Open jessefmoore opened 3 weeks ago
This is on Win11 Using Ludus version 1.5.0
TASK [PrymalInstynct.ludus_atomic_red_team : Disable Defender 1] *** fatal: [SP-win11-7]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "", "category": "ParserError", "category_id": 17, "reason": "ParentContainsErrorRecordException", "target_name": "", "target_type": ""}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233087, "inner_exception": null, "message": "At line:1 char:1\r\n+ Add-MpPreference -ExclusionPath 'C:\'\r\n+ ~~~~~~~\nThis script contains malicious content and has been blocked by your antivirus software.", "source": null, "type": "System.Management.Automation.ParentContainsErrorRecordException"}, "fully_qualified_error_id": "ScriptContainedMaliciousContent", "output": "At line:1 char:1\r\n+ Add-MpPreference -ExclusionPath 'C:\'\r\n+ ~~~~~~~~~~~\r\nThis script contains malicious content and has been blocked by your antivirus software.\r\n + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException\r\n + FullyQualifiedErrorId : ScriptContainedMaliciousContent\r\n \r\n", "pipeline_iteration_info": [], "script_stack_trace": "", "target_object": null}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}
Add this---> Add-MpPreference -ExclusionPath C:\AtomicRedTeam\
Powershell profile can not load due to scripts are not allowed to run. Need to add this---> Set-ExecutionPolicy Bypass -Force -ErrorAction Ignore
Also the Import-Module fails due to no Powershell-yaml Need to add this ---> Install-Module powershell-yaml -Force -ErrorAction Ignore
Thanks for reporting, I haven't circled back to this role since I put it together and honestly won't have cycles to resolve the issues for a while. Feel free to submit a PR if you like and I can integrate it.
This is on Win11 Using Ludus version 1.5.0
TASK [PrymalInstynct.ludus_atomic_red_team : Disable Defender 1] *** fatal: [SP-win11-7]: FAILED! => {"changed": true, "debug": [], "error": [{"category_info": {"activity": "", "category": "ParserError", "category_id": 17, "reason": "ParentContainsErrorRecordException", "target_name": "", "target_type": ""}, "error_details": null, "exception": {"help_link": null, "hresult": -2146233087, "inner_exception": null, "message": "At line:1 char:1\r\n+ Add-MpPreference -ExclusionPath 'C:\'\r\n+
~~~~~~~\nThis script contains malicious content and has been blocked by your antivirus software.", "source": null, "type": "System.Management.Automation.ParentContainsErrorRecordException"}, "fully_qualified_error_id": "ScriptContainedMaliciousContent", "output": "At line:1 char:1\r\n+ Add-MpPreference -ExclusionPath 'C:\'\r\n+ ~~~~~~~~~~~\r\nThis script contains malicious content and has been blocked by your antivirus software.\r\n + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException\r\n + FullyQualifiedErrorId : ScriptContainedMaliciousContent\r\n \r\n", "pipeline_iteration_info": [], "script_stack_trace": "", "target_object": null}], "host_err": "", "host_out": "", "information": [], "output": [], "result": {}, "verbose": [], "warning": []}Add this---> Add-MpPreference -ExclusionPath C:\AtomicRedTeam\
Powershell profile can not load due to scripts are not allowed to run. Need to add this---> Set-ExecutionPolicy Bypass -Force -ErrorAction Ignore
Also the Import-Module fails due to no Powershell-yaml Need to add this ---> Install-Module powershell-yaml -Force -ErrorAction Ignore