byinarie · September 18, 2023 22:23
diff --git a/getdef.ps1 b/getdef.ps1
 $REGISTRY_KEYS = @(
    'SOFTWARE\Policies\Microsoft\Windows Defender',
    'SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection',
    'SOFTWARE\Policies\Microsoft\Windows Defender\Reporting',
    'SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet'
 )

 $VALUES = @(
    'DisableAntiSpyware',
    'DisableAntiVirus',
    'DisableIntrusionPreventionSystem',
    'DisableBehaviorMonitoring',
    'DisableIOAVProtection',
    'DisableRealtimeMonitoring',
    'DisableOnAccessProtection',
    'DisableScanOnRealtimeEnable',
    'DisableEnhancedNotifications',
    'DisableBlockAtFirstSeen'
 )

 foreach ($key in $REGISTRY_KEYS) {
    Write-Host "Registry Key: $key"
    foreach ($valueName in $VALUES) {
        try {
            $value = Get-ItemProperty -Path "HKLM:\$key" -Name $valueName -ErrorAction Stop
            Write-Host "$valueName = $($value.$valueName)"
        } catch {
            Write-Host "Error retrieving $valueName from $key: $_"
        }
    }
    Write-Host ""
 }
	$REGISTRY_KEYS = @(
	'SOFTWARE\Policies\Microsoft\Windows Defender',
	'SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection',
	'SOFTWARE\Policies\Microsoft\Windows Defender\Reporting',
	'SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet'
	)

	$VALUES = @(
	'DisableAntiSpyware',
	'DisableAntiVirus',
	'DisableIntrusionPreventionSystem',
	'DisableBehaviorMonitoring',
	'DisableIOAVProtection',
	'DisableRealtimeMonitoring',
	'DisableOnAccessProtection',
	'DisableScanOnRealtimeEnable',
	'DisableEnhancedNotifications',
	'DisableBlockAtFirstSeen'
	)

	foreach ($key in $REGISTRY_KEYS) {
	Write-Host "Registry Key: $key"
	foreach ($valueName in $VALUES) {
	try {
	$value = Get-ItemProperty -Path "HKLM:\$key" -Name $valueName -ErrorAction Stop
	Write-Host "$valueName = $($value.$valueName)"
	} catch {
	Write-Host "Error retrieving $valueName from $key: $_"
	}
	}
	Write-Host ""
	}