Kaseya Community

Windows Dender - Install/Un-install, Update Defs, Scan

  • InstallDefender.txt
    Hello!

    I have been putting together a bunch of Windows Defender Scripts. Help me improve these! This is my first try at trying to get some mana. Wink Be easy on me, I have only been using Kaseya for a week!

    InstallDefender.txt - Installs Defender

    Script Name: Windows Defender Install
    Script Description: This will install windows defender beta 2.

    IF True
    THEN
    Write Script Log Entry
    Parameter 1 : Starting Script, Downloading File
    OS Type : 0
    Write File
    Parameter 1 : %systemdrive%tempWindowsDefB2.msi
    Parameter 2 : VSASharedFiles.WindowsDefB2.msi
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : File Downloaded, Now Install
    OS Type : 0
    Execute File
    Parameter 1 : %systemroot%system32msiexec.exe
    Parameter 2 : /i %systemdrive%tempWindowsDefB2.msi /qn
    Parameter 3 : 3
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : Win Defender Installed
    OS Type : 0
    ELSE



    Un-InstallDefender.txt - Un-installs Defender

    Script Name: Windows Defender Uninstall
    Script Description: Un-install windows defender.

    IF True
    THEN
    Write Script Log Entry
    Parameter 1 : Starting the removal of Windows Defender
    OS Type : 0
    Execute Shell Command
    Parameter 1 : MsiExec.exe /X {CAB99E06-B92F-4AE0-89AD-D9AC5991046F} /L *vx /Log c:wdf.log /quiet
    Parameter 2 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : Removed Windows Defender
    OS Type : 0
    ELSE



    WD-UpdateDefs.txt - Updates the definitions of defender from the internet

    Script Name: Windows Defender Update Defs
    Script Description:

    IF Test File
    Parameter 1 : CStick out tonguerogram FilesWindows DefenderMpCmdRun.exe
    Exists :
    THEN
    Write Script Log Entry
    Parameter 1 : Windows Defender Found. Updating Definitions
    OS Type : 0
    Execute File
    Parameter 1 : CStick out tonguerogram FilesWindows DefenderMpCmdRun.exe
    Parameter 2 : signatureupdate
    Parameter 3 : 1
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : Windows Defender Updated
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : Windows Defender not installed. Please install before updating.
    OS Type : 0



    Windows Defender Full Scan.txt - This will do a full system scan.

    Script Name: Windows Defender Full Scan
    Script Description:

    IF Test File
    Parameter 1 : CStick out tonguerogram FilesWindows DefenderMpCmdRun.exe
    Exists :
    THEN
    Write Script Log Entry
    Parameter 1 : Windows Defender Installed. Scanning Computer.
    OS Type : 0
    Execute File
    Parameter 1 : CStick out tonguerogram FilesWindows DefenderMpCmdRun.exe
    Parameter 2 : scan
    Parameter 3 : 0
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : Windows Defender is not installed.
    OS Type : 0


    Windows Defender - Install, Update, Scan.txt - Installs defender if missing, updates the defs, and then scans the computer. If defender is already installed it updates the defs and then scans.

    Script Name: Windows Defender - Install, Update, Scan
    Script Description:

    IF Test File
    Parameter 1 : CStick out tonguerogram FilesWindows DefenderMpCmdRun.exe
    Absent :
    THEN
    Execute Script
    Parameter 1 : Windows Defender Install (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    Execute Script
    Parameter 1 : Windows Defender Update Defs (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    Execute Script
    Parameter 1 : Windows Defender Full Scan (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : Windows Defender Already Installed, Updating Defs
    OS Type : 0
    Execute Script
    Parameter 1 : Windows Defender Update Defs (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    Execute Script
    Parameter 1 : Windows Defender Full Scan (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0


    Enjoy!


    Legacy Forum Name: Windows Dender - Install/Un-install, Update Defs, Scan,
    Legacy Posted By Username: far182
  • I still wonder if there is a way to keep the windows defender from blocking VNC.

    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: seangoss
  • I first tried the Update script, but it failed. The Script Log said that I didn't have Windows Defender installed. I know it was installed, and so I did some checking. I have had this installed since Microsoft bought out Giant, and so its path is different than your script was expecting. Also, there is no file named "MpCmdRun.exe" on my machine.

    Next, I tried to run the install script on a separate PC, but of course it failed. I don't have the WindowsDefB2.msi file. Doh! Where can I get this file? I tried MS's website and got no response, and then I tried to Google it, and got zero responses. Any help?


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: mbtimmons
  • This link looks like detailed instructions on how to create the MSI package for deployment. I haven't played with it. Let us know how it works out.

    http://www.appdeploy.com/packages/detail.asp?id=698


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: dlowenth
  • There is another post on DEFINDER on the forums here that explains in detail, but basically you start the normal Windows Defender Install and when you get to the license agreement window.. look in your systemroot\documents and settings\userprofile\localsetting\temp. There will be a new MSI file and this will be the defender install without the license agreement.

    -Farzon


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: far182
  • Checkout this thread - http://www.kaseya.com/kforum/view_topic.php?id=634&forum_id=14

    Regards, Ian


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: TechOnline
  • There is, Defender seems to translate an allowed executable to a code number (ex. 5690) in the registry. Found it while trying to figure out how to install and manage the thing. I shelved it for the time being. I discovered the numbers that associate w/ the apps in a /log filein this directory: C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support



    It appears that defender logs it's scans and results here. Mine only showed 2 apps it wanted to stop, RealVNC and Dameware Remote control. The rest of the stuff was classified as unknown so they all seemed to share the same "number" identifying that particular app.

    [Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction]
    "7480"=dword:00000006"]


    If you save the text inbrackets (remove the brackets)to a .reg file, and run it against the pc's w/ Window Defender, this will add RealVNC to the allwed apps in Defender.

    The numbers in the registryshow up when you allow apps (RealVNC in this case) Hope this helps someone. Please post back if anyone really cracks how to install this thing and manage it from Kaseya, I'll do the same. Todd


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: realtime-it
  • We are managing it from Kaseya. To around 200 clients. No problems. The scripts I provided work but they only show you how todo it for yourself.


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: far182