if(Get-ExecutionPolicy -ine "Bypass"){Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -Force |Out-Null}
$NonDCs = gc D:\powershell\input\serverslist.csv
$NonDCs.Count
#Check if WinDef is installed and install WinDef if not
#if(!(Get-WindowsFeature -Name Windows-Defender-Features -ComputerName $NonDC)){ Install-Windowsfeature -Verbose -ComputerName $server -IncludeAllSubFeature -WhatIf|out-null} #remove '-Whatif' when ready
foreach ($NonDC in $NonDCs) {
$WinDefInstalled = Get-MPComputerStatus -CimSession $NonDC -ea Stop;
$disablerealtimemonitoring = (get-MpPreference -CimSession $NonDC).DisableRealtimeMonitoring
if((($WinDefInstalled).ComputerState -ine "0") -or ($WinDefInstalled.AMEngineVersion -ieq "0.0.0.0")){continue}
if($disablerealtimemonitoring -ieq $True){
Write-Host "Windows Defender is already set to Soft-Passive mode $disablerealtimemonitoring on $NonDC"
} else {
# Set Windows Defender to passive mode
Set-MpPreference -DisableRealtimeMonitoring:$true -Force -Verbose -ea Stop -CimSession $NonDC
Write-Host "Windows Defender has been set to Soft-Passive Mode on $NonDC"
}
}As you can see, Microsoft’s syntax is wrong:
They show the syntax for setting soft-passive mode as ‘Set-MpPreference -DisableRealtimeMonitoring $true’ when it is ‘Set-MpPreference -DisableRealtimeMonitoring:$true’ <– NOTE THE COLON??? Arrrrgghhhh!
I cannot tell you how frustrating it is when code is not written to give you ANY response unless you get the syntax EXACTLY right. *SIGH*
A BIG Thank you to Simeon On Security for the syntax hint on their website that landed this script.
NOTE: The REASON for soft-passive mode is so Windows Defender SHUTS UP and stop scanning everything, unless specifically commanded by Intune to do so.
P.s. The Windows Defender will set to DisableRealtimeMonitoring:$true without a restart of the service AND the set does take a few minutes sometimes…