From 747b30e0a783a4240851b4505126540905002dad Mon Sep 17 00:00:00 2001 From: Florian Hopfner Date: Tue, 28 Nov 2023 19:08:14 +0100 Subject: [PATCH] update windows defender rules fixes #782 --- .../add-d365windowsdefenderrules.ps1 | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/d365fo.tools/functions/add-d365windowsdefenderrules.ps1 b/d365fo.tools/functions/add-d365windowsdefenderrules.ps1 index b7d5ca19..b37342ac 100644 --- a/d365fo.tools/functions/add-d365windowsdefenderrules.ps1 +++ b/d365fo.tools/functions/add-d365windowsdefenderrules.ps1 @@ -62,10 +62,22 @@ function Add-D365WindowsDefenderRules { Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\Extensions\TestPlatform\testhost.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\devenv.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\qtagent32_40.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\Extensions\TestPlatform\testhost.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.console.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\devenv.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\qtagent32_40.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\Extensions\TestPlatform\testhost.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.console.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\devenv.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\qtagent32_40.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\Extensions\TestPlatform\testhost.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.console.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\qtagent32_40.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\Extensions\TestPlatform\testhost.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.console.exe" Add-MpPreference -ExclusionProcess "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" Add-MpPreference -ExclusionProcess "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" Add-MpPreference -ExclusionProcess "C:\Program Files (x86)\MSBuild\14.0\Bin\MSBuild.exe" @@ -73,15 +85,27 @@ function Add-D365WindowsDefenderRules { # customize path for cloud machines Add-MpPreference -ExclusionProcess "$Script:BinDir\xppcAgent.exe" Add-MpPreference -ExclusionProcess "$Script:BinDir\SyncEngine.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\LabelC.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\SyncEngine.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\xppbp.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\xppc.dll" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\xppc.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\xppcAgent.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\xppcAgent.17.0.exe" + Add-MpPreference -ExclusionProcess "$Script:BinDir\bin\xpppfagen.exe" Add-MpPreference -ExclusionProcess "$AOSPath\Batch.exe" Add-MpPreference -ExclusionProcess "$AOSPath\xppc.exe" Add-MpPreference -ExclusionProcess "$AOSPath\LabelC.exe" # add SQLServer Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft SQL Server\130\LocalDB\Binn\sqlservr.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft SQL Server\150\LocalDB\Binn\sqlservr.exe" Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" + Add-MpPreference -ExclusionProcess "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" # add IIS and IISExpress Add-MpPreference -ExclusionProcess "C:\Windows\System32\inetsrv\w3wp.exe" Add-MpPreference -ExclusionProcess "C:\Program Files\IIS Express\iisexpress.exe" + # add Git + Add-MpPreference -ExclusionProcess "C:\Program Files\Git\cmd\git.exe" #Compile kicks off the defender. Exclude base path to AOS helps on that. Add-MpPreference -ExclusionPath $AOSServicePath @@ -90,6 +114,7 @@ function Add-D365WindowsDefenderRules { Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Visual Studio 10.0" Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Visual Studio 14.0" Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Microsoft Visual Studio" + Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Visual Studio" Add-MpPreference -ExclusionPath "C:\Windows\assembly" Add-MpPreference -ExclusionPath "C:\Windows\Microsoft.NET" Add-MpPreference -ExclusionPath "C:\Program Files (x86)\MSBuild" @@ -111,6 +136,13 @@ function Add-D365WindowsDefenderRules { Add-MpPreference -ExclusionPath "$Env:USERPROFILE\AppData\Local\Microsoft\VisualStudio" Add-MpPreference -ExclusionPath "$Env:USERPROFILE\AppData\Local\Microsoft\WebsiteCache" Add-MpPreference -ExclusionPath "$Env:USERPROFILE\AppData\Roaming\Microsoft\VisualStudio" + + # Extensions + Add-MpPreference -ExclusionExtension "md" + Add-MpPreference -ExclusionExtension "man" + Add-MpPreference -ExclusionExtension "xml" + Add-MpPreference -ExclusionExtension "xpp" + Add-MpPreference -ExclusionExtension "netmodule" } catch { Write-PSFMessage -Level Host -Message "Something went wrong while configuring Windows Defender rules." -Exception $PSItem.Exception