security - defender improvements

melo936 · melo936 · commit 697a9e67cda6 · 2024-05-22T13:28:47.000+04:00
- better package status cheking if a package installed with errors
- disable MDCoreSvc after DisableAntiSpyware
- run enableDefender when uninstalling defender package
diff --git a/lib/commands/win_package_command.dart b/lib/commands/win_package_command.dart
@@ -77,6 +77,9 @@ class WindowsPackageCommand extends Command<String> {
 
   Future<void> _uninstallPackage(final WinPackageType packageType) async {
     stdout.writeln('$tag Uninstalling package: ${packageType.packageName}');
+    if (packageType == WinPackageType.defenderRemoval) {
+      await _securityService.enableDefender();
+    }
     await _winPackageService.uninstallPackage(packageType);
   }
 }
diff --git a/lib/services/security_service.dart b/lib/services/security_service.dart
@@ -91,6 +91,9 @@ class SecurityService implements SetupService {
       await _shell.run(
           'start /WAIT /MIN /B "" "%systemroot%\\System32\\gpupdate.exe" /Target:Computer /Force');
 
+      await _shell.run(
+          '"$directoryExe\\MinSudo.exe" --NoLogo --TrustedInstaller reg add "HKLM\\System\\ControlSet001\\Services\\MDCoreSvc" /v Start /t REG_DWORD /d 2 /f');
+
       RegistryUtilsService.writeString(
           Registry.localMachine,
           r'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',
@@ -128,6 +131,14 @@ class SecurityService implements SetupService {
     await _shell.run(
         '"$directoryExe\\MinSudo.exe" --NoLogo --TrustedInstaller reg add "HKLM\\SOFTWARE\\Microsoft\\Windows Defender" /v DisableAntiVirus /t REG_DWORD /d 1 /f');
 
+    await _shell.run(
+        '"$directoryExe\\MinSudo.exe" --NoLogo --TrustedInstaller reg add "HKLM\\System\\ControlSet001\\Services\\MDCoreSvc" /v Start /t REG_DWORD /d 4 /f');
+
+    RegistryUtilsService.deleteValue(
+        Registry.localMachine,
+        r'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',
+        'RevisionEnableDefenderCMD');
+
     await _winPackageService.installPackage(WinPackageType.defenderRemoval);
   }
 
diff --git a/lib/services/win_package_service.dart b/lib/services/win_package_service.dart
@@ -40,11 +40,15 @@ class WinPackageService {
             .lastWhereOrNull(
                 (final element) => element.startsWith(packageType.packageName));
 
+    if (key == null) {
+      return false;
+    }
+
+    final int currentState = RegistryUtilsService.readInt(
+        RegistryHive.localMachine, cbsPackagesRegPath + key, 'CurrentState')!;
+
     // installation codes - https://forums.ivanti.com/s/article/Understand-Patch-installation-failure-codes?language=en_US
-    return key != null &&
-        RegistryUtilsService.readInt(RegistryHive.localMachine,
-                cbsPackagesRegPath + key, 'CurrentState') !=
-            5;
+    return currentState != 5 || currentState != 4294967264;
   }
 
   Future<void> downloadPackage(final WinPackageType packageType) async {

Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,9 @@ class WindowsPackageCommand extends Command<String> {`
`77`	`77`
`78`	`78`	`Future<void> _uninstallPackage(final WinPackageType packageType) async {`
`79`	`79`	`stdout.writeln('$tag Uninstalling package: ${packageType.packageName}');`
	`80`	`+ if (packageType == WinPackageType.defenderRemoval) {`
	`81`	`+ await _securityService.enableDefender();`
	`82`	`+ }`
`80`	`83`	`await _winPackageService.uninstallPackage(packageType);`
`81`	`84`	`}`
`82`	`85`	`}`