Windows_scripts/WindowsDefender.ps1 at main · govwin/Windows_scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
[CmdletBinding()]
param([Int32]$enable=3)
"enable? "
if ($enable) {
    Write-Host "$enable"
} else {
    "No arguments"
}
date
# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))

   {
   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"
   clear-host

   }
else
   {
   # We are not running "as Administrator" - so relaunch as administrator

   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;
   #$newProcess.FileName = $myInvocation.MyCommand.Name;
   $newProcess.Arguments = $newProcess.Arguments.Insert($newProcess.Arguments.Length, " -enable $enable")
   #$newProcess.Arguments = $myInvocation.MyCommand.Parameters;
   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";

   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);

   # Exit from the current, unelevated, process
   exit

   }

#date
#"`nCurrent status:"
#Get-MpPreference | Select DisableRealtimeMonitoring | Format-Table -Property * -AutoSize

while(1) {
    date
    #"==================================================================================================="
	## To show all services containing "Defender". Does not show real details.
    # Get-Service | where {$_.DisplayName -Like "*Defender*" } | Select Status,DisplayName
	## Show Realtime protection status
    #"`nRealTimeProtectionEnabled:"
	Get-MpComputerStatus | Select RealTimeProtectionEnabled
	## Show all details
	# Get-MpPreference
	## Select and show only what is controlled in this script
	#"`nDisable Realtime monitoring:"
	#Get-MpPreference | Select DisableRealtimeMonitoring | Format-Table -Property * -AutoSize
    Get-MpPreference | Select DisableRealtimeMonitoring
    #"==================================================================================================="

    #$RealTimeProtectionEnabled = (Get-MpComputerStatus | Select RealTimeProtectionEnabled)
    #if ( (($args[0] -eq 0) -and -not(RealTimeProtectionEnabled)) -or (($args[0] -eq 1) -and (RealTimeProtectionEnabled)) ) {
    #    timeout 10
    #    exit
    #}
    #if ( (($args[0] -eq 1) -and -not(RealTimeProtectionEnabled)) -or (($args[0] -eq 0) -and (RealTimeProtectionEnabled)) ) {
    #    Set-MpPreference -DisableRealtimeMonitoring -not(RealTimeProtectionEnabled)
    #}


    if ( ($enable -eq 0) -or ($enable -eq 1) ) {

        $result = (Get-MpComputerStatus | Select RealTimeProtectionEnabled)
        #$result.RealTimeProtectionEnabled
        $RealTimeProtectionEnabled = $result.RealTimeProtectionEnabled
        #exit
        if ( ($enable -eq 1) -xor ($RealTimeProtectionEnabled) ) {
            #[bool]$NotOfRealTimeProtectionEnabled = ($RealTimeProtectionEnabled)
            Set-MpPreference -DisableRealtimeMonitoring $RealTimeProtectionEnabled
            "New choice applied"
            sleep 1
        } else {
            "Status in the requested state."
            timeout 5
            exit
        }
    } else {
        "==================================================================================================="
        "Press 0 to disable Realtime Monitoring and 1 to enable: "
        $key = [System.Console]::ReadKey()
        "`n"
        #date
        if (($key.Key -eq 'D0') -or ($key.Key -eq 'NumPad0')) {
            Set-MpPreference -DisableRealtimeMonitoring $true
        } elseif (($key.Key -eq 'D1') -or ($key.Key -eq 'NumPad1')) {
            Set-MpPreference -DisableRealtimeMonitoring $false
        } else {
        }
        sleep 1
    }
}