Public/Remove-MpAllowedThreats.ps1
|
function Remove-MpAllowedThreats { <# .SYNOPSIS Removes all threats from Windows Defender's allowed threats list. .DESCRIPTION Resets Windows Defender's allowed threats list by removing all previously allowed threats. This will cause Windows Defender to take the default action for these threats in the future. .EXAMPLE Remove-MpAllowedThreats .OUTPUTS None #> [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')] param() try { # Get current allowed threats for reporting $currentAllowed = Get-MpAllowedThreats if ($null -eq $currentAllowed -or $currentAllowed.Count -eq 0) { Write-Host "No allowed threats found. Nothing to remove." -ForegroundColor Yellow return } # Report what will be removed Write-Host "The following threats will be removed from the allowed list:" -ForegroundColor Cyan foreach ($threat in $currentAllowed) { Write-Host " - $($threat.ThreatID): $($threat.ThreatName)" -ForegroundColor Yellow } # Use ShouldProcess to confirm the action if ($PSCmdlet.ShouldProcess("Windows Defender", "Remove all allowed threats")) { Write-Host "Removing all allowed threats..." -ForegroundColor Yellow Remove-MpPreference -ThreatIDDefaultAction_Ids 0 -ThreatIDDefaultAction_Actions NoAction Write-Host "Successfully removed all allowed threats!" -ForegroundColor Green } } catch { Write-Error "An error occurred while removing allowed threats: $_" } } |