Skip to content

Instantly share code, notes, and snippets.

@alexverboon
Created March 23, 2020 21:23
Show Gist options
  • Save alexverboon/cf0575200e4d69fd4edce76636c4780c to your computer and use it in GitHub Desktop.
Save alexverboon/cf0575200e4d69fd4edce76636c4780c to your computer and use it in GitHub Desktop.
Start-MDATPAnalyzer
Function Start-MDATPAnalyzer{
<#
.Synopsis
Start-MDATPAnalyzer
.DESCRIPTION
Start-MDATPAnalyzer downloads and then runs the Microsoft Defender Connectivity Analyzer tool referenced here:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#verify-client-connectivity-to-microsoft-defender-atp-service-urls
.PARAMETER TargetPath
Location where MDATP Analyzer will be downloaded and executed from.
.NOTES
v1, 23.03.2020, alex verboon
.EXAMPLE
Start-MDATPAnalyzer -TargetPath C:\TEMP\MDATP
#>
[CmdletBinding()]
param
(
# The path where the MDATP Analyzer is stored and executed
[Parameter(Mandatory=$false,
ValueFromPipelineByPropertyName=$true,
Position=0)]
[string]$TargetPath
)
function Test-Elevated
{
[CmdletBinding()]
[OutputType([bool])]
Param()
return (([Security.Principal.WindowsIdentity]::GetCurrent()).Groups -contains "S-1-5-32-544")
}
if (-not (Test-Elevated))
{
throw 'This script must be run from an elevated PowerShell prompt.'
}
# the place where we store the MD Analyzer Tool and results
If([string]::IsNullOrEmpty($TargetPath))
{
$DestinationUnzipPath = 'C:\MDATPTools\'
Write-Output "$TargetPath is empty, so we will store things in $DestinationUnzipPath"
}
Else
{
$DestinationUnzipPath = $Targetpath
Write-Output "Content will be stored to: $DestinationUnzipPath"
}
# Microsoft Defender ATP Analyzer Download Link
$MDATPClientAnalyzerURL = 'https://aka.ms/mdatpanalyzer'
$MDATPClientAnalyzerFolder = (Split-Path $MDATPClientAnalyzerURL -Leaf).Replace('.zip','')
$DownloadPath = "$env:USERPROFILE\Downloads"
$OutFileName = 'MDATPClientAnalyzer.zip'
$OutFile = (Join-Path -Path $DownloadPath -ChildPath $OutFileName)
Invoke-WebRequest -UseBasicParsing -Uri $MDATPClientAnalyzerURL -OutFile $OutFile
Expand-Archive -Path $OutFile -DestinationPath $DestinationUnzipPath -force
$file = Get-ChildItem -Path $DestinationUnzipPath -Filter "m*.cmd" | Select-Object -ExpandProperty FullName
Try{
Start-Process powershell.exe -Verb RunAs -ArgumentList "$file -Ready" -Wait
# Explain where to find the results
Write-output "The resutls are stored in the following location: $DestinationUnzipPath\MDATPClientAnalyzerResult"
}
Catch{
Write-Error "Something went wrong!"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment