Kaseya Community

Windows Defender Install Script

  • I tried modifying the AntiSpyware script, but it is failing.

    Legacy Forum Name: Windows Defender Install Script,
    Legacy Posted By Username: rvines
  • Don't have an installer, but here's some info we collected on silent install and event logs. Should help you get it done. First, download the WindowsDefender.msi install and put it on the Kaseya server. When you run the script, make sure the agent can find the .MSI.

    Install command line: msiexec /i WindowsDefender.msi /passive /norestart

    Scan command line: C:\Program Files\Windows Defender>MpCmdRun scan

    MpCmdRun.exe Usage:

    Commands:

    Scan - Runs System Scan
    -ScanType config, 1 (quick) or 2 (full), default 2
    -Privileges restricted or full, default full

    SignatureUpdate - Runs Signature Update

    Useful System Log Events:
    - Source: WinDefend, Event ID: 1000, scan has started
    - Source: WinDefend, Event ID: 1001, scan has finished
    - Source: WinDefend, Event ID: 1007, took action to protect from pot. malware
    - Source: WinDefend, Event ID: 2000, signature version has been updated

    From another thread here, someone mentioned that a file exists in the MS Antispyware program directory: gcThreatAuditIgnoredThreatsData.gcdwhich contains a list of files to be ignored. This would be useful to ignore VNC which is part of Kaseya.

    Good luck.



    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: jlawrence@databalance.com
  • Don't have an installer, but here's some info we collected on silent install and event logs. Should help you get it done. First, download the WindowsDefender.msi install and put it on the Kaseya server. When you run the script, make sure the agent can find the .MSI.

    Install command line: msiexec /i WindowsDefender.msi /passive /norestart

    Scan command line: C:\Program Files\Windows Defender>MpCmdRun scan

    MpCmdRun.exe Usage:

    Commands:

    Scan - Runs System Scan
    -ScanType config, 1 (quick) or 2 (full), default 2
    -Privileges restricted or full, default full

    SignatureUpdate - Runs Signature Update

    Useful System Log Events:
    - Source: WinDefend, Event ID: 1000, scan has started
    - Source: WinDefend, Event ID: 1001, scan has finished
    - Source: WinDefend, Event ID: 1007, took action to protect from pot. malware
    - Source: WinDefend, Event ID: 2000, signature version has been updated

    From another thread here, someone mentioned that a file exists in the MS Antispyware program directory: gcThreatAuditIgnoredThreatsData.gcdwhich contains a list of files to be ignored. This would be useful to ignore VNC which is part of Kaseya.

    Good luck.



    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: jlawrence@databalance.com
  • Don't have an installer, but here's some info we collected on silent install and event logs. Should help you get it done. First, download the WindowsDefender.msi install and put it on the Kaseya server. When you run the script, make sure the agent can find the .MSI.

    Install command line: msiexec /i WindowsDefender.msi /passive /norestart

    Scan command line: C:\Program Files\Windows Defender>MpCmdRun scan

    MpCmdRun.exe Usage:

    Commands:

    Scan - Runs System Scan
    -ScanType config, 1 (quick) or 2 (full), default 2
    -Privileges restricted or full, default full

    SignatureUpdate - Runs Signature Update

    Useful System Log Events:
    - Source: WinDefend, Event ID: 1000, scan has started
    - Source: WinDefend, Event ID: 1001, scan has finished
    - Source: WinDefend, Event ID: 1007, took action to protect from pot. malware
    - Source: WinDefend, Event ID: 2000, signature version has been updated

    From another thread here, someone mentioned that a file exists in the MS Antispyware program directory: gcThreatAuditIgnoredThreatsData.gcdwhich contains a list of files to be ignored. This would be useful to ignore VNC which is part of Kaseya.

    Good luck.



    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: jlawrence@databalance.com
  • Don't have an installer, but here's some info we collected on silent install and event logs. Should help you get it done. First, download the WindowsDefender.msi install and put it on the Kaseya server. When you run the script, make sure the agent can find the .MSI.

    Install command line: msiexec /i WindowsDefender.msi /passive /norestart

    Scan command line: C:\Program Files\Windows Defender>MpCmdRun scan

    MpCmdRun.exe Usage:

    Commands:

    Scan - Runs System Scan
    -ScanType config, 1 (quick) or 2 (full), default 2
    -Privileges restricted or full, default full

    SignatureUpdate - Runs Signature Update

    Useful System Log Events:
    - Source: WinDefend, Event ID: 1000, scan has started
    - Source: WinDefend, Event ID: 1001, scan has finished
    - Source: WinDefend, Event ID: 1007, took action to protect from pot. malware
    - Source: WinDefend, Event ID: 2000, signature version has been updated

    From another thread here, someone mentioned that a file exists in the MS Antispyware program directory: gcThreatAuditIgnoredThreatsData.gcdwhich contains a list of files to be ignored. This would be useful to ignore VNC which is part of Kaseya.

    Good luck.



    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: jlawrence@databalance.com
  • I am trying to use the script to install Windows Defender, but it is failing on a machine that has not yet run the Windows Genuine Advantage validation tool. Anyone know how to get that to run via Kaseya?

    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: David_Schrag
  • You can avoid the Genuine Advantage check if you follow these steps.


    1. Start a normal install using WindowsDefender.msi
    2. Stop at the first install screen
    3. Navigate to the Windows temp folder; usually C:\Documents and Settings\\Local Settings\Temp
    4. You should see an MSI file named something like 37543b.msi (the file name is different each time you run WindowsDefender.msi). Copy this MSI file to another location
    5. Cancel out of the Windows Defender install
    6. The captured MSI file will install Windows Defender without the Genuine Advantage check. Rename the MSI file & upload to the Kaseya server
    7. Use a Kaseya script to install Windows Defender onto client machines, refer example below

    Script Name: Win Defender Install
    Script Description:

    IF Test File
    Parameter 1 : %systemdrive%\temp\WinDef.msi
    Exists :
    THEN
    Execute File
    Parameter 1 : %systemroot%\system32\msiexec.exe
    Parameter 2 : /i %systemdrive%\temp\WinDef.msi /qn
    Parameter 3 : 3
    OS Type : 0
    ELSE

    NOTE: If you use "Execute Shell Command", the user can see the command shell running, whereas if you use "Execute File" it will be silent to the end user.


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: TechOnline
  • Be aware that Windows Defender will detect VNC and Radmin as threats and remove them from the computer by default, disabling your remote control.


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: misolutions
  • TechOnline,

    Good job withthe script. It does indeed work.

    Any ideas how create an allow list in advance to allow RealVNC?

    Any idea how to set the default scanning options via a script? By default after I ran the install script, it was set to NOT check for updated definitions and to NOT apply actions after scanning (both boxes were unchecked in the Settings area).




    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: kentschu
  • Thats the big problem that I have with windows defender is tat it blocks VNC , if anybody could figure this out that woudl be splendid.

    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: seangoss
  • When I run this script, msiexec starts but never installs the app. Does the /qn option actually work with this app?

    Is there something that I have to do to the .msi to make it install using the /q option?


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: rvines
  • I still get a validation error even after following the instructions on extracting the .msi.

    Anyone actually using this series of scripts successfully?


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: rvines
  • ok, it appears that the PC needs to have run the genuine advantage Active x control in order for the error not to appear.

    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: rvines
  • Although I did do a bit of initial testing onthe process, it now appears that it only works under some limited circumstances.Sad

    I have not had time to do any further work on this, but we definitely plan to use Windows Defender.

    Any one with any ideas on cracking this one would be greatly appreciated.

    Cheers, Ian


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: TechOnline
  • There is a way to overcome the WGA problem when installing Windows Defender, take a look at the following link:

    http://wiki.djlizard.net/WGA

    Cheers, Ian


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: TechOnline