mirror of
https://github.com/actions/runner-images.git
synced 2025-12-11 03:27:05 +00:00
42 lines
1.5 KiB
PowerShell
42 lines
1.5 KiB
PowerShell
Write-Host "Disable Windows Defender..."
|
|
$avPreference = @(
|
|
@{DisableArchiveScanning = $true}
|
|
@{DisableAutoExclusions = $true}
|
|
@{DisableBehaviorMonitoring = $true}
|
|
@{DisableBlockAtFirstSeen = $true}
|
|
@{DisableCatchupFullScan = $true}
|
|
@{DisableCatchupQuickScan = $true}
|
|
@{DisableIntrusionPreventionSystem = $true}
|
|
@{DisableIOAVProtection = $true}
|
|
@{DisablePrivacyMode = $true}
|
|
@{DisableScanningNetworkFiles = $true}
|
|
@{DisableScriptScanning = $true}
|
|
@{MAPSReporting = 0}
|
|
@{PUAProtection = 0}
|
|
@{SignatureDisableUpdateOnStartupWithoutEngine = $true}
|
|
@{SubmitSamplesConsent = 2}
|
|
@{ScanAvgCPULoadFactor = 5; ExclusionPath = @("D:\", "C:\")}
|
|
@{DisableRealtimeMonitoring = $true}
|
|
)
|
|
|
|
$avPreference += @(
|
|
@{EnableControlledFolderAccess = "Disable"}
|
|
@{EnableNetworkProtection = "Disabled"}
|
|
)
|
|
|
|
$avPreference | Foreach-Object {
|
|
$avParams = $_
|
|
Set-MpPreference @avParams
|
|
}
|
|
|
|
Write-Host "Disable Windows Defender scheduled tasks"
|
|
Get-ScheduledTask -TaskPath '\Microsoft\Windows\Windows Defender\' | Disable-ScheduledTask | Out-Null
|
|
|
|
# https://github.com/actions/virtual-environments/issues/4277
|
|
# https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide
|
|
$atpRegPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection'
|
|
if (Test-Path $atpRegPath) {
|
|
Write-Host "Set Microsoft Defender Antivirus to passive mode"
|
|
Set-ItemProperty -Path $atpRegPath -Name 'ForceDefenderPassiveMode' -Value '1' -Type 'DWORD'
|
|
}
|