search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.87k stars 148 forks source link

[Bug]: Set-MpPreference: A parameter cannot be found #252

Closed JuliusBairaktaris closed 6 months ago

JuliusBairaktaris commented 6 months ago

Tools category

Harden Windows Security Module

Does your system meet the requirements?

Is your Windows installation genuine?

Please explain the bug

Hey, I just installed Windows 11 Pro on a new laptop and I am getting the following errors. Running e.g. Set-MpPreference -OobeEnableRtpAndSigUpdate $True works though.

Run Microsoft Defender category ?
1: Yes
2: No
3: Exit
Select an option: 1
Set-MpPreference: A parameter cannot be found that matches parameter name 'OobeEnableRtpAndSigUpdate'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'IntelTDTEnabled'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'PerformanceModeStatus'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'EnableConvertWarnToBlock'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'BruteForceProtectionAggressiveness'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'BruteForceProtectionConfiguredState'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'BruteForceProtectionMaxBlockTime'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'RemoteEncryptionProtectionAggressiveness'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'RemoteEncryptionProtectionConfiguredState'.
Set-MpPreference: A parameter cannot be found that matches parameter name 'RemoteEncryptionProtectionMaxBlockTime'.

Kind regards

HotCakeX commented 6 months ago

Hi, You just have to restart one more time after updating the OS to the latest version and the new Defender features will become available :)

Please see this issue which is about the same thing: https://github.com/HotCakeX/Harden-Windows-Security/issues/216#issuecomment-1987243870

The reason is that the features aren't included in the default 22H2/23H2 images and come from subsequent updates, an extra restart takes care of them and activates them.

Once build 24H2 is released, these PowerShell cmdlets will join the rest of the Defender configurations in Group Policy.

JuliusBairaktaris commented 6 months ago

Restarting three times did the trick. Thanks!

HotCakeX commented 6 months ago

Great, you're welcome! i think i should check for the availability of the parameters first and prompt the user about restarting again in case they are not available.

The minimum build check already takes care of making sure the feature is available in the build, but this new check will make sure system has been restarted enough times for it to be actually available.

I always test my stuff on Azure VMs too and every time i start a new 22H2 or 23H2 VM they all have the parameters available already so that made me think the need for extra restart after Windows update wasn't necessary anymore.

HotCakeX commented 6 months ago

@JuliusBairaktaris Hello, I just released an update for the Harden Windows Security module and script that detects the available parameters of the Microsoft Defender and if any of them is unavailable, displays a message about restarting the system to make them available, so there will no longer be an error for it.

https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.4.1