Skip to content

Instantly share code, notes, and snippets.

@altrive

altrive/Add-WindowsDefenderExclusionsPolicy.ps1

Last active June 21, 2023 18:14
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save altrive/5288707 to your computer and use it in GitHub Desktop.
Save altrive/5288707 to your computer and use it in GitHub Desktop.
Download ZIP
Add WindowsDefender exclusions policies for Windows 8 Hyper-V
Raw
readme.md

Summary

PowerShell script set WindowsDefender Exclusions policy. This script intended for using with Window 8 Hyper-V.

Note

WindowsDefender settings stored at "HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions" but this registry entry is protected, and it can't modify from script by default. Instead, This script WindowsDefender's policy registry entry at "HKLM:SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions"

Please note, policy settings can't removed WidowsDefender Console.

Usage

#Add WindowsDefender Policy
Add-WindowsDefenderExclusionsPolicy

#Need to Restart WindowsDefender to apply policy
#Remove WindowsDefender Policy
Remove-WindowsDefenderExclusionsPolicy

#Need to Remove entry from WindowsDefender Console
Raw
Add-WindowsDefenderExclusionsPolicy.ps1
function Add-WindowsDefenderExclusionsPolicy
{
$ErrorActionPreference="Stop"
Set-StrictMode -Version Latest
#Get Hyper-V Settings
$vmHost = Get-VMHost
#Default Exclusion Entries
$excludes = @{
Paths=@{
ProgramData = Join-Path $env:ProgramData "Microsoft\Windows\Hyper-V" -Resolve
VirtualHardDiskPath = $vmHost.VirtualHardDiskPath
VirtualMachinePath = $vmHost.VirtualMachinePath
}
Processes=@{
Vmms = Join-Path $env:WinDir "System32\vmms.exe" -Resolve
Vmwp = Join-Path $env:WinDir "System32\vmwp.exe" -Resolve
DISM = Join-Path $env:WinDir "System32\Dism.exe" -Resolve
}
Extensions=@{
}
}
#Add extra location(Note:Don't recommended to exclude %temp% directory.)
$excludes.Paths.TempPath = $env:Temp
$excludes.Paths.MediaPath = "D:\Shared\Images"
$excludes.Paths.WimTempPath = "I:\Windows"
$excludes.Paths.NetworkShare = "\\172.16.0.1\Shared\Images"
#TODO:Exclude %Temp%\{GUID}\DISMHost.exe that created when apply offline patch.
#Set Windows Defencer Policy
foreach($entry in $excludes.GetEnumerator())
{
$path = Join-Path "HKLM:SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" $entry.Key
#Create entry if not exist
if(!(Test-Path -Path $path)){
New-Item -Path $path –Force | Out-Null
}
#Set exclusion item
foreach($item in $entry.Value.GetEnumerator())
{
Set-ItemProperty -Path $path -Name $item.Value -Value 0 -Force
}
}
#Apply Policy
gpupdate | Out-Null
}
function Remove-WindowsDefenderExclusionsPolicy
{
$path = "HKLM:SOFTWARE\Policies\Microsoft\Windows Defender"
if(Test-Path -Path $path){
Remove-Item -Path $path -Recurse –Force
}
#Apply Policy
gpupdate | Out-Null
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment