From f33dbd31e52c0980747ed058db83c884e45aede8 Mon Sep 17 00:00:00 2001 From: Simon Smith Date: Thu, 4 Jan 2024 02:16:41 +0000 Subject: [PATCH] add Defender for Windows Server (#5646) Signed-off-by: si458 --- agents/meshcore.js | 8 ++++++++ agents/modules_meshcore/win-info.js | 21 +++++++++++++++++++-- meshagent.js | 4 ++++ views/default-mobile.handlebars | 8 ++++++++ views/default.handlebars | 8 ++++++++ 5 files changed, 47 insertions(+), 2 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index ee3d56ee..7d5873d9 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -5623,6 +5623,14 @@ function sendPeriodicServerUpdate(flags, force) { }); } catch (ex) { } } + // Get Defender for Windows Server + try { + var d = require('win-info').defender(); + d.then(function(res){ + meshCoreObj.defender = res; + meshCoreObjChanged(); + }); + } catch (ex){ } } // Send available data right now diff --git a/agents/modules_meshcore/win-info.js b/agents/modules_meshcore/win-info.js index b13a2ba8..e541520b 100644 --- a/agents/modules_meshcore/win-info.js +++ b/agents/modules_meshcore/win-info.js @@ -239,12 +239,29 @@ function installedApps() return (ret); } +function defender(){ + var promise = require('promise'); + var ret = new promise(function (a, r) { this._resolve = a; this._reject = r; }); + ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {}); + ret.child.promise = ret; + ret.child.stdout.str = ''; ret.child.stdout.on('data', function (c) { this.str += c.toString(); }); + ret.child.stderr.str = ''; ret.child.stderr.on('data', function (c) { this.str += c.toString(); }); + ret.child.stdin.write('Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON\r\n'); + ret.child.stdin.write('exit\r\n'); + ret.child.on('exit', function (c) { + if (this.stdout.str == '') { this.promise._resolve({}); return; } + var abc = JSON.parse(this.stdout.str.trim()) + this.promise._resolve({ RealTimeProtection: abc.RealTimeProtectionEnabled, TamperProtected: abc.IsTamperProtected }); + }); + return (ret); +} + if (process.platform == 'win32') { - module.exports = { qfe: qfe, av: av, defrag: defrag, pendingReboot: pendingReboot, installedApps: installedApps }; + module.exports = { qfe: qfe, av: av, defrag: defrag, pendingReboot: pendingReboot, installedApps: installedApps, defender: defender }; } else { var not_supported = function () { throw (process.platform + ' not supported'); }; - module.exports = { qfe: not_supported, av: not_supported, defrag: not_supported, pendingReboot: not_supported, installedApps: not_supported }; + module.exports = { qfe: not_supported, av: not_supported, defrag: not_supported, pendingReboot: not_supported, installedApps: not_supported, defender: not_supported }; } \ No newline at end of file diff --git a/meshagent.js b/meshagent.js index bd8e29f8..b3ce7654 100644 --- a/meshagent.js +++ b/meshagent.js @@ -1920,6 +1920,10 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) { if (!device.wsc) { device.wsc = {}; } if (JSON.stringify(device.wsc) != JSON.stringify(command.wsc)) { /*changes.push('Windows Security Center status');*/ device.wsc = command.wsc; change = 1; log = 1; } } + if (command.defender != null) { // Defender For Windows Server + if (!device.defender) { device.defender = {}; } + if (JSON.stringify(device.defender) != JSON.stringify(command.defender)) { /*changes.push('Defender status');*/ device.defender = command.defender; change = 1; log = 1; } + } // Push Messaging Token if ((command.pmt != null) && (typeof command.pmt == 'string') && (device.pmt != command.pmt)) { diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index 46d775ed..ce8fd298 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -5894,6 +5894,14 @@ x += addDetailItem("Windows Security", y.join(', ')); } + // Defender for Windows Server + if(node.defender && !node.wsc) { + var y = []; + if (node.defender.RealTimeProtection != null) { if (node.defender.RealTimeProtection == true) { y.push("RealTimeProtection" + ' - ' + "On" + ''); } else { y.push("RealTimeProtection" + ' - ' + "Off" + ''); } } + if (node.defender.TamperProtected != null) { if (node.defender.TamperProtected == true) { y.push("TamperProtection" + ' - ' + "On" + ''); } else { y.push("TamperProtection" + ' - ' + "Off" + ''); } } + x += addDetailItem("Windows Defender", y.join(', ')); + } + // Antivirus if (node.av && node.av.length > 0) { var y = []; diff --git a/views/default.handlebars b/views/default.handlebars index 3fd03ed8..34b3cd24 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -7396,6 +7396,14 @@ x += addDeviceAttribute("Windows Security", y.join(', ')); } + // Defender for Windows Server + if(node.defender && !node.wsc) { + var y = []; + if (node.defender.RealTimeProtection != null) { if (node.defender.RealTimeProtection == true) { y.push("RealTimeProtection" + ' - ' + "On" + ''); } else { y.push("RealTimeProtection" + ' - ' + "Off" + ''); } } + if (node.defender.TamperProtected != null) { if (node.defender.TamperProtected == true) { y.push("TamperProtection" + ' - ' + "On" + ''); } else { y.push("TamperProtection" + ' - ' + "Off" + ''); } } + x += addDeviceAttribute("Windows Defender", y.join(', ')); + } + // Antivirus if (node.av && node.av.length > 0) { var y = [];