예제 #1
0
 public WindowsDefenderDTO(WindowsDefenderSettings localSettings, WindowsDefenderSettings groupPolicySettings)
 {
     LocalSettings       = localSettings;
     GroupPolicySettings = groupPolicySettings;
 }
예제 #2
0
        void DisplayDefenderSettings(WindowsDefenderSettings settings)
        {
            var pathExclusions      = settings.PathExclusions;
            var processExclusions   = settings.ProcessExclusions;
            var extensionExclusions = settings.ExtensionExclusions;
            var asrSettings         = settings.AsrSettings;

            if (pathExclusions.Count != 0)
            {
                WriteLine("\n  Path Exclusions:");
                foreach (var path in pathExclusions)
                {
                    WriteLine($"    {path}");
                }
            }

            if (pathExclusions.Count != 0)
            {
                WriteLine("\n  PolicyManagerPathExclusions:");
                foreach (var path in pathExclusions)
                {
                    WriteLine($"    {path}");
                }
            }

            if (processExclusions.Count != 0)
            {
                WriteLine("\n  Process Exclusions");
                foreach (var process in processExclusions)
                {
                    WriteLine($"    {process}");
                }
            }

            if (extensionExclusions.Count != 0)
            {
                WriteLine("\n  Extension Exclusions");
                foreach (var ext in extensionExclusions)
                {
                    WriteLine($"    {ext}");
                }
            }

            if (asrSettings.Enabled)
            {
                WriteLine("\n  Attack Surface Reduction Rules:\n");

                WriteLine($"    {"State",-10} Rule\n");
                foreach (var rule in asrSettings.Rules)
                {
                    string state;
                    if (rule.State == 0)
                    {
                        state = "Disabled";
                    }
                    else if (rule.State == 1)
                    {
                        state = "Blocked";
                    }
                    else if (rule.State == 2)
                    {
                        state = "Audited";
                    }
                    else
                    {
                        state = $"{rule.State} - Unknown";
                    }

                    var asrRule = _AsrGuids.ContainsKey(rule.Rule.ToString())
                        ? _AsrGuids[rule.Rule.ToString()]
                        : $"{rule.Rule} - Please report this";

                    WriteLine($"    {state,-10} {asrRule}");
                }

                if (asrSettings.Exclusions.Count > 0)
                {
                    WriteLine("\n  ASR Exclusions:");
                    foreach (var exclusion in asrSettings.Exclusions)
                    {
                        WriteLine($"    {exclusion}");
                    }
                }
            }
        }