Efo74 3 Posted May 21, 2017 I don't know why this example script not work. It returns 0 but the state of Windows Defender (Windows 10 - 15063) is not change. If I lauch the ps1 file form elevate cmd prompt it works well. Can someone help me ? Windefender.au3 Hide Efo74's signature Hide all signatures :rolleyes: Share this post Link to post Share on other sites
Subz 621 Posted May 21, 2017 Can you test running compiled as x64? Share this post Link to post Share on other sites
iamtheky 898 Posted May 21, 2017 (edited) why aren't you just running the command? The writing of the .ps1 file seems like an unnecessary step (and additional item to troubleshoot) for a one liner. also that's a peculiar selection for executionpolicy for a file that will exist relative to the script. Are these methods satisfying external requirements, or just kept because they worked? Edited May 21, 2017 by iamtheky Hide iamtheky's signature Hide all signatures ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Share this post Link to post Share on other sites
Efo74 3 Posted May 21, 2017 Than you for the suggestion, the script compiled x64 is working. Hide Efo74's signature Hide all signatures :rolleyes: Share this post Link to post Share on other sites
Efo74 3 Posted May 21, 2017 iamtheky: I was doing tests because none of the methods I tested worked. Is there a way to compile script in 32bit mode (but launch in 64 bit enviroment) and execute correctly powershell commands ?? Hide Efo74's signature Hide all signatures :rolleyes: Share this post Link to post Share on other sites
iamtheky 898 Posted May 21, 2017 yes, turn off wow64FS redirection then just something like the following pseudocode... _WinAPI_Wow64EnableWow64FsRedirection ( FALSE ) FUNC _ENABLE_DISABLE_MONITOR($flag) $flag = TRUE ? run(powershell -command Set-MpPreference -DisableRealtimeMonitoring 0) : run(powershell -command Set-MpPreference -DisableRealtimeMonitoring 1) ENDFUNC Hide iamtheky's signature Hide all signatures ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Share this post Link to post Share on other sites
iamtheky 898 Posted May 21, 2017 (edited) This works on my WIN10 x64 box #include<winapifiles.au3> #RequireAdmin _WinAPI_Wow64EnableWow64FsRedirection ( FALSE ) _ENABLE_DISABLE_MONITOR(TRUE) FUNC _ENABLE_DISABLE_MONITOR($flag) $x = $flag = TRUE ? run('powershell -command "Set-MpPreference -DisableRealtimeMonitoring 0"') : run('powershell -command "Set-MpPreference -DisableRealtimeMonitoring 1"') ENDFUNC Edited May 21, 2017 by iamtheky Hide iamtheky's signature Hide all signatures ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Share this post Link to post Share on other sites
Efo74 3 Posted May 21, 2017 Thank you very much iamtheky, it works very well. I modify my script like this Windefender.au3 Hide Efo74's signature Hide all signatures :rolleyes: Share this post Link to post Share on other sites
iamtheky 898 Posted May 21, 2017 Thats still a lot of writing a file and running a ps1 instead of just running the command? why is that? Hide iamtheky's signature Hide all signatures ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Share this post Link to post Share on other sites
