From 9b3924a23d947d636da1691f70b26230d174ddae Mon Sep 17 00:00:00 2001
From: Dibir Magomedsaygitov
 <61747324+dibir-magomedsaygitov@users.noreply.github.com>
Date: Tue, 24 Mar 2020 09:17:38 +0300
Subject: [PATCH] Move "Run-Antivirus" step outside of image-generation (#574)

* Move "Run-Antivirus" step outside of image-generation

Co-authored-by: Dibir Magomedsaygitov <v-dimago@microsoft.com>
---
 images/win/Windows2016-Azure.json             | 12 +++++++-
 images/win/Windows2019-Azure.json             | 12 +++++++-
 .../Installers/Configure-Antivirus.ps1        |  2 ++
 .../win/scripts/Installers/Run-Antivirus.ps1  | 30 +++++++++++++++++++
 .../Installers/Windows2016/Run-Antivirus.ps1  | 19 ------------
 .../Installers/Windows2019/Run-Antivirus.ps1  | 27 -----------------
 6 files changed, 54 insertions(+), 48 deletions(-)
 create mode 100644 images/win/scripts/Installers/Configure-Antivirus.ps1
 create mode 100644 images/win/scripts/Installers/Run-Antivirus.ps1
 delete mode 100644 images/win/scripts/Installers/Windows2016/Run-Antivirus.ps1
 delete mode 100644 images/win/scripts/Installers/Windows2019/Run-Antivirus.ps1

diff --git a/images/win/Windows2016-Azure.json b/images/win/Windows2016-Azure.json
index 16d9cea88..2d5f86f0a 100644
--- a/images/win/Windows2016-Azure.json
+++ b/images/win/Windows2016-Azure.json
@@ -15,6 +15,7 @@
         "virtual_network_subnet_name": "{{env `VNET_SUBNET`}}",
         "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
         "vm_size": "Standard_DS4_v2",
+        "run_scan_antivirus": "false",
 
         "root_folder": "C:",
         "image_folder": "C:\\image",
@@ -876,8 +877,17 @@
         },
         {
             "type": "powershell",
+            "environment_vars":[
+                "RUN_SCAN_ANTIVIRUS={{user `run_scan_antivirus`}}"
+            ],
             "scripts":[
-                "{{ template_dir }}/scripts/Installers/Windows2016/Run-Antivirus.ps1"
+                "{{ template_dir }}/scripts/Installers/Run-Antivirus.ps1"
+            ]
+        },
+        {
+            "type": "powershell",
+            "scripts":[
+                "{{ template_dir }}/scripts/Installers/Configure-Antivirus.ps1"
             ]
         },
         {
diff --git a/images/win/Windows2019-Azure.json b/images/win/Windows2019-Azure.json
index 8c9aa7a24..5c7be897d 100644
--- a/images/win/Windows2019-Azure.json
+++ b/images/win/Windows2019-Azure.json
@@ -15,6 +15,7 @@
         "virtual_network_subnet_name": "{{env `VNET_SUBNET`}}",
         "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
         "vm_size": "Standard_DS4_v2",
+        "run_scan_antivirus": "false",
 
         "root_folder": "C:",
         "image_folder": "C:\\image",
@@ -869,8 +870,17 @@
         },
         {
             "type": "powershell",
+            "environment_vars":[
+                "RUN_SCAN_ANTIVIRUS={{user `run_scan_antivirus`}}"
+            ],
             "scripts":[
-                "{{ template_dir }}/scripts/Installers/Windows2019/Run-Antivirus.ps1"
+                "{{ template_dir }}/scripts/Installers/Run-Antivirus.ps1"
+            ]
+        },
+        {
+            "type": "powershell",
+            "scripts":[
+                "{{ template_dir }}/scripts/Installers/Configure-Antivirus.ps1"
             ]
         },
         {
diff --git a/images/win/scripts/Installers/Configure-Antivirus.ps1 b/images/win/scripts/Installers/Configure-Antivirus.ps1
new file mode 100644
index 000000000..650d3a982
--- /dev/null
+++ b/images/win/scripts/Installers/Configure-Antivirus.ps1
@@ -0,0 +1,2 @@
+Write-Host "Set antivirus parameters"
+Set-MpPreference -ScanAvgCPULoadFactor 5 -ExclusionPath "D:\", "C:\"
\ No newline at end of file
diff --git a/images/win/scripts/Installers/Run-Antivirus.ps1 b/images/win/scripts/Installers/Run-Antivirus.ps1
new file mode 100644
index 000000000..7993146ae
--- /dev/null
+++ b/images/win/scripts/Installers/Run-Antivirus.ps1
@@ -0,0 +1,30 @@
+################################################################################
+##  File:  Run-Antivirus.ps1
+##  Desc:  Run a full antivirus scan.
+##         Run right after cleanup before we sysprep
+################################################################################
+
+if ($env:run_scan_antivirus -eq $true) {
+    try {
+        Update-MpSignature
+    }
+    catch {
+        Write-Host "Some error was found"
+        Write-Host $_
+    }
+
+    Write-Host "Make sure windefend is going to start"
+    Start-Service windefend -ErrorAction Continue
+    Write-Host "Waiting for windefend to report as running"
+    $service = Get-Service "Windefend"
+    $service.WaitForStatus("Running","00:10:00")
+
+    Write-Host "Run antivirus"
+    # Tell Defender to use 100% of the CPU during the scan
+    Set-MpPreference -ScanAvgCPULoadFactor 100
+    # Full Scan
+    Start-Process -FilePath "C:\Program Files\Windows Defender\MpCmdRun.exe" -ArgumentList ("-Scan","-ScanType", 2) -Wait
+}
+else {
+    Write-Host "Scanning process has been skipped"
+}
\ No newline at end of file
diff --git a/images/win/scripts/Installers/Windows2016/Run-Antivirus.ps1 b/images/win/scripts/Installers/Windows2016/Run-Antivirus.ps1
deleted file mode 100644
index 77b3b2bc9..000000000
--- a/images/win/scripts/Installers/Windows2016/Run-Antivirus.ps1
+++ /dev/null
@@ -1,19 +0,0 @@
-################################################################################
-##  File:  Run-Antivirus.ps1
-##  Desc:  Run a full antivirus scan.
-##         Run right after cleanup before we sysprep
-################################################################################
-
-Write-Host "Run antivirus"
-Push-Location "C:\Program Files\Windows Defender"
-
-# Tell Defender to use 100% of the CPU during the scan
-Set-MpPreference -ScanAvgCPULoadFactor 100
-
-# Full Scan
-.\MpCmdRun.exe -Scan -ScanType 2
-Pop-Location
-
-Write-Host "Set antivirus parmeters"
-Set-MpPreference -ScanAvgCPULoadFactor 5 `
-                 -ExclusionPath "D:\", "C:\"
diff --git a/images/win/scripts/Installers/Windows2019/Run-Antivirus.ps1 b/images/win/scripts/Installers/Windows2019/Run-Antivirus.ps1
deleted file mode 100644
index e38126af0..000000000
--- a/images/win/scripts/Installers/Windows2019/Run-Antivirus.ps1
+++ /dev/null
@@ -1,27 +0,0 @@
-################################################################################
-##  File:  Run-Antivirus.ps1
-##  Desc:  Run a full antivirus scan.
-##         Run right after cleanup before we sysprep
-################################################################################
-
-Write-Host "Make sure windefend is going to start"
-Start-Service windefend -ErrorAction Continue
-
-Write-Host "Waiting for windefend to report as running"
-$service = Get-Service "Windefend"
-$service.WaitForStatus("Running","00:10:00")
-
-Write-Host "Run antivirus"
-Push-Location "C:\Program Files\Windows Defender"
-
-# Tell Defender to use 100% of the CPU during the scan
-Set-MpPreference -ScanAvgCPULoadFactor 100
-
-# Full Scan
-.\MpCmdRun.exe -Scan -ScanType 2
-Pop-Location
-
-Update-MpSignature
-Write-Host "Set antivirus parmeters"
-Set-MpPreference -ScanAvgCPULoadFactor 5 `
-                 -ExclusionPath "D:\", "C:\"