Open snohio opened 2 years ago
Looking at the original Enhancement Issue - it was called out to configure both but it wasn't implemented that way.
Ok.. The more I look at this.. The command DisableIOAVProtection
relates to IOfficeAntivirus which seems to relate more to Internet Explorer and other Office apps that utilize Defender as the AV tool. I do not see how anyone that is implementing this as an option is getting the output that they desire. I'd almost go as far and say it's a bug.
Userstory
As a user of Chef and the Defender resource, the item that this resource changes should be
DisableRealtimeMonitoring
and notDisableIOAVProtection
so that my cookbook can turn off Realtime Monitoring.More Details and some opinionate input
What I am trying to do is disable the Defender Realtime Monitoring wrapped around an install that is quite intensive. The command in Powershell to do this is
Set-MpPreference -DisableRealtimeMonitoring 1
I think some of this is a word mapping issue. As we call it in our resource
realtime_protection
and as it is called in Windows, eitherDisableRealtimeMonitoring
orDisableIOAVProtection
. The former will stop Defender (Microsoft Security) from realtime scanning of the happening on the OS. The latter changes the Tamper Protection settings.Because
realtime_protection
has been a thing already, I'm not sure that we can actually change what it actually does so maybe I'd propose adding a new function of the resource calledrealtime_monitoring
and align that withDisableRealtimeMonitoring
.Line Reference
https://github.com/chef/chef/blob/eca272d679b7cd0c5b155c641945e1c852776e28/lib/chef/resource/windows_defender.rb#L102 https://github.com/chef/chef/blob/eca272d679b7cd0c5b155c641945e1c852776e28/lib/chef/resource/windows_defender.rb#L136
as documented:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide
DISCUSS
I'd love to have a discussion on this with folks if it would help. Please reach out in Comments!