add Defender for Windows Server (#5646)

Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-01-04 02:16:41 +00:00 · 2024-01-04 02:16:41 +00:00 · f33dbd31e5
parent 45722c70d4
commit f33dbd31e5
5 changed files with 47 additions and 2 deletions
--- a/agents/meshcore.js
+++ b/agents/meshcore.js
@ -5623,6 +5623,14 @@ function sendPeriodicServerUpdate(flags, force) {
                });
            } catch (ex) { }
        }
+        // Get Defender for Windows Server
+        try { 
+            var d = require('win-info').defender();
+            d.then(function(res){
+                meshCoreObj.defender = res;
+                meshCoreObjChanged();
+            });
+        } catch (ex){ }
    }

    // Send available data right now
--- a/agents/modules_meshcore/win-info.js
+++ b/agents/modules_meshcore/win-info.js
@ -239,12 +239,29 @@ function installedApps()
    return (ret);
 }

+function defender(){
+    var promise = require('promise');
+    var ret = new promise(function (a, r) { this._resolve = a; this._reject = r; });
+    ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    ret.child.promise = ret;
+    ret.child.stdout.str = ''; ret.child.stdout.on('data', function (c) { this.str += c.toString(); });
+    ret.child.stderr.str = ''; ret.child.stderr.on('data', function (c) { this.str += c.toString(); });
+    ret.child.stdin.write('Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON\r\n');
+    ret.child.stdin.write('exit\r\n');
+    ret.child.on('exit', function (c) { 
+        if (this.stdout.str == '') { this.promise._resolve({}); return; }
+        var abc = JSON.parse(this.stdout.str.trim())
+        this.promise._resolve({ RealTimeProtection: abc.RealTimeProtectionEnabled, TamperProtected: abc.IsTamperProtected });
+    });
+    return (ret);
+}
+
 if (process.platform == 'win32')
 {
-    module.exports = { qfe: qfe, av: av, defrag: defrag, pendingReboot: pendingReboot, installedApps: installedApps };
+    module.exports = { qfe: qfe, av: av, defrag: defrag, pendingReboot: pendingReboot, installedApps: installedApps, defender: defender };
 }
 else
 {
    var not_supported = function () { throw (process.platform + ' not supported'); };
-    module.exports = { qfe: not_supported, av: not_supported, defrag: not_supported, pendingReboot: not_supported, installedApps: not_supported };
+    module.exports = { qfe: not_supported, av: not_supported, defrag: not_supported, pendingReboot: not_supported, installedApps: not_supported, defender: not_supported };
 }
--- a/meshagent.js
+++ b/meshagent.js
@ -1920,6 +1920,10 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                    if (!device.wsc) { device.wsc = {}; }
                    if (JSON.stringify(device.wsc) != JSON.stringify(command.wsc)) { /*changes.push('Windows Security Center status');*/ device.wsc = command.wsc; change = 1; log = 1; }
                }
+                if (command.defender != null) { // Defender For Windows Server
+                    if (!device.defender) { device.defender = {}; }
+                    if (JSON.stringify(device.defender) != JSON.stringify(command.defender)) { /*changes.push('Defender status');*/ device.defender = command.defender; change = 1; log = 1; }
+                }

                // Push Messaging Token
                if ((command.pmt != null) && (typeof command.pmt == 'string') && (device.pmt != command.pmt)) {
--- a/views/default-mobile.handlebars
+++ b/views/default-mobile.handlebars
@ -5894,6 +5894,14 @@
                    x += addDetailItem("Windows Security", y.join(', '));
                }

+                // Defender for Windows Server
+                if(node.defender && !node.wsc) {
+                    var y = [];
+                    if (node.defender.RealTimeProtection != null) { if (node.defender.RealTimeProtection == true) { y.push("RealTimeProtection" + ' - <span style=color:green>' + "On" + '</span>'); } else { y.push("RealTimeProtection" + ' - <span style=color:red>' + "Off" + '</span>'); } }
+                    if (node.defender.TamperProtected != null) { if (node.defender.TamperProtected == true) { y.push("TamperProtection" + ' - <span style=color:green>' + "On" + '</span>'); } else { y.push("TamperProtection" + ' - <span style=color:red>' + "Off" + '</span>'); } }
+                    x += addDetailItem("Windows Defender", y.join(', '));
+                }
+
                // Antivirus
                if (node.av && node.av.length > 0) {
                    var y = [];
--- a/views/default.handlebars
+++ b/views/default.handlebars
@ -7396,6 +7396,14 @@
                    x += addDeviceAttribute("Windows Security", y.join(', '));
                }

+                // Defender for Windows Server
+                if(node.defender && !node.wsc) {
+                    var y = [];
+                    if (node.defender.RealTimeProtection != null) { if (node.defender.RealTimeProtection == true) { y.push("RealTimeProtection" + ' - <span style=color:green>' + "On" + '</span>'); } else { y.push("RealTimeProtection" + ' - <span style=color:red>' + "Off" + '</span>'); } }
+                    if (node.defender.TamperProtected != null) { if (node.defender.TamperProtected == true) { y.push("TamperProtection" + ' - <span style=color:green>' + "On" + '</span>'); } else { y.push("TamperProtection" + ' - <span style=color:red>' + "Off" + '</span>'); } }
+                    x += addDeviceAttribute("Windows Defender", y.join(', '));
+                }
+
                // Antivirus
                if (node.av && node.av.length > 0) {
                    var y = [];