-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdefender.ps1
More file actions
95 lines (83 loc) · 2.45 KB
/
defender.ps1
File metadata and controls
95 lines (83 loc) · 2.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
[CmdletBinding()]
Param(
[Parameter(Mandatory=$false)]
[switch]$scan,
[Parameter(Mandatory=$false)]
[switch]$update,
[Parameter(Mandatory=$false)]
[switch]$clean,
[Parameter(Mandatory=$false)]
[switch]$addRecursive,
[Parameter(Mandatory=$false)]
[switch]$optimize
)
Clear-Host
function Add-Exclusions-Recursive
{
$Directory = (Get-Item -Path ".\" -Verbose).FullName
$executables = Get-ChildItem -path $Directory -Recurse -Include *.exe
foreach ($exe in $executables) {
Add-MpPreference -ExclusionPath $exe.FullName
}
}
function Remove-Exclusions-All
{
$Preferences = Get-MpPreference
$Exclusion = $Preferences.ExclusionPath
foreach ($exe in $Exclusion) {
Remove-MpPreference -ExclusionPath $exe
}
}
function Optimize-Settings{
Set-MpPreference -DisableCatchupFullScan $false
Set-MpPreference -DisableCatchupQuickScan $false
Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $false
Set-MpPreference -RealTimeScanDirection Incoming #Both is more secure
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
Set-MpPreference -SignatureScheduleDay 0 # 0 is every day
Set-MpPreference -SubmitSamplesConsent 0
Set-MpPreference -UnknownThreatDefaultAction 2
Set-MpPreference -ScanPurgeItemsAfterDelay 365
#Set-MpPreference -ThreatIDDefaultAction_Actions 2 # Quarantine by default
#List of actions: https://msdn.microsoft.com/es-es/library/windows/desktop/dn439474%28v=vs.85%29.aspx
Set-MpPreference -ScanAvgCPULoadFactor 20
Set-MpPreference -ScanOnlyIfIdleEnabled $true # If CPU is idle, run scheduled scan.
}
function Run-Hardcore-Scan{
Update-MpSignature
Set-MpPreference -ScanAvgCPULoadFactor 80
Start-MpScan -ScanType:FullScan
// When finished...
Optimize-Settings
}
function List-Exclusions{
Write-Host List of Exclusions:
$Preferences = Get-MpPreference
$Exclusion = $Preferences.ExclusionPath
foreach ($exe in $Exclusion) {
Write-Host $exe
}
}
if($scan){
Write-Host Starting hardcore mode...
Run-Hardcore-Scan
}elseif($update){
Write-Host Updating the signatures...
Update-MpSignature
Write-Host Finished!
}elseif($optimize){
Write-Host Optimizing Windows Defender...
Optimize-Settings
Get-MpPreference
Write-Host Done!
}elseif($clean){
Write-Host Removing all Exclusions...
Remove-Exclusions-All
List-Exclusions
Write-Host Removed!
}elseif($addRecursive){
Write-Host Adding files...
Add-Exclusions-Recursive
List-Exclusions
Write-Host Finished!
}