-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefender_set.ps1
5 lines (4 loc) · 3.28 KB
/
defender_set.ps1
1
2
3
4
5
## Disable Everything
Set-MpPreference -ExclusionPath "Z:\malware_dev", "C:\Tools", "C:\Users", "Z:\Tools" -QuarantinePurgeItemsAfterDelay 0 -RemediationScheduleDay 8 -ScanAvgCPULoadFactor 5 -CheckForSignaturesBeforeRunningScan $False -ScanScheduleDay 8 -SignatureDisableUpdateOnStartupWithoutEngine $True -SignatureScheduleDay 8 -AllowNetworkProtectionOnWinServer $False -DisableDatagramProcessing $True -DisableCpuThrottleOnIdleScans $False -MAPSReporting 0 -SubmitSamplesConsent 2 -DisableAutoExclusions $False -DisableBehaviorMonitoring $True -DisableRealtimeMonitoring $True -DisableScriptScanning $True -DisableArchiveScanning $True -DisableCatchupFullScan $True -DisableCatchupQuickScan $True -DisableEmailScanning $True -DisableRemovableDriveScanning $True -DisableRestorePoint $True -DisableScanningMappedNetworkDrivesForFullScan $True -DisableScanningNetworkFiles $True -DisableIOAVProtection $True -UILockdown $False -UnknownThreatDefaultAction "Quarantine" -LowThreatDefaultAction "Quarantine" -ModerateThreatDefaultAction "Quarantine" -HighThreatDefaultAction "Quarantine" -SevereThreatDefaultAction "Quarantine" -Force -DisableBlockAtFirstSeen $True -PUAProtection Disabled -CloudBlockLevel 0 -EnableNetworkProtection Disabled -EnableControlledFolderAccess Disabled -EnableFileHashComputation $False -EnableFullScanOnBatteryPower $False -DisableTlsParsing $True -DisableHttpParsing $True -DisableDnsParsing $True -DisableDnsOverTcpParsing $True -DisableSshParsing $True -AllowNetworkProtectionDownLevel $False -AllowDatagramProcessingOnWinServer $False -EnableDnsSinkhole $False -DisableInboundConnectionFiltering $True -DisableRdpParsing $True
## Enable protection but NOT submission
Set-MpPreference -ExclusionPath "Z:\malware_dev", "C:\Tools", "C:\Users", "Z:\Tools" -QuarantinePurgeItemsAfterDelay 0 -RemediationScheduleDay 8 -ScanAvgCPULoadFactor 5 -CheckForSignaturesBeforeRunningScan $False -ScanScheduleDay 8 -SignatureDisableUpdateOnStartupWithoutEngine $True -SignatureScheduleDay 8 -AllowNetworkProtectionOnWinServer $False -DisableDatagramProcessing $False -DisableCpuThrottleOnIdleScans $False -MAPSReporting 0 -SubmitSamplesConsent 2 -DisableAutoExclusions $False -DisableBehaviorMonitoring $False -DisableRealtimeMonitoring $False -DisableScriptScanning $False -DisableArchiveScanning $False -DisableCatchupFullScan $True -DisableCatchupQuickScan $True -DisableEmailScanning $False -DisableRemovableDriveScanning $False -DisableRestorePoint $True -DisableScanningMappedNetworkDrivesForFullScan $True -DisableScanningNetworkFiles $False -DisableIOAVProtection $False -UILockdown $False -UnknownThreatDefaultAction "Quarantine" -LowThreatDefaultAction "Quarantine" -ModerateThreatDefaultAction "Quarantine" -HighThreatDefaultAction "Quarantine" -SevereThreatDefaultAction "Quarantine" -Force -DisableBlockAtFirstSeen $False -PUAProtection AuditMode -CloudBlockLevel 0 -EnableNetworkProtection AuditMode -EnableControlledFolderAccess AuditMode -EnableFileHashComputation $False -EnableFullScanOnBatteryPower $False -DisableTlsParsing $False -DisableHttpParsing $False -DisableDnsParsing $False -DisableDnsOverTcpParsing $False -DisableSshParsing $False -AllowNetworkProtectionDownLevel $True -AllowDatagramProcessingOnWinServer $True -EnableDnsSinkhole $False -DisableInboundConnectionFiltering $False -DisableRdpParsing $False