Windows Defender - 以编程方式添加排除文件夹 [英] Windows Defender - Add exclusion folder programmatically

问题描述

我出于研究目的检查了不同的键盘记录器，偶然发现了 Refog:

但是，他们还为此文件夹添加了 Windows Defender 的排除项.他们如何以编程方式做到这一点?我正在运行 Windows 10 Pro x64.

解决方案

正确的方法是使用 Add-MpPreference PowerShell cmdlet.使用此 cmdlet 添加文件扩展名、路径和进程的排除项，并添加针对高、中和低威胁的默认操作.

您可以使用以下命令行从 Windows 10 中提升的 cmd shell 轻松执行此操作:

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:WindowsSysWOW64Mpk"

I was checking out different keyloggers for research purposes and stumbled upon Refog:

https://www.refog.com/keylogger/

This program could catch a lot of system events, but what really caught my attention was something else. The program created a hidden folder called Mpk, path C:WindowsSysWOW64Mpk. It was marked as an operating system files folder, because it was not visible until I unmarked Hide protected operating system files (recommended). This, I guess, can be done via the attrib command like this attrib +s +h "C:WindowsSysWOW64Mpk" so nothing revolutionary.

However they also added an exclusion to Windows Defender for this folder. How can they do this programmatically? I'm running Windows 10 Pro x64.

解决方案

The correct way to do this is using the Add-MpPreference PowerShell cmdlet. Use this cmdlet to add exclusions for file name extensions, paths, and processes, and to add default actions for high, moderate, and low threats.

You can easily perform this from the elevated cmd shell in Windows 10 using the following command line:

powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:WindowsSysWOW64Mpk"

这篇关于Windows Defender - 以编程方式添加排除文件夹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！