I having been working on a Script for Defender
information. I have pretty much finished it except I just can NOT
seem to find the parameters for EACH of the below. By parameters, I mean for EXAMPLE 0=Disable, 1=Block, 2=Audit Mode
. Information on the Net is NOT
very forthcoming in respect to parameters for Get-MpComputerStatus:
or Get-MpPreference:
.
Get-MpComputerStatus:
Code:
DeviceControlDefaultEnforcement
DeviceControlState
TamperProtectionSource
TDT Mode
TDT Silo Type
TroubleShootingDailyMaxQuota
TroubleShootingDailyQuotaLeft
TroubleShootingMode
TroubleShootingModeSource
TroubleShootingQuotaResetTime
Get-MpPreference:
Code:
AttackSurfaceReductionRules_Actions
AttackSurfaceReductionRules_Actions
AttackSurfaceReductionRules_Ids
ControlledFolderAccessAllowedApplications
ControlledFolderAccessProtectedFolders
DefinitionUpdatesChannel
EngineUpdatesChannel
PlatformUpdatesChannel
SignatureBlobFileSharesSources
ThreatIDDefaultAction_Actions
ThreatIDDefaultAction_Ids
ThrottleForScheduledScanOnly
TrustLabelProtectionStatus
I think the below is . . .
0=Apply SIU [Security Intelligence Update], 1=Clean, 2=Quarantine, 3=Remove, 6=Allow, 8=UserDefined, 9=NoAction, 10=Block
. . . but I can NOT
confirm it . . .
Get-MpPreference:
Code:
HighThreatDefaultAction
LowThreatDefaultAction
ModerateThreatDefaultAction
SevereThreatDefaultAction
UnknownThreatDefaultAction
Thanks.