MCPcopy
hub / github.com/hardentools/hardentools / warnIfWindowsDefenderNotActive

Function warnIfWindowsDefenderNotActive

windows_asr.go:278–316  ·  view source on GitHub ↗

warnIfWindowsDefenderNotActive shows a notification if Windows Defender settings might prevent ASR rules from working.

()

Source from the content-addressed store, hash-verified

276// warnIfWindowsDefenderNotActive shows a notification if Windows Defender
277// settings might prevent ASR rules from working.
278func warnIfWindowsDefenderNotActive() {
279 // Cloud Protection.
280 {
281 command := "(Get-MpPreference).MAPSReporting"
282 expectedValue := "2"
283 out, err := executeCommand("PowerShell.exe", "-noprofile", "-Command", command)
284 if err != nil {
285 Info.Printf("Could not verify if Windows Defender Cloud Protection is enabled due to error accessing registry")
286 return
287 }
288
289 out = strings.ReplaceAll(out, "\r\n", "")
290 if out != expectedValue {
291 // show notification
292 Info.Println("Windows Defender Cloud Protection is not enabled. Return Value = '" +
293 out + "' instead of '2'")
294 showInfoDialog("Windows Defender Cloud Protection is not enabled.\nSome ASR rules won't work.")
295 }
296 }
297
298 // Real-time protection.
299 {
300 command := "(Get-MpPreference).DisableRealtimeMonitoring"
301 expectedValue := "False"
302 out, err := executeCommand("PowerShell.exe", "-noprofile", "-Command", command)
303 if err != nil {
304 Info.Printf("Could not verify if Windows Defender Cloud Protection is enabled due to error accessing registry")
305 return
306 }
307
308 out = strings.ReplaceAll(out, "\r\n", "")
309
310 if out != expectedValue {
311 Info.Println("Windows Defender Realtime Protection is not enabled. Return Value = '" +
312 out + "' instead of 'True'")
313 showInfoDialog("Windows Defender Realtime Protection is not enabled.\nASR rules won't work.")
314 }
315 }
316}

Callers 1

HardenMethod · 0.85

Calls 2

executeCommandFunction · 0.85
showInfoDialogFunction · 0.70

Tested by

no test coverage detected