Disable Defender via PowerShell (#2110)

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
2022-09-01 11:29:22 -06:00
parent d2f318c7c2
commit 98fb4c74af
1 changed files with 17 additions and 0 deletions
@@ -727,4 +727,21 @@ atomic_tests:
      Remove-ItemProperty "HKLM:\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultDomainName -Force -ErrorAction Ignore
      Remove-ItemProperty "HKLM:\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name DefaultPassword -Force -ErrorAction Ignore
    name: powershell
+    elevation_required: true
+- name: Disable Windows Defender with PwSh Disable-WindowsOptionalFeature
+  description: | 
+    The following Atomic will attempt to disable Windows-Defender using the built in PowerShell cmdlet Disable-WindowsOptionalFeature, Deployment Image Servicing and Management tool. 
+    Similar to DISM.exe, this cmdlet is used to enumerate, install, uninstall, configure, and update features and packages in Windows images.
+    A successful execution will not standard-out any details. Remove the quiet switch if verbosity is needed.
+    This method will remove Defender and it's packages.
+    Reference: https://docs.microsoft.com/en-us/powershell/module/dism/disable-windowsoptionalfeature?view=windowsserver2022-ps
+  supported_platforms:
+  - windows
+  executor:
+    command: |-
+      Disable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender-Gui" -NoRestart -ErrorAction Ignore
+      Disable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender-Features" -NoRestart -ErrorAction Ignore
+      Disable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender" -NoRestart -ErrorAction Ignore
+      Disable-WindowsOptionalFeature -Online -FeatureName "Windows-Defender-ApplicationGuard" -NoRestart -ErrorAction Ignore
+    name: powershell 
    elevation_required: true