From 6baa65885f28475f7c31ace95e83746b8f6dcc25 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 30 Sep 2024 19:18:13 +0200 Subject: [PATCH] Add more verbose output for Defender script #28 --- resource/disable-defender.vbs | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/resource/disable-defender.vbs b/resource/disable-defender.vbs index 2f933aa..b9be64f 100644 --- a/resource/disable-defender.vbs +++ b/resource/disable-defender.vbs @@ -1,6 +1,20 @@ +WScript.Echo "Scanning for newly created SYSTEM registry hive file to disable Windows Defender services..." Set fso = CreateObject( "Scripting.FileSystemObject" ) Set dic = CreateObject( "Scripting.Dictionary" ) initialized = false + +Function Execute( command ) + WScript.Echo "Running command '" + command + "'" + Set shell = CreateObject( "WScript.Shell" ) + Set exec = shell.Exec( command ) + Do While exec.Status = 0 + WScript.Sleep 100 + Loop + WScript.Echo exec.StdOut.ReadAll + WScript.Echo exec.StdErr.ReadAll + Execute = exec.ExitCode +End Function + Do For Each drive In fso.Drives If drive.IsReady Then @@ -15,12 +29,14 @@ Do ret = 1 Do WScript.Sleep 500 - ret = shell.Run( "reg.exe LOAD HKLM\mount " + file, 0, True ) + ret = Execute( "reg.exe LOAD HKLM\mount " + file ) Loop While ret > 0 For Each service In Array( "Sense", "WdBoot", "WdFilter", "WdNisDrv", "WdNisSvc", "WinDefend" ) - ret = shell.Run( "reg.exe ADD HKLM\mount\ControlSet001\Services\" + service + " /v Start /t REG_DWORD /d 4 /f", 0, True ) + ret = Execute( "reg.exe ADD HKLM\mount\ControlSet001\Services\" + service + " /v Start /t REG_DWORD /d 4 /f" ) Next - ret = shell.Run( "reg.exe UNLOAD HKLM\mount", 0, True ) + ret = Execute( "reg.exe UNLOAD HKLM\mount" ) + WScript.Echo "Found SYSTEM registry hive file at '" + file + "'. This window will now close." + WScript.Sleep 5000 Exit Do End If End If