From 560af95ecd28bde828dadd35a06f855c06839ea4 Mon Sep 17 00:00:00 2001 From: undergroundwires Date: Sat, 21 Dec 2024 11:59:42 +0100 Subject: [PATCH] win: fix Defender remote configs PS value #477 This commit fixes `DisableCoreServiceECSIntegration` value to properly disable remote experimentation and configurations in Defender. The previous value (`$False`) was causing the opposite of indended behavior. The default value is also updated to match Microsoft's documentation and actual system behavior. --- src/application/collections/windows.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml index 711c1f90..aee15bda 100644 --- a/src/application/collections/windows.yaml +++ b/src/application/collections/windows.yaml @@ -15642,8 +15642,8 @@ actions: parameters: # 0 = 'Disabled' (default), 1 = 'Enabled', 2 = 'AuditMode' property: DisableCoreServiceECSIntegration # Status: Get-MpPreference | Select-Object -Property DisableCoreServiceECSIntegration - value: "$False" # Set: Set-MpPreference -Force -DisableCoreServiceECSIntegration $False - default: "$True" # Default: 0 (Disabled) | Remove-MpPreference -Force -DisableCoreServiceECSIntegration | Set-MpPreference -DisableCoreServiceECSIntegration "$True" + value: "$True" # Set: Set-MpPreference -Force -DisableCoreServiceECSIntegration $True + default: "$False" # Default: 0 (Disabled) | Remove-MpPreference -Force -DisableCoreServiceECSIntegration | Set-MpPreference -DisableCoreServiceECSIntegration "$False" - function: SetRegistryValue parameters: