AV / EDR Evasion
powershell Get-MpPreference | fl @{n='ExclusionProcess'; e={$_.ExclusionProcess|Out-String}}, @{n='ExclusionPath'; e={$_.ExclusionPath|Out-String}}, @{n='ExclusionExtension'; e={$_.ExclusionExtension|Out-String}}, @{n='ExclusionIpAddress'; e={$_.ExclusionIpAddress|Out-String}}, DisableRealtimeMonitoring, DisableBehaviorMonitoring, DisableEmailScanning, DisableIOAVProtection, DisableScriptScanningGet-WinEvent -LogName "Microsoft-Windows-Windows Defender/Operational" -FilterXPath "*[System[(EventID=5007)]]" | Where-Object { $_.Message -like "*exclusions\Path*" } | Select-Object Message | FLLinks
Last updated