PowerShellProtect.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
function Install-PowerShellProtect {
    if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    {
        Write-Warning "PowerShell Protect installation requires admin privileges."
        return
    }

    $OSVersion = [Version](Get-CimInstance -ClassName Win32_OperatingSystem).Version
    if ($OSVersion -lt [Version]::new(10, 0))
    {
        Write-Warning "PowerShell Protect is supported on Windows 10 and Windows Server 2016 or later."
        return
    }

    & "$Env:windir\system32\regsvr32.exe" /s "$PSScriptRoot\x64\AmsiProvider.dll"
    & "$Env:windir\syswow64\regsvr32.exe" /s "$PSScriptRoot\x86\AmsiProvider.dll"

    if (-not (Test-Path "$ProgramData\PowerShellProtect\config.xml"))
    {
        Set-PSPConfiguration -ConfigurationFilePath "$PSScriptRoot\config.xml" -FileSystem
    }

    Write-Host -ForegroundColor Green -Object "PowerShell Protect installed successfully and watching for known exploits! You can read more about configuring PowerShell Protect by visiting the documentation: https://docs.powershellprotect.com"
}

function Uninstall-PowerShellProtect {
    param([Switch]$Force)

    & "$Env:windir\system32\regsvr32.exe" /s /u "$PSScriptRoot\x64\AmsiProvider.dll"
    & "$Env:windir\syswow64\regsvr32.exe" /s /u "$PSScriptRoot\x86\AmsiProvider.dll"

    if ($Force) {
        Restart-Computer
    } else {
        Write-Warning "You will need to restart your machine to ensure PowerShell Protect has been unloaded."
    }
}