[Windows] Ensure MDE is not setup (#12544)

2025-12-10 02:46:51 +00:00 · 2025-07-14 16:02:48 +02:00
parent 943d2a87d3
commit c97170d762
4 changed files with 32 additions and 3 deletions
--- a/images/windows/scripts/build/Post-Build-Validation.ps1
+++ b/images/windows/scripts/build/Post-Build-Validation.ps1
@@ -0,0 +1,26 @@
+################################################################################
+##  File:  post-build-validation.sh
+##  Desc:  Validate different aspects of the image after build
+################################################################################
+
+Write-Host "Test Microsoft Defender not set up using 'sc query sense'"
+$response =  sc query sense
+foreach ($item in $response) {
+    if ($item -match "STATE") {
+        $state = $item.Split(":")[1].Trim()
+        if ($state -notmatch "RUNNING") {
+            Write-Host "MDE is not running"
+        } else {
+            Write-Host "MDE is running"
+            exit 1
+        }
+    }
+}
+
+Write-Host "Test Microsoft Defender not set up by checking for the MDE extension"
+if (Test-Path -Path "C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows") {
+    Write-Error "MDE extension detected, MDE is more likely installed on the system"
+    exit 1
+} else {
+    Write-Host "MDE is not setup on the system"
+}
--- a/images/windows/templates/build.windows-2019.pkr.hcl
+++ b/images/windows/templates/build.windows-2019.pkr.hcl
@@ -263,7 +263,8 @@ build {
    scripts          = [
      "${path.root}/../scripts/build/Install-NativeImages.ps1",
      "${path.root}/../scripts/build/Configure-System.ps1",
-      "${path.root}/../scripts/build/Configure-User.ps1"
+      "${path.root}/../scripts/build/Configure-User.ps1",
+      "${path.root}/../scripts/build/Post-Build-Validation.ps1"
    ]
    skip_clean       = true
  }
--- a/images/windows/templates/build.windows-2022.pkr.hcl
+++ b/images/windows/templates/build.windows-2022.pkr.hcl
@@ -258,7 +258,8 @@ build {
    scripts          = [
      "${path.root}/../scripts/build/Install-NativeImages.ps1",
      "${path.root}/../scripts/build/Configure-System.ps1",
-      "${path.root}/../scripts/build/Configure-User.ps1"
+      "${path.root}/../scripts/build/Configure-User.ps1",
+      "${path.root}/../scripts/build/Post-Build-Validation.ps1"
    ]
    skip_clean       = true
  }
--- a/images/windows/templates/build.windows-2025.pkr.hcl
+++ b/images/windows/templates/build.windows-2025.pkr.hcl
@@ -250,7 +250,8 @@ provisioner "powershell" {
    scripts          = [
      "${path.root}/../scripts/build/Install-NativeImages.ps1",
      "${path.root}/../scripts/build/Configure-System.ps1",
-      "${path.root}/../scripts/build/Configure-User.ps1"
+      "${path.root}/../scripts/build/Configure-User.ps1",
+      "${path.root}/../scripts/build/Post-Build-Validation.ps1"
    ]
    skip_clean       = true
  }