github.com/cloudfoundry-incubator/windows-utilities-tests@v0.11.1-0.20230315194243-a2ce46b74d8a/assets/wuts-release/jobs/check_windowsdefender/templates/modules/CheckWindowsDefender.psm1 (about) 1 $ExpectedEnabledProperties = @( 2 "ArchiveScanning", 3 "AutoExclusions", 4 "BehaviorMonitoring", 5 "BlockAtFirstSeen", 6 "IOAVProtection", 7 "PrivacyMode", 8 "RealtimeMonitoring", 9 "ScanningNetworkFiles", 10 "ScriptScanning" 11 ) 12 13 $ExpectedDisabledProperties = @( 14 "CatchupFullScan", 15 "CatchupQuickScan", 16 "EmailScanning", 17 "RemovableDriveScanning", 18 "RestorePoint", 19 "ScanningMappedNetworkDrivesForFullScan", 20 "IntrusionPreventionSystem" 21 ) 22 23 function Assert-DefenderEnabled { 24 $enabled = $True 25 26 Get-MpPreference | 27 Select-Object -ExpandProperty CimInstanceProperties | 28 Where-Object { $_.Name -Like "Disable*"} | 29 ForEach-Object { 30 $propertyName = $_.Name.Replace('Disable', '') 31 32 if ( $ExpectedEnabledProperties -Contains $propertyName ) { 33 if ( $_.Value -eq $True ) { 34 Write-Log "Expected $($propertyName) to be enabled, it is disabled" 35 $enabled = $False 36 } 37 } 38 if ( $ExpectedDisabledProperties -Contains $propertyName ) { 39 if ( $_.Value -eq $False ) { 40 Write-Log "Expected $($propertyName) to be disabled, it is enabled" 41 $enabled = $False 42 } 43 } 44 } 45 46 return $enabled 47 } 48 49 function Assert-DefenderDisabled { 50 Write-Log "Expected DisableIntrusionPreventionSystem to be disabled, it is enabled" 51 $disabled = $True 52 $AllProperties = $ExpectedEnabledProperties + $ExpectedDisabledProperties 53 54 Get-MpPreference | 55 Select-Object -ExpandProperty CimInstanceProperties | 56 Where-Object { $_.Name -Like "Disable*"} | 57 ForEach-Object { 58 $propertyName = $_.Name.Replace('Disable', '') 59 60 if ( $AllProperties -Contains $propertyName ) { 61 if ( $_.Value -eq $False ) { #if value is false than property is enaled 62 Write-Log "Expected $propertyName to be disabled, it is enabled" 63 $disabled = $False 64 } 65 } 66 } 67 68 return $disabled 69 }