Last active
September 9, 2022 17:52
-
-
Save rtrouton/f709e78e2d9d9f51d8adeade492083cd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ERROR=0 | |
# Check to see if Microsoft Defender's tamper protection is enabled. | |
# | |
# If tamper protection is turned on, a message will be displayed followed | |
# by the script exiting before proceeding to the uninstall functions of | |
# the script. | |
# Verify that the following tool is installed and executable: | |
# | |
# /usr/local/bin/mdatp | |
if [[ -x "/usr/local/bin/mdatp" ]]; then | |
# If the mdatp is installed, Defender's Tamper protection's | |
# status is checked by running the following command: | |
# | |
# /usr/local/bin/mdatp" health --field tamper_protection | |
# | |
# The output of this command will then be checked against the value stored | |
# in the tamper_protection_enabled_keyword variable. | |
# | |
# There are three possible keywords that can be returned by this command: | |
# | |
# disabled - tamper protection is completely off. | |
# audit - tampering operations are logged, but not blocked. | |
# block - tamper protection is on, tampering operations are blocked. | |
# | |
# The tamper_protection_enabled_keyword variable will store the keyword | |
# currently being used by Defender, in case Microsoft chooses to change | |
# the keywords in future versions of Defender. | |
tamper_protection_enabled="$("/usr/local/bin/mdatp" health --field tamper_protection | awk '{print $1}' | tr -d '"')" | |
tamper_protection_enabled_keyword="block" | |
if [[ "$tamper_protection_enabled" == "$tamper_protection_enabled_keyword" ]]; then | |
/usr/bin/osascript -e 'display dialog "Tamper protection for Microsoft Defender is enabled." & "\n" & "\nDefender cannot be uninstalled while tamper protection is turned on."& "\n" & "\nFor more information, please contact the helpdesk."buttons {"Understood"} default button 1 with icon Caution' | |
exit "$ERROR" | |
fi | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment