[WIN10-v1903] Does not Disable Realtime Monitoring #1
Description
OS: Windows 10
Build: 1903
VBS script does not disable Realtime Monitoring. Even when using admin powershell prompt.
No AV only windows defender.
Tested again with SYSTEM powershell via PSEXEC, and it worked.
Also was able to Stop-Service WinDefend
After applying ONLY the VBS script. Is is unable to turn realtime monitoring off.
PS > Get-MpPreference
AttackSurfaceReductionOnlyExclusions :
AttackSurfaceReductionRules_Actions :
AttackSurfaceReductionRules_Ids :
CheckForSignaturesBeforeRunningScan : False
CloudBlockLevel : 0
CloudExtendedTimeout : 0
ComputerID : pomcwioemcowiecm-not-a-uuid-mofiwmeoifmwoef
ControlledFolderAccessAllowedApplications :
ControlledFolderAccessProtectedFolders :
DisableArchiveScanning : True
DisableAutoExclusions : False
DisableBehaviorMonitoring : True
DisableBlockAtFirstSeen : True
DisableCatchupFullScan : True
DisableCatchupQuickScan : True
DisableEmailScanning : True
DisableIntrusionPreventionSystem :
DisableIOAVProtection : False
DisablePrivacyMode : True
DisableRealtimeMonitoring : False
DisableRemovableDriveScanning : True
DisableRestorePoint : True
DisableScanningMappedNetworkDrivesForFullScan : True
DisableScanningNetworkFiles : False
DisableScriptScanning : True
EnableControlledFolderAccess : 0
EnableLowCpuPriority : False
EnableNetworkProtection : 0
ExclusionExtension :
ExclusionPath :
ExclusionProcess :
HighThreatDefaultAction : 6
LowThreatDefaultAction : 6
MAPSReporting : 0
ModerateThreatDefaultAction : 6
PUAProtection : 0
QuarantinePurgeItemsAfterDelay : 90
RandomizeScheduleTaskTimes : True
RealTimeScanDirection : 0
RemediationScheduleDay : 0
RemediationScheduleTime : 02:00:00
ReportingAdditionalActionTimeOut : 10080
ReportingCriticalFailureTimeOut : 10080
ReportingNonCriticalTimeOut : 1440
ScanAvgCPULoadFactor : 50
ScanOnlyIfIdleEnabled : True
ScanParameters : 1
ScanPurgeItemsAfterDelay : 15
ScanScheduleDay : 0
ScanScheduleQuickScanTime : 00:00:00
ScanScheduleTime : 02:00:00
SevereThreatDefaultAction : 6
SharedSignaturesPath :
SignatureAuGracePeriod : 0
SignatureDefinitionUpdateFileSharesSources :
SignatureDisableUpdateOnStartupWithoutEngine : True
SignatureFallbackOrder : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod : 120
SignatureScheduleDay : 8
SignatureScheduleTime : 01:45:00
SignatureUpdateCatchupInterval : 1
SignatureUpdateInterval : 0
SubmitSamplesConsent : 2
ThreatIDDefaultAction_Actions :
ThreatIDDefaultAction_Ids :
UILockdown : False
UnknownThreatDefaultAction : 0
PSComputerName :