WindowsDefender_InternalEvaluationSettings.ps1
<#PSScriptInfo .VERSION 1.0 .GUID 86032f0b-c434-41ae-9aac-094ff69b2b9a .AUTHOR iaanMSFT .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION This script enables many protection capabilities of Windows Defender. These settings are not best practices or recommended settings for every organization, and should be used only when comparing Windows Defender or other 3rd party antimalware engines, not in production environments. #> Param() <# .SYNOPSIS This script sets Windows Defender to enable most features for internal evaluation protection capabilities in Windows 10 using the Windows Defender cmdlets https://technet.microsoft.com/en-us/library/dn433280.aspx .NOTES File Name : WindowsDefender_InternalEvaluationSetting.ps1 Author : timnic Email : Wdcustomer@microsoft.com Requires : PowerShell V1 .EXAMPLE PSH [C:\foo]: .\WindowsDefender_InternalEvaluationSetting.ps1 #> ## # Start of Script ## # ================================================================================================= # Functions # ================================================================================================= # Verifies that the script is running as admin function Check-IsElevated { $id = [System.Security.Principal.WindowsIdentity]::GetCurrent() $p = New-Object System.Security.Principal.WindowsPrincipal($id) if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)) { Write-Output $true } else { Write-Output $false } } # Verifies that script is running on Windows 10 or greater function Check-IsWindows10 { if ([System.Environment]::OSVersion.Version.Major -ge "10") { Write-Output $true } else { Write-Output $false } } # ================================================================================================= # Main # ================================================================================================= $scriptDate = Get-Date "12/1/2016" $currentDate = Get-Date if (!(Check-IsElevated)) { throw "Please run this script from an elevated powershell prompt" } if (!(Check-IsWindows10)) { throw "Please run this script on Windows 10" } Write-Host "`nUpdate Windows Defender settings`n" -ForegroundColor Green "Enable real time monitoring" Set-MpPreference -DisableRealtimeMonitoring 0 "Enable cloud based protection" Set-MpPreference -MAPSReporting Advanced "Enable sample submission" Set-MpPreference -SubmitSamplesConsent Always "Enable checking signatures before scanning" Set-MpPreference -CheckForSignaturesBeforeRunningScan 1 "Enable behavior monitoring" Set-MpPreference -DisableBehaviorMonitoring 0 "Enable IOAV protection" Set-MpPreference -DisableIOAVProtection 0 "Enable script scanning" Set-MpPreference -DisableScriptScanning 0 "Enable removable drive scanning" Set-MpPreference -DisableRemovableDriveScanning 0 "Enable block at first sight" Set-MpPreference -DisableBlockAtFirstSeen 0 "Enable potentially unwanted apps" Set-MpPreference -PUAProtection Enabled "Schedule signature updates every 24 hours" Set-MpPreference -SignatureUpdateInterval 24 Write-Host "`nSettings update complete" -ForegroundColor Green Write-Host "`nOutput Windows Defender settings status" -ForegroundColor Green Get-MpPreference if ($scriptDate.AddDays(90) -lt $currentDate) { Write-Host "`nThis script is older than 90 days and there may be an updated version located here: https://go.microsoft.com/fwlink/?linkid=835933`n" -ForegroundColor yellow } #https://technet.microsoft.com/en-us/library/dn433280.aspx #Set-MpPreference Options #[-ExclusionPath <string[]>] #[-ExclusionExtension <string[]>] #[-ExclusionProcess <string[]>] #[-RealTimeScanDirection {Both | Incoming | Outcoming}] #[-QuarantinePurgeItemsAfterDelay <uint32>] #[-RemediationScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] #[-RemediationScheduleTime <datetime>] #[-ReportingAdditionalActionTimeOut <uint32>] #[-ReportingCriticalFailureTimeOut <uint32>] #[-ReportingNonCriticalTimeOut <uint32>] #[-ScanAvgCPULoadFactor <byte>] #[-CheckForSignaturesBeforeRunningScan <bool>] #[-ScanPurgeItemsAfterDelay <uint32>] #[-ScanOnlyIfIdleEnabled <bool>] #[-ScanParameters {QuickScan | FullScan}] #[-ScanScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] #[-ScanScheduleQuickScanTime <datetime>] #[-ScanScheduleTime <datetime>] #[-SignatureFirstAuGracePeriod <uint32>] #[-SignatureAuGracePeriod <uint32>] #[-SignatureDefinitionUpdateFileSharesSources <string>] #[-SignatureDisableUpdateOnStartupWithoutEngine <bool>] #[-SignatureFallbackOrder <string>] #[-SignatureScheduleDay {Everyday | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Never}] #[-SignatureScheduleTime <datetime>] #[-SignatureUpdateCatchupInterval <uint32>] #[-SignatureUpdateInterval <uint32>] #[-MAPSReporting {Disabled | Basic | Advanced}] #[-SubmitSamplesConsent {None | Always | Never}] #[-DisableAutoExclusions <bool>] #[-DisablePrivacyMode <bool>] #[-RandomizeScheduleTaskTimes <bool>] #[-DisableBehaviorMonitoring <bool>] #[-DisableIntrusionPreventionSystem <bool>] #[-DisableIOAVProtection <bool>] #[-DisableRealtimeMonitoring <bool>] #[-DisableScriptScanning <bool>] #[-DisableArchiveScanning <bool>] #[-DisableCatchupFullScan <bool>] #[-DisableCatchupQuickScan <bool>] #[-DisableEmailScanning <bool>] #[-DisableRemovableDriveScanning <bool>] #[-DisableRestorePoint <bool>] #[-DisableScanningMappedNetworkDrivesForFullScan <bool>] #[-DisableScanningNetworkFiles <bool>] #[-UILockdown <bool>] #[-ThreatIDDefaultAction_Ids <long[]>] #[-ThreatIDDefaultAction_Actions {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] #[-UnknownThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] #[-LowThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] #[-ModerateThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] #[-HighThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] #[-SevereThreatDefaultAction {Clean | Quarantine | Remove | Allow | UserDefined | NoAction | Block}] #[-Force] #[-DisableBlockAtFirstSeen <bool>] #[-PUAProtection {Disabled | Enabled | AuditMode}] #[-CimSession <CimSession[]>] #[-ThrottleLimit <int>] [-AsJob] [<CommonParameters>] exit 0 |