Public/Add-MpAllowThreat.ps1
|
function Add-MpAllowThreat { <# .SYNOPSIS Adds a threat to Windows Defender's allowed threats list. .DESCRIPTION Allows the user to select a threat from a list and add it to Windows Defender's allowed threats, preventing Windows Defender from taking action against it. .EXAMPLE Add-MpAllowThreat .OUTPUTS None #> [CmdletBinding()] param() try { # Initialize the MP threats data $initResult = Initialize-MPThreats if (-not $initResult) { Write-Error "Failed to initialize threat data" return } $mpthreats = $Script:mpthreats # Check if there are any threats to display if ($null -eq $mpthreats -or $mpthreats.Count -eq 0) { Write-Host "No threats detected to allow." -ForegroundColor Yellow return } # Display available threats Write-Host "`nSelect the Threat you want to allow:" -ForegroundColor Cyan $threat_index = 0 foreach ($threat in $mpthreats) { Write-Host "[$threat_index] - ThreatID $($threat.ThreatID) ($($threat.ThreatName))" $threat_index++ } # Get user selection try { [int]$threatIndexInput = Read-Host "Enter the [number]" # Validate input range if ($threatIndexInput -lt 0 -or $threatIndexInput -ge $mpthreats.Count) { Write-Host "[!] Invalid selection. Please enter a number between 0 and $($mpthreats.Count - 1)" -ForegroundColor Red return } $allow_input_tid = $mpthreats[$threatIndexInput].ThreatID $allow_input_name = $mpthreats[$threatIndexInput].ThreatName } catch { Write-Host "[!] An error occurred: $_" -ForegroundColor Red return } # Final validation if ($null -eq $allow_input_tid) { Write-Host "[!] Input Error for ThreatID" -ForegroundColor Red return } # Add the threat to allowed list Write-Host "Allowing ThreatID $allow_input_tid $allow_input_name" -ForegroundColor Yellow Add-MpPreference -ThreatIDDefaultAction_Ids $allow_input_tid -ThreatIDDefaultAction_Actions Allow Write-Host "Done!" -ForegroundColor Green } catch { Write-Error "An error occurred while adding threat to allowed list: $_" } } |