markcor
commented
2 years ago We should test and make sure the schedule task works in changing those reg values, and then if that is the case it should be in the schedule task and not the bootstrap script. The bootstrap script was a hacky way to get around an issue earlier on.
There are 2 places where we're disabling defender:
https://github.com/mozilla-platform-ops/ronin_puppet/blob/cloud_windows/provisioners/windows/azure/azure-bootstrap.ps1
https://github.com/mozilla-platform-ops/ronin_puppet/blob/cloud_windows/modules/roles_profiles/manifests/profiles/disable_services.pp
We need to disable it within the bootstrap script.