Не работает с установленным Kaspersky Standard

[IgorLytkin]

Prerequisites

• Verify that this is not a Windows issue;
• Refer to the system requirements;
• Refer to the How to use;
• I do not use a homebrew Windows image;
• I did not tweak Windows before that could cause system instability;
• If your issue concerns the Wrapper, please mention @BenchTweakGaming in issue

Steps to reproduce

1. Запустил окно Power Shell 5.1 под администратором
2. Запустил скрипт.

Your Sophia Script preset

ModuleType Version Name ExportedCommands

---

Script 6.8.1 Sophia {ActiveHours, AdminApprovalMode, AdvertisingID, AeroShakin...

ПОДРОБНО: Пожалуйста, подождите...

OK
ПОДРОБНО: GET with 0-byte payload
ПОДРОБНО: received 15517-byte response of content type text/plain; charset=utf-8
ПОДРОБНО: GET with 0-byte payload
ПОДРОБНО: received 13522-byte response of content type text/plain; charset=utf-8
ПОДРОБНО: GET with 0-byte payload
ПОДРОБНО: received 12383-byte response of content type text/plain; charset=utf-8
ПОДРОБНО: GET with 0-byte payload
ПОДРОБНО: received 10653-byte response of content type text/plain; charset=utf-8
ПОДРОБНО: GET with 0-byte payload
ПОДРОБНО: received 21459-byte response of content type text/plain; charset=utf-8
ПОДРОБНО: GET with 0-byte payload
ПОДРОБНО: received 18769-byte response of content type text/plain; charset=utf-8

ПОДРОБНО: Пожалуйста, подождите...

ПРЕДУПРЕЖДЕНИЕ: Microsoft Defender сломан или удален из ОС. Переустановите Windows, используя только подлинный
ISO-образ.

ПОДРОБНО: https://www.microsoft.com/software-download/windows11
ПОДРОБНО: https://t.me/sophia_chat
ПОДРОБНО: https://discord.gg/sSryhaEv79

Describe the bug

ПРЕДУПРЕЖДЕНИЕ: Microsoft Defender сломан или удален из ОС. Переустановите Windows, используя только подлинный
ISO-образ.

Screenshot with an error

Windows Version

Microsoft Windows [Version 10.0.26100.1742]

Sophia Script version

6.8.1

[farag2]

Привет. Это крайне странно. Сторонние антивирусы не ломают и не удаляют Defender, потому возникает вопрос: почему не проходит проверку, если с ОС все OK?

Можно ссылку, где качался Kaspersky Standard? Я проверю у себя. Но предыдущие тесты с АВ не останавливали работу скрипта. Жду...

[farag2]

Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender

Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2

Get-Service -Name Windefend, SecurityHealthService, wscsvc

Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender

На какую команду(ы) выдает ошибку?

[farag2]

Я нагуглил вот это: https://www.kaspersky.ru/downloads/standard

[farag2]

Поставил на виртуалку тот АВ, перезагрузился и запустил скрипт. Все проверки прошли. Значит, вопрос к тому, что запускалось ранее, то бишь Kaspersky, каким он плохим ни был, не виноват.

[farag2]

Технически я так и не получил ответ на мой вопрос...

[IgorLytkin]

Дистрибутив получаю в личном кабинете Ростелекома (услуга Kaspersky Standard 3 устройства).

[farag2]

Но это так и не получил ответ на мой второй вопрос, потому и доказал, что ОС была сломана прочими программами.

[skamensky]

Yeah I got the same error and none of the commands in this comment #605 (comment) returned an error.

I'm running a new legit copy of windows 11.

This issue should be open.

[farag2]

@skamensky, hello.

1. May you provide a remote access via AnyDesk to let me check all?
   reach me via Telegram: sanctuary_d
2. Please provide a screenshot too.
3. anyway, if you pass all those commands, something is blocking else. So we need to figure out...

[farag2]

The completed list of checkings is

test-path "$env:SystemRoot\System32\smartscreen.exe"
test-path "$env:SystemRoot\System32\SecurityHealthSystray.exe"
test-path "$env:SystemRoot\System32\CompatTelRunner.exe"
[Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer", "SettingsPageVisibility", $null) -match "hide:windowsdefender"
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2
Get-Service -Name Windefend, SecurityHealthService, wscsvc
(Get-MpPreference).EnableControlledFolderAccess

Please provide an output for every command

[farag2]

this concers @IgorLytkin too, despite I haven't been provided any output before like I have a problem with script invoking, not you. And it's very funny to see you putting a smile on my message like anything will change for you. it's only up to you to provide an additional info here or leave everything as it is with a broken Windows (which is not far from truth).

[mpibpc-mroose]

Hi, I have this problem on multiple machines. Regarding to #605 (comment) her is the output from one of this machines:

PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> test-path "$env:SystemRoot\System32\smartscreen.exe"
True
PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> test-path "$env:SystemRoot\System32\SecurityHealthSystray.exe"
True
PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> test-path "$env:SystemRoot\System32\CompatTelRunner.exe"
True
PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> [Microsoft.Win32.Registry]::GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer", "SettingsPageVisibility", $null) -match "hide:windowsdefender"
False
PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace
 root/Microsoft/Windows/Defender

AMEngineVersion                  : 0.0.0.0
AMProductVersion                 : 4.18.24090.11
AMRunningMode                    : Not running
AMServiceEnabled                 : False
AMServiceVersion                 : 0.0.0.0
AntispywareEnabled               : False
AntispywareSignatureAge          : 0
AntispywareSignatureLastUpdated  :
AntispywareSignatureVersion      :
AntivirusEnabled                 : False
AntivirusSignatureAge            : 65535
AntivirusSignatureLastUpdated    :
AntivirusSignatureVersion        :
BehaviorMonitorEnabled           : False
ComputerID                       : 942C5C63-26AD-44E2-AA0D-0F74F4A9D8EF
ComputerState                    : 0
DefenderSignaturesOutOfDate      : False
DeviceControlDefaultEnforcement  : Unknown
DeviceControlPoliciesLastUpdated : 01/01/1601 01:00:00
DeviceControlState               : Unknown
FullScanAge                      : 4294967295
FullScanEndTime                  :
FullScanOverdue                  : False
FullScanRequired                 : False
FullScanSignatureVersion         :
FullScanStartTime                :
InitializationProgress           : ServiceStartedSuccessfully
IoavProtectionEnabled            : False
IsTamperProtected                : False
IsVirtualMachine                 : False
LastFullScanSource               : 0
LastQuickScanSource              : 0
NISEnabled                       : False
NISEngineVersion                 : 0.0.0.0
NISSignatureAge                  : 65535
NISSignatureLastUpdated          :
NISSignatureVersion              :
OnAccessProtectionEnabled        : False
ProductStatus                    : 1
QuickScanAge                     : 4294967295
QuickScanEndTime                 :
QuickScanOverdue                 : False
QuickScanSignatureVersion        :
QuickScanStartTime               :
RealTimeProtectionEnabled        : False
RealTimeScanDirection            : 0
RebootRequired                   : False
SmartAppControlExpiration        :
SmartAppControlState             :
TamperProtectionSource           : Signatures
TDTCapable                       : N/A
TDTMode                          : N/A
TDTSiloType                      : N/A
TDTStatus                        : N/A
TDTTelemetry                     : N/A
TroubleShootingDailyMaxQuota     :
TroubleShootingDailyQuotaLeft    :
TroubleShootingEndTime           :
TroubleShootingExpirationLeft    :
TroubleShootingMode              :
TroubleShootingModeSource        :
TroubleShootingQuotaResetTime    :
TroubleShootingStartTime         :
PSComputerName                   :

PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2

displayName              : Windows Defender
instanceGuid             : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe   : windowsdefender://
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState             : 393472
timestamp                : Tue, 21 Jan 2025 06:49:15 GMT
PSComputerName           :

displayName              : Kaspersky Endpoint Security for Windows
instanceGuid             : {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
pathToSignedProductExe   : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\remediation.exe
pathToSignedReportingExe : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe
productState             : 262144
timestamp                : Tue, 26 Apr 2022 11:00:10 GMT
PSComputerName           :

displayName              : Trend Micro Apex One Antivirus
instanceGuid             : {ED615F2B-1A02-1E57-9B13-F77BCB993815}
pathToSignedProductExe   : C:\Program Files (x86)\Trend Micro\Security Agent\Pccntmon.exe
pathToSignedReportingExe : C:\Program Files (x86)\Trend Micro\Security Agent\tmwscsvc.exe
productState             : 266240
timestamp                : Tue, 21 Jan 2025 06:48:57 GMT
PSComputerName           :

PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> Get-Service -Name Windefend, SecurityHealthService, wscsvc

Status   Name               DisplayName
------   ----               -----------
Running  SecurityHealthSer… Windows Security Service
Stopped  Windefend          Microsoft Defender Antivirus Service
Running  wscsvc             Security Center

PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1> (Get-MpPreference).EnableControlledFolderAccess
Get-MpPreference: Operation failed with the following error: 0x%1!x!
PS C:\temp\Sophia.Script.for.Windows.11.PowerShell.7.v6.8.1>

[farag2]

@mpibpc-mroose, hello. Why you have 3 AVs?)) why?
Also, as you may see the last command has an error, that's why I claim that Defender is broken. Did you run any so-called tweaker before?

[mpibpc-mroose]

There is only one: Trend Micro. That one replaced Kaspersky some time ago... Seems that the uninstallation did not clean up the mess ;-)

No I did not call any tweaker before. But it's an older Windows which has recently gotten an inplace upgrade. But this is common for my infrastructure and until the latest version of Sophia it did never break like now.

[farag2]

The fact is that Defender has been broken before. Sophia, unlike any other tweakers, warns user about Windows stability.

[mpibpc-mroose]

Fully aggree, a warning is a good thing. But from my oppinion there should be a possibility to override the warning. Only errors should be a show stopper...

And the questions why this issue arised with the newest version ramains open, if I did not miss anything.

[farag2]

And the questions why this issue arised with the newest version ramains open, if I did not miss anything.

This closed issue is not related with the latest release only. I saw hundreds of users sending me a PM asking what was with their Windows. I got used to reply to all of you. :)

Only errors should be a show stopper...

Our opinion is that if user has such critical issue with a system component which Defender is, we have to stop executing the whole script as we may have another red console waterfall in the future if we let users run on a broken Windows. On the other hand, smart user always asks how to heal their systems. but this is another question. I offer 2 cmdlets for that.

[mpibpc-mroose]

I made some test for further investigation of this problem. I installed a fresh Windows 11 24H2 on a computer. Then before doing anything else I run Sophia Script and there was no "broken defender warning".

Then I installed Trend Micro Apex One and rebootet the computer. After this when running Sophia the problem appears again. I think there is nothing wrong with this computer. Defender gets deactivated as soon as another AV-solution is installed.

[farag2]

I will take into account. Please share a link to Trend Micro to test from my side?

[farag2]

Defender gets deactivated as soon as another AV-solution is installed.

Nobody says otherwise. We are talking about why the exact cmdlet stops working throwing a specific error

PS (Get-MpPreference).EnableControlledFolderAccess
Get-MpPreference: Operation failed with the following error: 0x%1!x!

[mpibpc-mroose]

I'm pretty sure you are right and Trend Micro is somehow messing up the Defender... It's a pitty...

[farag2]

Anyway, I will think it out how to improve error handling and probably bypass that error to continue script. Please wait a new commit. :)

[mpibpc-mroose]

Thanks a lot!

[farag2]

I'm pretty sure you are right and Trend Micro is somehow messing up the Defender... It's a pitty...

Could you please provide a link to the Trend Micro exact solution to test?

[mpibpc-mroose]

Could you please provide a link to the Trend Micro exact solution to test?

https://downloadcenter.trendmicro.com/index.php?regs=uk&prodid=1745

"Trend Micro Apex One". Unfortunately there are no stand alone clients, this is the full endpoint protectuin suite. Thats why I can't just provide a link to the client which is causing the trouble. But I can do the tests for you a any time if that helps.

I tried to reach out to Trend Micro and to file a bug report. But unfortunately the support contract ist expired and the new contract is not yet running...

[farag2]

Kaspersky Standart respects Defender settings and does not make the cmdlet broken

[farag2]

Could you please provide a link to the Trend Micro exact solution to test?

https://downloadcenter.trendmicro.com/index.php?regs=uk&prodid=1745

"Trend Micro Apex One". Unfortunately there are no stand alone clients, this is the full endpoint protectuin suite. Thats why I can't just provide a link to the client which is causing the trouble. But I can do the tests for you a any time if that helps.

I tried to reach out to Trend Micro and to file a bug report. But unfortunately the support contract ist expired and the new contract is not yet running...

Tried on a Windows 11 Pro VM via Hyper-V.

[IgorLytkin]

Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2
Get-Service -Name Windefend, SecurityHealthService, wscsvc
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
На какую команду(ы) выдает ошибку?

PS C:\> Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
AMEngineVersion                  : 0.0.0.0
AMProductVersion                 : 4.18.24090.11
AMRunningMode                    : Not running
AMServiceEnabled                 : False
AMServiceVersion                 : 0.0.0.0
AntispywareEnabled               : False
AntispywareSignatureAge          : 0
AntispywareSignatureLastUpdated  :
AntispywareSignatureVersion      :
AntivirusEnabled                 : False
AntivirusSignatureAge            : 65535
AntivirusSignatureLastUpdated    :
AntivirusSignatureVersion        :
BehaviorMonitorEnabled           : False
ComputerID                       : 208AAB31-DED0-AAFA-141B-6DD767F636C4
ComputerState                    : 0
DefenderSignaturesOutOfDate      : False
DeviceControlDefaultEnforcement  : Unknown
DeviceControlPoliciesLastUpdated : 01.01.1601 6:00:00
DeviceControlState               : Unknown
FullScanAge                      : 4294967295
FullScanEndTime                  :
FullScanOverdue                  : False
FullScanRequired                 : False
FullScanSignatureVersion         :
FullScanStartTime                :
InitializationProgress           : ServiceStartedSuccessfully
IoavProtectionEnabled            : False
IsTamperProtected                : False
IsVirtualMachine                 : False
LastFullScanSource               : 0
LastQuickScanSource              : 0
NISEnabled                       : False
NISEngineVersion                 : 0.0.0.0
NISSignatureAge                  : 65535
NISSignatureLastUpdated          :
NISSignatureVersion              :
OnAccessProtectionEnabled        : False
ProductStatus                    : 1
QuickScanAge                     : 4294967295
QuickScanEndTime                 :
QuickScanOverdue                 : False
QuickScanSignatureVersion        :
QuickScanStartTime               :
RealTimeProtectionEnabled        : False
RealTimeScanDirection            : 0
RebootRequired                   : False
SmartAppControlExpiration        :
SmartAppControlState             :
TamperProtectionSource           : Signatures
TDTCapable                       : N/A
TDTMode                          : N/A
TDTSiloType                      : N/A
TDTStatus                        : N/A
TDTTelemetry                     : N/A
TroubleShootingDailyMaxQuota     :
TroubleShootingDailyQuotaLeft    :
TroubleShootingEndTime           :
TroubleShootingExpirationLeft    :
TroubleShootingMode              :
TroubleShootingModeSource        :
TroubleShootingQuotaResetTime    :
TroubleShootingStartTime         :
PSComputerName                   :

PS C:\> Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2
displayName              : Windows Defender
instanceGuid             : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe   : windowsdefender://
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState             : 393472
timestamp                : Wed, 08 Jan 2025 12:12:05 GMT
PSComputerName           :

displayName              : Kaspersky
instanceGuid             : {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
pathToSignedProductExe   : C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\wmiav.exe
pathToSignedReportingExe : C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe
productState             : 266240
timestamp                : Wed, 22 Jan 2025 22:32:42 GMT
PSComputerName           :

PS C:\> Get-Service -Name Windefend, SecurityHealthService, wscsvc
Status   Name               DisplayName
------   ----               -----------
Running  SecurityHealthS... Служба "Безопасность Windows"
Stopped  Windefend          Служба антивирусной программы Micro...
Running  wscsvc             Центр обеспечения безопасности

PS C:\> Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
AMEngineVersion                  : 0.0.0.0
AMProductVersion                 : 4.18.24090.11
AMRunningMode                    : Not running
AMServiceEnabled                 : False
AMServiceVersion                 : 0.0.0.0
AntispywareEnabled               : False
AntispywareSignatureAge          : 0
AntispywareSignatureLastUpdated  :
AntispywareSignatureVersion      :
AntivirusEnabled                 : False
AntivirusSignatureAge            : 65535
AntivirusSignatureLastUpdated    :
AntivirusSignatureVersion        :
BehaviorMonitorEnabled           : False
ComputerID                       : 208AAB31-DED0-AAFA-141B-6DD767F636C4
ComputerState                    : 0
DefenderSignaturesOutOfDate      : False
DeviceControlDefaultEnforcement  : Unknown
DeviceControlPoliciesLastUpdated : 01.01.1601 6:00:00
DeviceControlState               : Unknown
FullScanAge                      : 4294967295
FullScanEndTime                  :
FullScanOverdue                  : False
FullScanRequired                 : False
FullScanSignatureVersion         :
FullScanStartTime                :
InitializationProgress           : ServiceStartedSuccessfully
IoavProtectionEnabled            : False
IsTamperProtected                : False
IsVirtualMachine                 : False
LastFullScanSource               : 0
LastQuickScanSource              : 0
NISEnabled                       : False
NISEngineVersion                 : 0.0.0.0
NISSignatureAge                  : 65535
NISSignatureLastUpdated          :
NISSignatureVersion              :
OnAccessProtectionEnabled        : False
ProductStatus                    : 1
QuickScanAge                     : 4294967295
QuickScanEndTime                 :
QuickScanOverdue                 : False
QuickScanSignatureVersion        :
QuickScanStartTime               :
RealTimeProtectionEnabled        : False
RealTimeScanDirection            : 0
RebootRequired                   : False
SmartAppControlExpiration        :
SmartAppControlState             :
TamperProtectionSource           : Signatures
TDTCapable                       : N/A
TDTMode                          : N/A
TDTSiloType                      : N/A
TDTStatus                        : N/A
TDTTelemetry                     : N/A
TroubleShootingDailyMaxQuota     :
TroubleShootingDailyQuotaLeft    :
TroubleShootingEndTime           :
TroubleShootingExpirationLeft    :
TroubleShootingMode              :
TroubleShootingModeSource        :
TroubleShootingQuotaResetTime    :
TroubleShootingStartTime         :
PSComputerName                   :

[farag2]

Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2
Get-Service -Name Windefend, SecurityHealthService, wscsvc
Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender
На какую команду(ы) выдает ошибку?

PS C:> Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender AMEngineVersion : 0.0.0.0 AMProductVersion : 4.18.24090.11 AMRunningMode : Not running AMServiceEnabled : False AMServiceVersion : 0.0.0.0 AntispywareEnabled : False AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : AntispywareSignatureVersion : AntivirusEnabled : False AntivirusSignatureAge : 65535 AntivirusSignatureLastUpdated : AntivirusSignatureVersion : BehaviorMonitorEnabled : False ComputerID : 208AAB31-DED0-AAFA-141B-6DD767F636C4 ComputerState : 0 DefenderSignaturesOutOfDate : False DeviceControlDefaultEnforcement : Unknown DeviceControlPoliciesLastUpdated : 01.01.1601 6:00:00 DeviceControlState : Unknown FullScanAge : 4294967295 FullScanEndTime : FullScanOverdue : False FullScanRequired : False FullScanSignatureVersion : FullScanStartTime : InitializationProgress : ServiceStartedSuccessfully IoavProtectionEnabled : False IsTamperProtected : False IsVirtualMachine : False LastFullScanSource : 0 LastQuickScanSource : 0 NISEnabled : False NISEngineVersion : 0.0.0.0 NISSignatureAge : 65535 NISSignatureLastUpdated : NISSignatureVersion : OnAccessProtectionEnabled : False ProductStatus : 1 QuickScanAge : 4294967295 QuickScanEndTime : QuickScanOverdue : False QuickScanSignatureVersion : QuickScanStartTime : RealTimeProtectionEnabled : False RealTimeScanDirection : 0 RebootRequired : False SmartAppControlExpiration : SmartAppControlState : TamperProtectionSource : Signatures TDTCapable : N/A TDTMode : N/A TDTSiloType : N/A TDTStatus : N/A TDTTelemetry : N/A TroubleShootingDailyMaxQuota : TroubleShootingDailyQuotaLeft : TroubleShootingEndTime : TroubleShootingExpirationLeft : TroubleShootingMode : TroubleShootingModeSource : TroubleShootingQuotaResetTime : TroubleShootingStartTime : PSComputerName :

PS C:> Get-CimInstance -ClassName AntiVirusProduct -Namespace root/SecurityCenter2 displayName : Windows Defender instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} pathToSignedProductExe : windowsdefender:// pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe productState : 393472 timestamp : Wed, 08 Jan 2025 12:12:05 GMT PSComputerName :

displayName : Kaspersky instanceGuid : {4F76F112-43EB-40E8-11D8-F7BD1853EA23} pathToSignedProductExe : C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\wmiav.exe pathToSignedReportingExe : C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe productState : 266240 timestamp : Wed, 22 Jan 2025 22:32:42 GMT PSComputerName :

PS C:> Get-Service -Name Windefend, SecurityHealthService, wscsvc Status Name DisplayName

Running SecurityHealthS... Служба "Безопасность Windows" Stopped Windefend Служба антивирусной программы Micro... Running wscsvc Центр обеспечения безопасности

PS C:> Get-CimInstance -ClassName MSFT_MpComputerStatus -Namespace root/Microsoft/Windows/Defender AMEngineVersion : 0.0.0.0 AMProductVersion : 4.18.24090.11 AMRunningMode : Not running AMServiceEnabled : False AMServiceVersion : 0.0.0.0 AntispywareEnabled : False AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : AntispywareSignatureVersion : AntivirusEnabled : False AntivirusSignatureAge : 65535 AntivirusSignatureLastUpdated : AntivirusSignatureVersion : BehaviorMonitorEnabled : False ComputerID : 208AAB31-DED0-AAFA-141B-6DD767F636C4 ComputerState : 0 DefenderSignaturesOutOfDate : False DeviceControlDefaultEnforcement : Unknown DeviceControlPoliciesLastUpdated : 01.01.1601 6:00:00 DeviceControlState : Unknown FullScanAge : 4294967295 FullScanEndTime : FullScanOverdue : False FullScanRequired : False FullScanSignatureVersion : FullScanStartTime : InitializationProgress : ServiceStartedSuccessfully IoavProtectionEnabled : False IsTamperProtected : False IsVirtualMachine : False LastFullScanSource : 0 LastQuickScanSource : 0 NISEnabled : False NISEngineVersion : 0.0.0.0 NISSignatureAge : 65535 NISSignatureLastUpdated : NISSignatureVersion : OnAccessProtectionEnabled : False ProductStatus : 1 QuickScanAge : 4294967295 QuickScanEndTime : QuickScanOverdue : False QuickScanSignatureVersion : QuickScanStartTime : RealTimeProtectionEnabled : False RealTimeScanDirection : 0 RebootRequired : False SmartAppControlExpiration : SmartAppControlState : TamperProtectionSource : Signatures TDTCapable : N/A TDTMode : N/A TDTSiloType : N/A TDTStatus : N/A TDTTelemetry : N/A TroubleShootingDailyMaxQuota : TroubleShootingDailyQuotaLeft : TroubleShootingEndTime : TroubleShootingExpirationLeft : TroubleShootingMode : TroubleShootingModeSource : TroubleShootingQuotaResetTime : TroubleShootingStartTime : PSComputerName :

(Get-MpPreference).EnableControlledFolderAccess
?

[IgorLytkin]

PS C:\WINDOWS\system32> (Get-MpPreference).EnableControlledFolderAccess
Get-MpPreference : Не удалось выполнить операцию. Ошибка: 0x%1!x!
строка:1 знак:2
+ (Get-MpPreference).EnableControlledFolderAccess
+  ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference],
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpPreference

[farag2]

PS C:\WINDOWS\system32> (Get-MpPreference).EnableControlledFolderAccess
Get-MpPreference : Не удалось выполнить операцию. Ошибка: 0x%1!x!
строка:1 знак:2
+ (Get-MpPreference).EnableControlledFolderAccess
+  ~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Get-MpPreference],
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpPreference

ЧТД?

[IgorLytkin]

Я не знаю. Факт в том, что если удалить временно Kaspersky Standard, то скрипт начинает работать без предупреждения из-за которого он не работает при установленном Kaspersky Standard.

[farag2]

Я не знаю. Факт в том, что если удалить временно Kaspersky Standard, то скрипт начинает работать без предупреждения из-за которого он не работает при установленном Kaspersky Standard.

#605 (comment)