Add Defender exceptions through right click

Discussion in 'Windows 10' started by wtarkan, Apr 21, 2018.

  1. wtarkan

    wtarkan MDL Member

    Sep 1, 2009
    151
    218
    10
  2. dhjohns

    dhjohns MDL Guru

    Sep 5, 2013
    3,276
    1,731
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. BAU

    BAU MDL Member

    Feb 10, 2009
    235
    329
    10
    Are you saying the .reg does not correctly add files as files, and folders as folders? Because it does for me.
    Quotes were a bitch to pass right :)
     
  4. dhjohns

    dhjohns MDL Guru

    Sep 5, 2013
    3,276
    1,731
    120
    Not saying that at all. I was using this PS script.
    Code:
    param([switch]$Elevated)
    
    function Test-Admin {
      $currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
      $currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
    }
    
    if ((Test-Admin) -eq $false)  {
        if ($elevated) 
        {
            # tried to elevate, did not work, aborting
        } 
        else {
            Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
    }
    
    exit
    }
    
    'running with full privileges'
    add-mppreference -exclusionprocess "%USERPROFILE%\desktop", "%USERPROFILE%\downloads", "E:\Portable_Files", "D:\Portable_Files", "F:\", "M:\OInstall.exe"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. BAU

    BAU MDL Member

    Feb 10, 2009
    235
    329
    10
    #6 BAU, Apr 22, 2018
    Last edited: Apr 22, 2018
    Yeah, to make it work it needs -ExclusionPath instead of -exclusionprocess, that one should only be used with filename.exe without path (not a great idea to wildcard exclude as such). -ExclusionPath implies blocking process too, only more specific.

    I very much hate everything about .ps1 scripts - not click to run, useless "security" feature that you can bypass with a parameter, so I always prefer to bundle anything powershell in batch files.
     
  6. wtarkan

    wtarkan MDL Member

    Sep 1, 2009
    151
    218
    10
    We can do the same with Powershell or vbs or something else but It's always good to offer choices , which one is simplest users will decide
     
  7. BAU

    BAU MDL Member

    Feb 10, 2009
    235
    329
    10
    There was a time when people even used cracks for AVs (in Kaspersky's and ESET's glory days) and most of those were malicious.
    It actually led to most AV vendors dropping lame time-limited shareware and providing a functional free version of their products, rather than have their reputation damaged by cracked versions.


    I'm not saying your tool is malicious - I'm just saying the subject is rather taboo to be manipulated by a third-party binary.
    Microsoft has provided powershell cmdlets to control Defender, and that's what should be used all the way.
    Don't let my post discourage you one bit - I actually appreciate the effort and quality you've put in your tool, looking forward to your next endeavor!
     
  8. wtarkan

    wtarkan MDL Member

    Sep 1, 2009
    151
    218
    10
    You are right it is a sensitive subject and trust is very important, thanks for your comment
     
  9. narpa

    narpa MDL Novice

    Nov 5, 2013
    4
    0
    0
    injector is so cool thank you

    i use it with commande line, or batch,

    samples

    dlinjector.Exe and bat in same file : dInjector.exe /A path or file to exclude
     
  10. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,509
    641
    60
    the colors is so intuitive
     
  11. wtarkan

    wtarkan MDL Member

    Sep 1, 2009
    151
    218
    10
    Do you mean wallpaper ? , I can share it :)