:DisableAntiSpyware = $false
}
}
catch {}
# Check whether real-time protection prompts for known malware detection
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $false) -eq 1)
{
$Script:DisableRealtimeMonitoring = $true
}
else
{
$Script:DisableRealtimeMonitoring = $false
}
}
catch {}
# Check whether behavior monitoring was disabled
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $false) -eq 1)
{
$Script:DisableBehaviorMonitoring = $true
}
else
{
$Script:DisableBehaviorMonitoring = $false
}
}
catch {}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and
$Script:DefenderAMEngineVersion -and (-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring))
{
# Defender is enabled
$Script:DefenderState = $true
$Script:DefenderEnabled = $true
switch ((Get-MpPreference).EnableControlledFolderAccess)
{
@ -352,6 +422,7 @@ function Checkings
{
Write-Warning -Message $Localization.ControlledFolderAccessDisabled
# Turn off Controlled folder access to let the script proceed
$Script:ControlledFolderAccess = $true
Set-MpPreference -EnableControlledFolderAccess Disabled
@ -11122,14 +11193,14 @@ function NetworkProtection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Disabled
}
@ -11179,14 +11250,14 @@ function PUAppsDetection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Disabled
}
@ -11239,14 +11310,14 @@ function DefenderSandbox
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 1
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
setx /M MP_FORCE_USE_SANDBOX 0
}
@ -13116,7 +13187,7 @@ public static void PostMessage()
Stop-Process -Name StartMenuExperienceHost -Force -ErrorAction Ignore
# Turn on Controlled folder access if it was turned off
if ($Script:DefenderState)
if ($Script:DefenderEnabled)
{
if ($Script:ControlledFolderAccess)
{

125
Sophia Script/Sophia Script for Windows 11 PowerShell 7/Module/Sophia.psm1

@ -79,6 +79,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -111,6 +113,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -124,6 +128,7 @@ function Checkings
Write-Warning -Message $Localization.UnsupportedLanguageMode
Start-Process -FilePath "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -139,6 +144,7 @@ function Checkings
$true
{
Write-Warning -Message $Localization.LoggedInUserNotAdmin
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -147,6 +153,7 @@ function Checkings
if ($PSVersionTable.PSVersion.Major -ne 7)
{
Write-Warning -Message ($Localization.UnsupportedPowerShell -f $PSVersionTable.PSVersion.Major, $PSVersionTable.PSVersion.Minor)
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -154,6 +161,7 @@ function Checkings
if ($Host.Name -match "ISE")
{
Write-Warning -Message $Localization.UnsupportedISE
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -165,6 +173,7 @@ function Checkings
Start-Process -FilePath "https://youtu.be/na93MS-1EkM"
Start-Process -FilePath "https://pikabu.ru/story/byekdor_v_win_10_tweaker_ili_sovremennyie_metodyi_borbyi_s_piratstvom_8227558"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -195,6 +204,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -250,6 +260,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -273,8 +284,22 @@ function Checkings
# Unblock all files in the script folder by removing the Zone.Identifier alternate data stream with a value of "3"
Get-ChildItem -Path $PSScriptRoot\..\ -File -Recurse -Force | Unblock-File
# Turn off Controlled folder access to let the script proceed
# Checking whether Defender wasn't disabled first
#region Defender Checkings
# Checking whether WMI is corrupted
try
{
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender -ErrorAction Stop | Out-Null
}
catch [Microsoft.Management.Infrastructure.CimException]
{
# Provider Load Failure exception
$Global:Error.Exception[-1]
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
# Check Microsoft Defender state
$productState = (Get-CimInstance -Namespace root/SecurityCenter2 -ClassName Antivirusproduct | Where-Object -FilterScript {$_.instanceGuid -eq "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"}).productState
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2)
if ($DefenderState -notmatch "00|01")
@ -335,10 +360,56 @@ function Checkings
$Script:DefenderAMEngineVersion = $true
}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and $Script:DefenderAMEngineVersion)
# Check whether Microsoft Defender was turned off
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $false) -eq 1)
{
$Script:DisableAntiSpyware = $true
}
else
{
$Script:DisableAntiSpyware = $false
}
}
catch {}
# Check whether real-time protection prompts for known malware detection
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $false) -eq 1)
{
$Script:DisableRealtimeMonitoring = $true
}
else
{
$Script:DisableRealtimeMonitoring = $false
}
}
catch {}
# Check whether behavior monitoring was disabled
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $false) -eq 1)
{
$Script:DisableBehaviorMonitoring = $true
}
else
{
$Script:DisableBehaviorMonitoring = $false
}
}
catch {}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and
$Script:DefenderAMEngineVersion -and (-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring))
{
# Defender is enabled
$Script:DefenderState = $true
$Script:DefenderEnabled = $true
switch ((Get-MpPreference).EnableControlledFolderAccess)
{
@ -346,6 +417,7 @@ function Checkings
{
Write-Warning -Message $Localization.ControlledFolderAccessDisabled
# Turn off Controlled folder access to let the script proceed
$Script:ControlledFolderAccess = $true
Set-MpPreference -EnableControlledFolderAccess Disabled
@ -10626,14 +10698,14 @@ function NetworkProtection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Disabled
}
@ -10683,14 +10755,14 @@ function PUAppsDetection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Disabled
}
@ -11314,7 +11386,9 @@ function DNSoverHTTPS
[Parameter(Mandatory = $false)]
[ValidateSet("1.0.0.1", "1.1.1.1", "149.112.112.112", "8.8.4.4", "8.8.8.8", "9.9.9.9")]
# Isolate the IPv4 addresses only
[ValidateScript({(@((Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers).PSChildName) | Where-Object {$_ -notmatch ":"}) -contains $_})]
[ValidateScript({
(@((Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers).PSChildName) | Where-Object {$_ -notmatch ":"}) -contains $_
})]
[string]
$PrimaryDNS,
@ -11333,28 +11407,35 @@ function DNSoverHTTPS
$Disable
)
# Determining whether Hyper-V is enabled
# After enabling Hyper-V feature a virtual switch breing created, so we need to use different method to isolate the proper adapter
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).HypervisorPresent)
{
$InterfaceGuids = @((Get-NetAdapter -Physical).InterfaceGuid)
}
else
{
$InterfaceGuids = @((Get-NetRoute -AddressFamily IPv4 | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0/0"} | Get-NetAdapter).InterfaceGuid)
}
switch ($PSCmdlet.ParameterSetName)
{
"Enable"
{
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).PartOfDomain)
{
# Determining whether Hyper-V is enabled
# After enabling Hyper-V feature a virtual switch breing created, so we need to use different method to isolate the proper adapter
# Set a primary and secondary DNS servers
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).HypervisorPresent)
{
# Set a primary and secondary DNS servers
Get-NetAdapter -Physical | Get-NetIPInterface -AddressFamily IPv4 | Set-DnsClientServerAddress -ServerAddresses $PrimaryDNS, $SecondaryDNS
$InterfaceGuid = (Get-NetAdapter -Physical).InterfaceGuid
}
else
{
# Set a primary and secondary DNS servers
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0"} | Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $PrimaryDNS, $SecondaryDNS
$InterfaceGuid = (Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0"} | Get-NetAdapter).InterfaceGuid
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0/0"} | Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $PrimaryDNS, $SecondaryDNS
}
# Set the DNS servers
foreach ($InterfaceGuid in $InterfaceGuids)
{
if (-not (Test-Path -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh\$PrimaryDNS"))
{
New-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh\$PrimaryDNS" -Force
@ -11368,6 +11449,7 @@ function DNSoverHTTPS
New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh\$SecondaryDNS" -Name DohFlags -PropertyType QWord -Value 5 -Force
}
}
}
"Disable"
{
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).PartOfDomain)
@ -11381,10 +11463,13 @@ function DNSoverHTTPS
else
{
# Configure DNS servers automatically
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0"} | Get-NetAdapter | Set-DnsClientServerAddress -ResetServerAddresses
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0/0"} | Get-NetAdapter | Set-DnsClientServerAddress -ResetServerAddresses
}
Remove-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\*" -Recurse -Force -ErrorAction Ignore
foreach ($InterfaceGuid in $InterfaceGuids)
{
Remove-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh" -Recurse -Force -ErrorAction Ignore
}
}
}
}
@ -12567,7 +12652,7 @@ public static void PostMessage()
Stop-Process -Name StartMenuExperienceHost -Force -ErrorAction Ignore
# Turn on Controlled folder access if it was turned off
if ($Script:DefenderState)
if ($Script:DefenderEnabled)
{
if ($Script:ControlledFolderAccess)
{

124
Sophia Script/Sophia Script for Windows 11/Module/Sophia.psm1

@ -79,6 +79,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -111,6 +113,8 @@ function Checkings
# Trigger Windows Update for detecting new updates
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -124,6 +128,7 @@ function Checkings
Write-Warning -Message $Localization.UnsupportedLanguageMode
Start-Process -FilePath "https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -139,6 +144,7 @@ function Checkings
$true
{
Write-Warning -Message $Localization.LoggedInUserNotAdmin
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -147,6 +153,7 @@ function Checkings
if ($PSVersionTable.PSVersion.Major -ne 5)
{
Write-Warning -Message ($Localization.UnsupportedPowerShell -f $PSVersionTable.PSVersion.Major, $PSVersionTable.PSVersion.Minor)
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -154,6 +161,7 @@ function Checkings
if ($Host.Name -match "ISE")
{
Write-Warning -Message $Localization.UnsupportedISE
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -165,6 +173,7 @@ function Checkings
Start-Process -FilePath "https://youtu.be/na93MS-1EkM"
Start-Process -FilePath "https://pikabu.ru/story/byekdor_v_win_10_tweaker_ili_sovremennyie_metodyi_borbyi_s_piratstvom_8227558"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -193,6 +202,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
@ -248,6 +258,7 @@ function Checkings
Start-Sleep -Seconds 5
Start-Process -FilePath "https://github.com/farag2/Sophia-Script-for-Windows/releases/latest"
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
}
@ -272,8 +283,21 @@ function Checkings
Get-ChildItem -Path $PSScriptRoot\..\ -File -Recurse -Force | Unblock-File
#region Defender Checkings
# Turn off Controlled folder access to let the script proceed
# Checking whether Defender wasn't disabled first
# Checking whether WMI is corrupted
try
{
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/microsoft/windows/defender -ErrorAction Stop | Out-Null
}
catch [Microsoft.Management.Infrastructure.CimException]
{
# Provider Load Failure exception
$Global:Error.Exception[-1]
Start-Process -FilePath "https://t.me/sophia_chat"
exit
}
# Check Microsoft Defender state
$productState = (Get-CimInstance -Namespace root/SecurityCenter2 -ClassName Antivirusproduct | Where-Object -FilterScript {$_.instanceGuid -eq "{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}"}).productState
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2)
if ($DefenderState -notmatch "00|01")
@ -334,10 +358,56 @@ function Checkings
$Script:DefenderAMEngineVersion = $true
}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and $Script:DefenderAMEngineVersion)
# Check whether Microsoft Defender was turned off
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $false) -eq 1)
{
$Script:DisableAntiSpyware = $true
}
else
{
$Script:DisableAntiSpyware = $false
}
}
catch {}
# Check whether real-time protection prompts for known malware detection
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $false) -eq 1)
{
$Script:DisableRealtimeMonitoring = $true
}
else
{
$Script:DisableRealtimeMonitoring = $false
}
}
catch {}
# Check whether behavior monitoring was disabled
# Due to "Set-StrictMode -Version Latest" we have to use try/catch & GetValue()
try
{
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $false) -eq 1)
{
$Script:DisableBehaviorMonitoring = $true
}
else
{
$Script:DisableBehaviorMonitoring = $false
}
}
catch {}
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderProductStatus -and
$Script:DefenderAMEngineVersion -and (-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring))
{
# Defender is enabled
$Script:DefenderState = $true
$Script:DefenderEnabled = $true
switch ((Get-MpPreference).EnableControlledFolderAccess)
{
@ -345,6 +415,7 @@ function Checkings
{
Write-Warning -Message $Localization.ControlledFolderAccessDisabled
# Turn off Controlled folder access to let the script proceed
$Script:ControlledFolderAccess = $true
Set-MpPreference -EnableControlledFolderAccess Disabled
@ -10586,14 +10657,14 @@ function NetworkProtection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -EnableNetworkProtection Disabled
}
@ -10643,14 +10714,14 @@ function PUAppsDetection
{
"Enable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Enabled
}
}
"Disable"
{
if ((Get-MpComputerStatus).AntivirusEnabled)
if ($Script:DefenderEnabled)
{
Set-MpPreference -PUAProtection Disabled
}
@ -11274,7 +11345,9 @@ function DNSoverHTTPS
[Parameter(Mandatory = $false)]
[ValidateSet("1.0.0.1", "1.1.1.1", "149.112.112.112", "8.8.4.4", "8.8.8.8", "9.9.9.9")]
# Isolate the IPv4 addresses only
[ValidateScript({(@((Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers).PSChildName) | Where-Object {$_ -notmatch ":"}) -contains $_})]
[ValidateScript({
(@((Get-ChildItem -Path HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DohWellKnownServers).PSChildName) | Where-Object {$_ -notmatch ":"}) -contains $_
})]
[string]
$PrimaryDNS,
@ -11293,28 +11366,35 @@ function DNSoverHTTPS
$Disable
)
# Determining whether Hyper-V is enabled
# After enabling Hyper-V feature a virtual switch breing created, so we need to use different method to isolate the proper adapter
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).HypervisorPresent)
{
$InterfaceGuids = @((Get-NetAdapter -Physical).InterfaceGuid)
}
else
{
$InterfaceGuids = @((Get-NetRoute -AddressFamily IPv4 | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0/0"} | Get-NetAdapter).InterfaceGuid)
}
switch ($PSCmdlet.ParameterSetName)
{
"Enable"
{
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).PartOfDomain)
{
# Determining whether Hyper-V is enabled
# After enabling Hyper-V feature a virtual switch breing created, so we need to use different method to isolate the proper adapter
# Set a primary and secondary DNS servers
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).HypervisorPresent)
{
# Set a primary and secondary DNS servers
Get-NetAdapter -Physical | Get-NetIPInterface -AddressFamily IPv4 | Set-DnsClientServerAddress -ServerAddresses $PrimaryDNS, $SecondaryDNS
$InterfaceGuid = (Get-NetAdapter -Physical).InterfaceGuid
}
else
{
# Set a primary and secondary DNS servers
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0"} | Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $PrimaryDNS, $SecondaryDNS
$InterfaceGuid = (Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0"} | Get-NetAdapter).InterfaceGuid
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0/0"} | Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $PrimaryDNS, $SecondaryDNS
}
# Set the DNS servers
foreach ($InterfaceGuid in $InterfaceGuids)
{
if (-not (Test-Path -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh\$PrimaryDNS"))
{
New-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh\$PrimaryDNS" -Force
@ -11328,6 +11408,7 @@ function DNSoverHTTPS
New-ItemProperty -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh\$SecondaryDNS" -Name DohFlags -PropertyType QWord -Value 5 -Force
}
}
}
"Disable"
{
if (-not (Get-CimInstance -ClassName CIM_ComputerSystem).PartOfDomain)
@ -11341,10 +11422,13 @@ function DNSoverHTTPS
else
{
# Configure DNS servers automatically
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0"} | Get-NetAdapter | Set-DnsClientServerAddress -ResetServerAddresses
Get-NetRoute | Where-Object -FilterScript {$_.DestinationPrefix -eq "0.0.0.0/0"} | Get-NetAdapter | Set-DnsClientServerAddress -ResetServerAddresses
}
Remove-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\*" -Recurse -Force -ErrorAction Ignore
foreach ($InterfaceGuid in $InterfaceGuids)
{
Remove-Item -Path "HKLM:\SYSTEM\ControlSet001\Services\Dnscache\InterfaceSpecificParameters\$InterfaceGuid\DohInterfaceSettings\Doh" -Recurse -Force -ErrorAction Ignore
}
}
}
}
@ -12527,7 +12611,7 @@ public static void PostMessage()
Stop-Process -Name StartMenuExperienceHost -Force -ErrorAction Ignore
# Turn on Controlled folder access if it was turned off
if ($Script:DefenderState)
if ($Script:DefenderEnabled)
{
if ($Script:ControlledFolderAccess)
{

Loading…
Cancel
Save