WindowsDefender_InternalEvaluationSettings

1.0

WindowsDefender_InternalEvaluationSettings.ps1

                                
<#PSScriptInfo

.VERSION 1.0

.GUID 86032f0b-c434-41ae-9aac-094ff69b2b9a

.AUTHOR iaanMSFT

.COMPANYNAME 

.COPYRIGHT 

.TAGS 

.LICENSEURI 

.PROJECTURI 

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES

#>

<# 

.DESCRIPTION 

 This script enables many protection capabilities of Windows Defender. These settings are not best practices or recommended settings for every organization, and should be used only when comparing Windows Defender or other 3rd party antimalware engines, not in production environments. 

#> 

Param()

<#  

.SYNOPSIS  

    This script sets Windows Defender to enable most features for internal evaluation protection capabilities in Windows 10 using the Windows Defender cmdlets https://technet.microsoft.com/en-us/library/dn433280.aspx

.NOTES  

    File Name  : WindowsDefender_InternalEvaluationSetting.ps1

    Author     : timnic

    Email      : Wdcustomer@microsoft.com

    Requires   : PowerShell V1

.EXAMPLE  

    PSH [C:\foo]: .\WindowsDefender_InternalEvaluationSetting.ps1

#>

##  

# Start of Script  

##

# =================================================================================================

#                                              Functions

# =================================================================================================

# Verifies that the script is running as admin

function Check-IsElevated

{

    $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()

    $p = New-Object System.Security.Principal.WindowsPrincipal($id)

    if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))

    {

        Write-Output $true

    }            

    else

    {

        Write-Output $false

    }       

}

# Verifies that script is running on Windows 10 or greater

function Check-IsWindows10

{

    if ([System.Environment]::OSVersion.Version.Major -ge "10") 

    {

        Write-Output $true

    }

    else

    {

        Write-Output $false

    }

}

# =================================================================================================

#                                              Main

# =================================================================================================

$scriptDate = Get-Date "12/1/2016"

$currentDate = Get-Date

if (!(Check-IsElevated))

{

    throw "Please run this script from an elevated powershell prompt"            

}

if (!(Check-IsWindows10))

{

    throw "Please run this script on Windows 10"            

}

Write-Host "`nUpdate Windows Defender settings`n" -ForegroundColor Green 

"Enable real time monitoring"

Set-MpPreference -DisableRealtimeMonitoring 0

"Enable cloud based protection"

Set-MpPreference -MAPSReporting Advanced

"Enable sample submission"

Set-MpPreference -SubmitSamplesConsent Always

"Enable checking signatures before scanning"

Set-MpPreference -CheckForSignaturesBeforeRunningScan 1

"Enable behavior monitoring"

Set-MpPreference -DisableBehaviorMonitoring 0

"Enable IOAV protection"

Set-MpPreference -DisableIOAVProtection 0

"Enable script scanning"

Set-MpPreference -DisableScriptScanning 0

"Enable removable drive scanning"

Set-MpPreference -DisableRemovableDriveScanning 0

"Enable block at first sight"

Set-MpPreference -DisableBlockAtFirstSeen 0

"Enable potentially unwanted apps"

Set-MpPreference -PUAProtection Enabled

"Schedule signature updates every 24 hours"

Set-MpPreference -SignatureUpdateInterval 24

Write-Host "`nSettings update complete"  -ForegroundColor Green

Write-Host "`nOutput Windows Defender settings status"  -ForegroundColor Green

Get-MpPreference

if ($scriptDate.AddDays(90) -lt $currentDate)

{

    Write-Host "`nThis script is older than 90 days and there may be an updated version located here: https://go.microsoft.com/fwlink/?linkid=835933`n" -ForegroundColor yellow        

}

#https://technet.microsoft.com/en-us/library/dn433280.aspx

#Set-MpPreference Options

#[-ExclusionPath <string[]>] 

#[-ExclusionExtension <string[]>] 

#[-ExclusionProcess <string[]>] 

#[-RealTimeScanDirection {Both | Incoming | Outcoming}] 

#[-QuarantinePurgeItemsAfterDelay <uint32>] 

#[-RemediationScheduleDay {Everyday | Sunday |  Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] 

#[-RemediationScheduleTime <datetime>] 

#[-ReportingAdditionalActionTimeOut <uint32>] 

#[-ReportingCriticalFailureTimeOut <uint32>] 

#[-ReportingNonCriticalTimeOut <uint32>] 

#[-ScanAvgCPULoadFactor <byte>] 

#[-CheckForSignaturesBeforeRunningScan <bool>] 

#[-ScanPurgeItemsAfterDelay <uint32>] 

#[-ScanOnlyIfIdleEnabled <bool>] 

#[-ScanParameters {QuickScan | FullScan}] 

#[-ScanScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] 

#[-ScanScheduleQuickScanTime <datetime>] 

#[-ScanScheduleTime <datetime>] 

#[-SignatureFirstAuGracePeriod <uint32>] 

#[-SignatureAuGracePeriod <uint32>] 

#[-SignatureDefinitionUpdateFileSharesSources <string>] 

#[-SignatureDisableUpdateOnStartupWithoutEngine <bool>] 

#[-SignatureFallbackOrder <string>] 

#[-SignatureScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] 

#[-SignatureScheduleTime <datetime>] 

#[-SignatureUpdateCatchupInterval <uint32>] 

#[-SignatureUpdateInterval <uint32>] 

#[-MAPSReporting {Disabled | Basic | Advanced}] 

#[-SubmitSamplesConsent {None | Always | Never}] 

#[-DisableAutoExclusions <bool>] 

#[-DisablePrivacyMode <bool>] 

#[-RandomizeScheduleTaskTimes <bool>] 

#[-DisableBehaviorMonitoring <bool>] 

#[-DisableIntrusionPreventionSystem <bool>] 

#[-DisableIOAVProtection <bool>] 

#[-DisableRealtimeMonitoring <bool>] 

#[-DisableScriptScanning <bool>] 

#[-DisableArchiveScanning <bool>] 

#[-DisableCatchupFullScan <bool>] 

#[-DisableCatchupQuickScan <bool>] 

#[-DisableEmailScanning <bool>] 

#[-DisableRemovableDriveScanning <bool>] 

#[-DisableRestorePoint <bool>] 

#[-DisableScanningMappedNetworkDrivesForFullScan <bool>] 

#[-DisableScanningNetworkFiles <bool>] 

#[-UILockdown <bool>] 

#[-ThreatIDDefaultAction_Ids <long[]>] 

#[-ThreatIDDefaultAction_Actions {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] 

#[-UnknownThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] 

#[-LowThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] 

#[-ModerateThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] 

#[-HighThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] 

#[-SevereThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] 

#[-Force] 

#[-DisableBlockAtFirstSeen <bool>] 

#[-PUAProtection {Disabled | Enabled | AuditMode}] 

#[-CimSession <CimSession[]>] 

#[-ThrottleLimit <int>] [-AsJob]  [<CommonParameters>]

exit 0