0

In the following code, I am trying to enable the Windows Defender using powershell

Sub Enable_Disable_Windows_Defender_Using_PowerShell()
    Dim wshShell        As Object
    Dim wshShellExec    As Object
    Dim strCommand      As String

    Rem Enable = false - Disable = true
    strCommand = "Powershell -nologo -WindowStyle Hidden -ExecutionPolicy Bypass -Command ""Set-MpPreference -DisableRealtimeMonitoring $false"""
    Set wshShell = CreateObject("WScript.Shell")
    Set wshShellExec = wshShell.Exec(strCommand)
End Sub

There is no error at executing the code but I didn't get the Windows Defender Eabled Any idea ..?

I tried this but doesn't work for me too

Sub Enable_Disable_Windows_Defender_Using_PowerShell()
    Dim wshShell        As Object
    Dim wshShellExec    As Object
    Dim strCommand      As String

    Rem Enable = false - Disable = true

    strCommand = "Powershell -nologo -Command ""Start-Process powershell -Verb runAs"""
    Set wshShell = CreateObject("WScript.Shell")
    Set wshShellExec = wshShell.Exec(strCommand)


    strCommand = "Powershell -nologo -WindowStyle Hidden -ExecutionPolicy Bypass -Command ""Set-MpPreference -DisableRealtimeMonitoring $false"""
    Set wshShell = CreateObject("WScript.Shell")
    Set wshShellExec = wshShell.Exec(strCommand)
End Sub
Pᴇʜ
  • 56,719
  • 10
  • 49
  • 73
YasserKhalil
  • 9,138
  • 7
  • 36
  • 95
  • why don't you try the code in powershell instead of from what looks like VBScript? [*grin*] – Lee_Dailey Aug 31 '19 at 22:48
  • I would run a vbscript and the windows defender blocks me .. That's why I am searching for a way to skip disable it then run my script then enable it again – YasserKhalil Aug 31 '19 at 22:57
  • please, try to run your _powershell_ code in the powershell ISE and see what happens - especially what errors you get. – Lee_Dailey Aug 31 '19 at 23:10
  • I got this error in PowerShell ISE `PS C:\Users\Future> Set-MpPreference -DisableRealtimeMonitoring $true Set-MpPreference : You don't have enough permissions to perform the requested operation. At line:1 char:1 + Set-MpPreference -DisableRealtimeMonitoring $true + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPre ference], CimException + FullyQualifiedErrorId : HRESULT 0xc0000142,Set-MpPreference` – YasserKhalil Aug 31 '19 at 23:16
  • But when run the ISE as admin it works well. So the issue is how to make or run powershell as admin – YasserKhalil Aug 31 '19 at 23:18
  • 1
    this shows how to cause PoSh to "run as admin" or to run in an elevated session >>> Running a command as Administrator using PowerShell? - Stack Overflow — https://stackoverflow.com/questions/7690994/running-a-command-as-administrator-using-powershell << – Lee_Dailey Aug 31 '19 at 23:33
  • Thanks a lot. I have tried the line from the other thread but doesn't work for me too .. – YasserKhalil Aug 31 '19 at 23:55
  • 1
    i recommend you start a NEW question since this one has wandered far from the subject in the title. then, in that new question, list what you have done & what failed - along with any error messages. – Lee_Dailey Sep 01 '19 at 00:11
  • I have put my try in the thread. All what I need is how to run the powershell as administrator ... I used the line `Start-Process powershell -Verb runAs` but it seems not to work for me – YasserKhalil Sep 01 '19 at 04:16

1 Answers1

1

You could try these:

Disable Windows Defender

$regpath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender"
if (!(Test-Path $regpath -PathType Container)) {
    New-Item -Path $regpath -ItemType Container -Force
}
Set-ItemProperty -Path $regpath -Name "DisableAntiSpyware" -Value 1 -Type DWord -Force
# stop the service and set it to Disabled
Stop-Service -Name WinDefend -Confirm:$false -Force
Set-Service -Name WinDefend -StartupType Disabled

Enable Windows Defender

$regpath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender"
if (Test-Path $regpath -PathType Container) {
    Set-ItemProperty -Path $regpath -Name "DisableAntiSpyware" -Value 0 -Type DWord -Force
    # or remove the whole registry key "Windows Defender"
    # Remove-Item -Path $regpath -Force
}
# set the service to startup Automatic and start the service
Set-Service -Name WinDefend -StartupType Automatic
Start-Service -Name WinDefend -Confirm:$false

You need to run this as Administrator and as to how to do this, I agree with Lee_Daily you should post a new question for that.

Theo
  • 57,719
  • 8
  • 24
  • 41
  • Thanks a lot .. But how can I use such code in excel VBA? – YasserKhalil Sep 01 '19 at 14:09
  • 1
    @YasserKhalil You asked for **Enable Windows Defender using Powershell**, so this is PowerShell.. – Theo Sep 01 '19 at 14:10
  • I have put excel-vba tags in the main post but I don't know who deleted them .. Generally I have posted another link https://stackoverflow.com/questions/57746699/run-powershell-as-administrator – YasserKhalil Sep 01 '19 at 14:13