gistfile1.txt

#!/bin/bash

ERROR=0

# Check to see if Microsoft Defender's tamper protection is enabled.
#
# If tamper protection is turned on, a message will be displayed followed
# by the script exiting before proceeding to the uninstall functions of
# the script.

# Verify that the following tool is installed and executable:
#
# /usr/local/bin/mdatp

if [[ -x "/usr/local/bin/mdatp" ]]; then

   # If the mdatp is installed, Defender's Tamper protection's
   # status is checked by running the following command:
   #
   # /usr/local/bin/mdatp" health --field tamper_protection
   #
   # The output of this command will then be checked against the value stored
   # in the tamper_protection_enabled_keyword variable.
   #
   # There are three possible keywords that can be returned by this command:
   #
   # disabled - tamper protection is completely off.
   # audit - tampering operations are logged, but not blocked.
   # block - tamper protection is on, tampering operations are blocked.
   #
   # The tamper_protection_enabled_keyword variable will store the keyword
   # currently being used by Defender, in case Microsoft chooses to change
   # the keywords in future versions of Defender.
   
   tamper_protection_enabled="$("/usr/local/bin/mdatp" health --field tamper_protection | awk '{print $1}' | tr -d '"')"
   tamper_protection_enabled_keyword="block"
   if [[ "$tamper_protection_enabled" == "$tamper_protection_enabled_keyword" ]]; then
      /usr/bin/osascript -e 'display dialog "Tamper protection for Microsoft Defender is enabled." & "\n" & "\nDefender cannot be uninstalled while tamper protection is turned on."& "\n" & "\nFor more information, please contact the helpdesk."buttons {"Understood"} default button 1 with icon Caution'
      exit "$ERROR"
   fi
fi