|
@ -472,6 +472,17 @@ public static string GetString(uint strId) |
|
|
exit |
|
|
exit |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Check if Microsoft Store being an important system component was removed |
|
|
|
|
|
if (-not (Get-AppxPackage -Name Microsoft.WindowsStore)) |
|
|
|
|
|
{ |
|
|
|
|
|
Write-Warning -Message ($Localization.WindowsComponentBroken -f "Microsoft Store") |
|
|
|
|
|
|
|
|
|
|
|
Start-Process -FilePath "https://t.me/sophia_chat" |
|
|
|
|
|
Start-Process -FilePath "https://discord.gg/sSryhaEv79" |
|
|
|
|
|
|
|
|
|
|
|
exit |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
# Check if the current module version is the latest one |
|
|
# Check if the current module version is the latest one |
|
|
try |
|
|
try |
|
|
{ |
|
|
{ |
|
@ -542,6 +553,17 @@ public static string GetString(uint strId) |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Checking whether Windows Security Settings page was hidden from UI |
|
|
|
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
|
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer", "SettingsPageVisibility", $null) -match "hide:windowsdefender") |
|
|
|
|
|
{ |
|
|
|
|
|
$Script:DefenderSettingsPageDisplayed = $false |
|
|
|
|
|
} |
|
|
|
|
|
else |
|
|
|
|
|
{ |
|
|
|
|
|
$Script:DefenderSettingsPageDisplayed = $true |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
# Checking whether WMI is corrupted |
|
|
# Checking whether WMI is corrupted |
|
|
try |
|
|
try |
|
|
{ |
|
|
{ |
|
@ -570,6 +592,17 @@ public static string GetString(uint strId) |
|
|
exit |
|
|
exit |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Checking whether Windows Security Settings page was hidden from UI |
|
|
|
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer", "SettingsPageVisibility", $null) -match "hide:windowsdefender") |
|
|
|
|
|
{ |
|
|
|
|
|
Write-Warning -Message ($Localization.WindowsComponentBroken -f "Microsoft Defender") |
|
|
|
|
|
|
|
|
|
|
|
Start-Process -FilePath "https://t.me/sophia_chat" |
|
|
|
|
|
Start-Process -FilePath "https://discord.gg/sSryhaEv79" |
|
|
|
|
|
|
|
|
|
|
|
exit |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
# Checking services |
|
|
# Checking services |
|
|
try |
|
|
try |
|
|
{ |
|
|
{ |
|
@ -591,12 +624,8 @@ public static string GetString(uint strId) |
|
|
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2) |
|
|
$DefenderState = ('0x{0:x}' -f $productState).Substring(3, 2) |
|
|
if ($DefenderState -notmatch "00|01") |
|
|
if ($DefenderState -notmatch "00|01") |
|
|
{ |
|
|
{ |
|
|
$Script:DefenderproductState = $true |
|
|
# Defender is a currently used AV. Continue... |
|
|
} |
|
|
$Script:DefenderProductState = $true |
|
|
else |
|
|
|
|
|
{ |
|
|
|
|
|
$Script:DefenderproductState = $false |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Specify whether Antispyware protection is enabled |
|
|
# Specify whether Antispyware protection is enabled |
|
|
if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender).AntispywareEnabled) |
|
|
if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender).AntispywareEnabled) |
|
@ -611,8 +640,6 @@ public static string GetString(uint strId) |
|
|
# https://docs.microsoft.com/en-us/graph/api/resources/intune-devices-windowsdefenderproductstatus?view=graph-rest-beta |
|
|
# https://docs.microsoft.com/en-us/graph/api/resources/intune-devices-windowsdefenderproductstatus?view=graph-rest-beta |
|
|
# Due to "Set-StrictMode -Version Latest" we have to call Get-Member first to check whether ProductStatus property exists |
|
|
# Due to "Set-StrictMode -Version Latest" we have to call Get-Member first to check whether ProductStatus property exists |
|
|
if (Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender | Get-Member | Where-Object -FilterScript {$_.Name -eq "ProductStatus"}) |
|
|
if (Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender | Get-Member | Where-Object -FilterScript {$_.Name -eq "ProductStatus"}) |
|
|
{ |
|
|
|
|
|
if ($Script:DefenderproductState) |
|
|
|
|
|
{ |
|
|
{ |
|
|
if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender).ProductStatus -eq 1) |
|
|
if ((Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender).ProductStatus -eq 1) |
|
|
{ |
|
|
{ |
|
@ -624,11 +651,6 @@ public static string GetString(uint strId) |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
else |
|
|
else |
|
|
{ |
|
|
|
|
|
$Script:DefenderProductState = $false |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
else |
|
|
|
|
|
{ |
|
|
{ |
|
|
Write-Warning -Message $Localization.UpdateDefender |
|
|
Write-Warning -Message $Localization.UpdateDefender |
|
|
|
|
|
|
|
@ -664,37 +686,41 @@ public static string GetString(uint strId) |
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $null) -eq 1) |
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", $null) -eq 1) |
|
|
{ |
|
|
{ |
|
|
$Script:DisableAntiSpyware = $true |
|
|
$Script:AntiSpywareEnabled = $false |
|
|
} |
|
|
} |
|
|
else |
|
|
else |
|
|
{ |
|
|
{ |
|
|
$Script:DisableAntiSpyware = $false |
|
|
$Script:AntiSpywareEnabled = $true |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# Check whether real-time protection prompts for known malware detection |
|
|
# Check whether real-time protection prompts for known malware detection |
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $null) -eq 1) |
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableRealtimeMonitoring", $null) -eq 1) |
|
|
{ |
|
|
{ |
|
|
$Script:DisableRealtimeMonitoring = $true |
|
|
$Script:RealtimeMonitoringEnabled = $false |
|
|
} |
|
|
} |
|
|
else |
|
|
else |
|
|
{ |
|
|
{ |
|
|
$Script:DisableRealtimeMonitoring = $false |
|
|
$Script:RealtimeMonitoringEnabled = $true |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# Check whether behavior monitoring was disabled |
|
|
# Check whether behavior monitoring was disabled |
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
# Due to "Set-StrictMode -Version Latest" we have to use GetValue() |
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $null) -eq 1) |
|
|
if ([Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", $null) -eq 1) |
|
|
{ |
|
|
{ |
|
|
$Script:DisableBehaviorMonitoring = $true |
|
|
$Script:BehaviorMonitoringEnabled = $false |
|
|
|
|
|
} |
|
|
|
|
|
else |
|
|
|
|
|
{ |
|
|
|
|
|
$Script:BehaviorMonitoringEnabled = $true |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
else |
|
|
else |
|
|
{ |
|
|
{ |
|
|
$Script:DisableBehaviorMonitoring = $false |
|
|
$Script:DefenderProductState = $false |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
if ($Script:DefenderproductState -and $Script:DefenderServices -and $Script:DefenderAntispywareEnabled -and $Script:DefenderAMEngineVersion -and |
|
|
if ($Script:DefenderServices -and $Script:DefenderproductState -and $Script:DefenderAntispywareEnabled -and $Script:DefenderAMEngineVersion -and $Script:AntiSpywareEnabled -and $Script:RealtimeMonitoringEnabled -and $Script:BehaviorMonitoringEnabled) |
|
|
(-not $Script:DisableAntiSpyware) -and (-not $Script:DisableRealtimeMonitoring) -and (-not $Script:DisableBehaviorMonitoring)) |
|
|
|
|
|
{ |
|
|
{ |
|
|
# Defender is enabled |
|
|
# Defender is enabled |
|
|
$Script:DefenderEnabled = $true |
|
|
$Script:DefenderEnabled = $true |
|
@ -863,17 +889,6 @@ public static string GetString(uint strId) |
|
|
Write-Error -Message ($Localization.RestartFunction -f $MyInvocation.Line.Trim()) -ErrorAction SilentlyContinue |
|
|
Write-Error -Message ($Localization.RestartFunction -f $MyInvocation.Line.Trim()) -ErrorAction SilentlyContinue |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# Check if Microsoft Store as being an important system component was removed |
|
|
|
|
|
if (-not (Get-AppxPackage -Name Microsoft.WindowsStore)) |
|
|
|
|
|
{ |
|
|
|
|
|
Write-Warning -Message ($Localization.WindowsComponentBroken -f "Microsoft Store") |
|
|
|
|
|
|
|
|
|
|
|
Start-Process -FilePath "https://t.me/sophia_chat" |
|
|
|
|
|
Start-Process -FilePath "https://discord.gg/sSryhaEv79" |
|
|
|
|
|
|
|
|
|
|
|
exit |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# PowerShell 5.1 (7.3 too) interprets 8.3 file name literally, if an environment variable contains a non-latin word |
|
|
# PowerShell 5.1 (7.3 too) interprets 8.3 file name literally, if an environment variable contains a non-latin word |
|
|
Get-ChildItem -Path "$env:TEMP\Computer.txt", "$env:TEMP\User.txt" -Force -ErrorAction Ignore | Remove-Item -Recurse -Force -ErrorAction Ignore |
|
|
Get-ChildItem -Path "$env:TEMP\Computer.txt", "$env:TEMP\User.txt" -Force -ErrorAction Ignore | Remove-Item -Recurse -Force -ErrorAction Ignore |
|
|
|
|
|
|
|
|