-
-
Save alexyorke/aa9288fe7c3dc40b48d6c0a6d085d65b to your computer and use it in GitHub Desktop.
Adds useful exceptions to Windows Defender for node.js developers. MUST BE RUN as an administrator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(` | |
[Security.Principal.WindowsBuiltInRole] "Administrator")) | |
{ | |
Write-Warning "You do not have Administrator rights to run this script!`nPlease re-run this script as an Administrator!" | |
Break | |
} | |
Write-Host "Excluding appdata NPM folder and Node.JS install folder from Windows Defender." | |
Add-MpPreference -ExclusionPath ([System.Environment]::ExpandEnvironmentVariables("%APPDATA%\npm\")) | |
Add-MpPreference -ExclusionPath (Get-ItemProperty "HKLM:SOFTWARE\Node.js" | Select-Object -Property InstallPath) | |
Write-Host "Excluding node related executables from Windows Defender." | |
# TODO: Clean up. Do I need .exe? Do I need full path? Can't find a real answer. Brute forcing works though the security risk is real. | |
# Maybe don't run this in an enterprise environment. Fork if you have a good answer :) | |
("node", "node.exe", "Expo XDE.exe", "yarn", "yarn.exe", "vscode", "vscode.exe") | foreach {Add-MpPreference -ExclusionProcess $_} | |
# Visual Studio exceptions https://gist.github.com/dknoodle/5a66b8b8a3f2243f4ca5c855b323cb7b | |
$userPath = $env:USERPROFILE | |
$pathExclusions = New-Object System.Collections.ArrayList | |
$processExclusions = New-Object System.Collections.ArrayList | |
$pathExclusions.Add('C:\Windows\Microsoft.NET') > $null | |
$pathExclusions.Add('C:\Windows\assembly') > $null | |
$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio') > $null | |
$pathExclusions.Add('C:\ProgramData\Microsoft\VisualStudio\Packages') > $null | |
$pathExclusions.Add('C:\Program Files (x86)\MSBuild') > $null | |
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 14.0') > $null | |
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 10.0') > $null | |
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio') > $null | |
$pathExclusions.Add('C:\Program Files (x86)\Microsoft SDKs\NuGetPackages') > $null | |
$pathExclusions.Add('C:\Program Files (x86)\Microsoft SDKs') > $null | |
$processExclusions.Add('devenv.exe') > $null | |
$processExclusions.Add('dotnet.exe') > $null | |
$processExclusions.Add('msbuild.exe') > $null | |
$processExclusions.Add('node.exe') > $null | |
$processExclusions.Add('node.js') > $null | |
$processExclusions.Add('perfwatson2.exe') > $null | |
$processExclusions.Add('ServiceHub.Host.Node.x86.exe') > $null | |
$processExclusions.Add('vbcscompiler.exe') > $null | |
$processExclusions.Add('testhost.exe') > $null | |
$processExclusions.Add('datacollector.exe') > $null | |
$processExclusions.Add('IntelliTrace.exe') > $null | |
$processExclusions.Add('CodeCoverage.exe') > $null | |
foreach ($exclusion in $pathExclusions) | |
{ | |
Write-Host "Adding Path Exclusion: " $exclusion | |
Add-MpPreference -ExclusionPath $exclusion | |
} | |
foreach ($exclusion in $processExclusions) | |
{ | |
Write-Host "Adding Process Exclusion: " $exclusion | |
Add-MpPreference -ExclusionProcess $exclusion | |
} | |
Write-Host "" | |
Write-Host "Your Exclusions:" | |
$prefs = Get-MpPreference | |
$prefs.ExclusionPath | |
$prefs.ExclusionProcess |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment