-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Defender control module proposal #66
base: main
Are you sure you want to change the base?
Conversation
Defender Control module proposal. This is a PoC to disable Defender via registry keys over SMB. Additional functionality would also include starting and stopping the service, adding/removing exclusions, updating/removing signatures, etc Signed-off-by: PJ <byinarie@gmail.com>
added enable/disable dictionary Signed-off-by: PJ <byinarie@gmail.com>
re-add shebang/utf Signed-off-by: PJ <byinarie@gmail.com>
re-added admx reference Signed-off-by: PJ <byinarie@gmail.com>
final patch, added --options help Signed-off-by: PJ <byinarie@gmail.com>
@byinarie I like the module. Instead of outputting every single registry change, could you instead just write one message like "Defender Disabled" or "Defender Enabled" after they are changed successfully, and then do a debug message for each one? I can imagine if you are running this across several hosts it's going to absolutely spam the hell out of your terminal. |
Or info message:) |
Changed to merged into |
working on making the changes suggested here and a few others. Will submit when complete. Appreciate the feedback :) |
Hi there. Just saw this :) |
Signed-off-by: Marshall Hallenbeck <Marshall.Hallenbeck@gmail.com>
update: been busy with but will be finishing the code soon :) |
@byinarie any idea on when you'd be able to finish this? If not, what were you going to update? I find myself doing this manually, so I think this would be a great addition and can help out implement whatever you wanted to finish up adding. Let me know. |
This PoC module enables or disables Windows Defender via the registry over SMB, additional functionality would also include things like adding/removing exclusions, definitions, starting/stopping the service and so on.
Only submitting a PR with the mvp to get community feedback and thoughts on having this module be included in NetExec.
Reference Registry keys: https://admx.help/HKLM/Software/Policies/Microsoft/Windows%20Defender