warnIfWindowsDefenderNotActive shows a notification if Windows Defender settings might prevent ASR rules from working.
()
| 276 | // warnIfWindowsDefenderNotActive shows a notification if Windows Defender |
| 277 | // settings might prevent ASR rules from working. |
| 278 | func warnIfWindowsDefenderNotActive() { |
| 279 | // Cloud Protection. |
| 280 | { |
| 281 | command := "(Get-MpPreference).MAPSReporting" |
| 282 | expectedValue := "2" |
| 283 | out, err := executeCommand("PowerShell.exe", "-noprofile", "-Command", command) |
| 284 | if err != nil { |
| 285 | Info.Printf("Could not verify if Windows Defender Cloud Protection is enabled due to error accessing registry") |
| 286 | return |
| 287 | } |
| 288 | |
| 289 | out = strings.ReplaceAll(out, "\r\n", "") |
| 290 | if out != expectedValue { |
| 291 | // show notification |
| 292 | Info.Println("Windows Defender Cloud Protection is not enabled. Return Value = '" + |
| 293 | out + "' instead of '2'") |
| 294 | showInfoDialog("Windows Defender Cloud Protection is not enabled.\nSome ASR rules won't work.") |
| 295 | } |
| 296 | } |
| 297 | |
| 298 | // Real-time protection. |
| 299 | { |
| 300 | command := "(Get-MpPreference).DisableRealtimeMonitoring" |
| 301 | expectedValue := "False" |
| 302 | out, err := executeCommand("PowerShell.exe", "-noprofile", "-Command", command) |
| 303 | if err != nil { |
| 304 | Info.Printf("Could not verify if Windows Defender Cloud Protection is enabled due to error accessing registry") |
| 305 | return |
| 306 | } |
| 307 | |
| 308 | out = strings.ReplaceAll(out, "\r\n", "") |
| 309 | |
| 310 | if out != expectedValue { |
| 311 | Info.Println("Windows Defender Realtime Protection is not enabled. Return Value = '" + |
| 312 | out + "' instead of 'True'") |
| 313 | showInfoDialog("Windows Defender Realtime Protection is not enabled.\nASR rules won't work.") |
| 314 | } |
| 315 | } |
| 316 | } |
no test coverage detected