wecsam · March 23, 2018 22:27
diff --git a/Controlled Folder Access Log.bat b/Controlled Folder Access Log.bat
 @REM Pull events with IDs 1123, 1124, and 5007 from the last day.
 @REM Get-WinEvent "Microsoft-Windows-Windows Defender/Operational" | ? { $_.Id -eq 1123 -or $_.Id -eq 1124 -or $_.Id -eq 5007 } | ? { ((Get-Date) - $_.TimeCreated).TotalDays -le 1 } | Format-List
 @powershell -EncodedCommand RwBlAHQALQBXAGkAbgBFAHYAZQBuAHQAIAAiAE0AaQBjAHIAbwBzAG8AZgB0AC0AVwBpAG4AZABvAHcAcwAtAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIALwBPAHAAZQByAGEAdABpAG8AbgBhAGwAIgAgAHwAIAA/ACAAewAgACQAXwAuAEkAZAAgAC0AZQBxACAAMQAxADIAMwAgAC0AbwByACAAJABfAC4ASQBkACAALQBlAHEAIAAxADEAMgA0ACAALQBvAHIAIAAkAF8ALgBJAGQAIAAtAGUAcQAgADUAMAAwADcAIAB9ACAAfAAgAD8AIAB7ACAAKAAoAEcAZQB0AC0ARABhAHQAZQApACAALQAgACQAXwAuAFQAaQBtAGUAQwByAGUAYQB0AGUAZAApAC4AVABvAHQAYQBsAEQAYQB5AHMAIAAtAGwAZQAgADEAIAB9ACAAfAAgAEYAbwByAG0AYQB0AC0ATABpAHMAdAA=
 @PAUSE
	@REM Pull events with IDs 1123, 1124, and 5007 from the last day.
	@REM Get-WinEvent "Microsoft-Windows-Windows Defender/Operational" \| ? { $_.Id -eq 1123 -or $_.Id -eq 1124 -or $_.Id -eq 5007 } \| ? { ((Get-Date) - $_.TimeCreated).TotalDays -le 1 } \| Format-List
	@powershell -EncodedCommand RwBlAHQALQBXAGkAbgBFAHYAZQBuAHQAIAAiAE0AaQBjAHIAbwBzAG8AZgB0AC0AVwBpAG4AZABvAHcAcwAtAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIALwBPAHAAZQByAGEAdABpAG8AbgBhAGwAIgAgAHwAIAA/ACAAewAgACQAXwAuAEkAZAAgAC0AZQBxACAAMQAxADIAMwAgAC0AbwByACAAJABfAC4ASQBkACAALQBlAHEAIAAxADEAMgA0ACAALQBvAHIAIAAkAF8ALgBJAGQAIAAtAGUAcQAgADUAMAAwADcAIAB9ACAAfAAgAD8AIAB7ACAAKAAoAEcAZQB0AC0ARABhAHQAZQApACAALQAgACQAXwAuAFQAaQBtAGUAQwByAGUAYQB0AGUAZAApAC4AVABvAHQAYQBsAEQAYQB5AHMAIAAtAGwAZQAgADEAIAB9ACAAfAAgAEYAbwByAG0AYQB0AC0ATABpAHMAdAA=
	@PAUSE
No results found