TuemmlerKelch
commented
1 month ago @SteffenWinternheimer I checked the code and it's working now. However, we still see two more errors we need to catch.
Basically we need to make sure ASR rules are skipped if no defender module is present. I believe we should make sure that Windefrunning check (line 551) is the first we do in SBD-022.
Operating System
Microsoft Windows Server 2022
Report Name
Microsoft Windows Server 2022
Benchmark and ID (OPTIONAL)
No response
What happened?
Report generation fails once function CheckWindefRunning is called. Error message is highly misleading and will be fixed in a different issue, which I will open soon.
The report will check for license, go through the cis checks (as apprently they do not utilize this function; we will need to add this in form of an enhancement) and then state the reportname was wrong.
Please add a check for module presence. If the module is non-existent, we will rate this as Windows Defender not being in a running state. For this, we need to check for existence of at least one of the following modules: Defender (deprecated) OR ConfigDefender
Please also note, that with Ticket #519 we added some checks for required modules. So this should go in line. (Might reconsider moving this away from ATAPAuditor.psm1 and relocating that to the helpers)
What did you expect?
Either continuing with errors, or an error message that would actually hint at the specific command not being found.
Current Version?
I used the latest official release.