PowerShell: Windows Defender Controlled Folder Access

# Default Setting of Windows Defender:
PS C:\Windows\system32> get-mppreference
AttackSurfaceReductionOnlyExclusions :
AttackSurfaceReductionRules_Actions :
AttackSurfaceReductionRules_Ids :
CheckForSignaturesBeforeRunningScan : False
CloudBlockLevel : 0
CloudExtendedTimeout : 0
ComputerID :
ControlledFolderAccessAllowedApplications :
ControlledFolderAccessProtectedFolders :
DisableArchiveScanning : False
DisableAutoExclusions : False
DisableBehaviorMonitoring : False
DisableBlockAtFirstSeen : False
DisableCatchupFullScan : True
DisableCatchupQuickScan : True
DisableEmailScanning : True
DisableIntrusionPreventionSystem :
DisableIOAVProtection : False
DisablePrivacyMode : False
DisableRealtimeMonitoring : False
DisableRemovableDriveScanning : True
DisableRestorePoint : True
DisableScanningMappedNetworkDrivesForFullScan : True
DisableScanningNetworkFiles : False
DisableScriptScanning : False
EnableControlledFolderAccess : 0
EnableFileHashComputation : False
EnableLowCpuPriority : False
EnableNetworkProtection : 0
ExclusionExtension :
ExclusionPath :
ExclusionProcess :
HighThreatDefaultAction : 0
LowThreatDefaultAction : 0
MAPSReporting : 2
ModerateThreatDefaultAction : 0
PUAProtection : 0
QuarantinePurgeItemsAfterDelay : 90
RandomizeScheduleTaskTimes : True
RealTimeScanDirection : 0
RemediationScheduleDay : 0
RemediationScheduleTime : 02:00:00
ReportingAdditionalActionTimeOut : 10080
ReportingCriticalFailureTimeOut : 10080
ReportingNonCriticalTimeOut : 1440
ScanAvgCPULoadFactor : 50
ScanOnlyIfIdleEnabled : True
ScanParameters : 1
ScanPurgeItemsAfterDelay : 15
ScanScheduleDay : 0
ScanScheduleQuickScanTime : 00:00:00
ScanScheduleTime : 02:00:00
SevereThreatDefaultAction : 0
SharedSignaturesPath :
SignatureAuGracePeriod : 0
SignatureDefinitionUpdateFileSharesSources :
SignatureDisableUpdateOnStartupWithoutEngine : False
SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 120
SignatureScheduleDay : 8
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 0
SubmitSamplesConsent : 1
ThreatIDDefaultAction_Actions :
ThreatIDDefaultAction_Ids :
UILockdown : False
UnknownThreatDefaultAction : 0
PSComputerName :
# Get list of nodes in this cluster
$clusterNodes=get-clusternode|group|Select -ExpandProperty Name
# Disable Controlled Folder Access
$clusterNodes=get-clusternode|group|Select -ExpandProperty Name
$clusterNodes|%{invoke-command -computername $_ -scriptBlock {
Set-MpPreference -EnableControlledFolderAccess Disabled;
write-host "$env:computername`: WinDefender Folder Controlled Access is disabled."
}
}
# Enable
$clusterNodes|%{invoke-command -computername $_ -scriptBlock {
Set-MpPreference -EnableControlledFolderAccess Enabled;
write-host "$env:computername`: WinDefender Folder Controlled Access is disabled."
}
}

Leave a Reply

Your email address will not be published. Required fields are marked *