Get-MpComputerStatus returns no output
Hello, on a Server 2019 with windows defender installed in the "Windows Security GUI" all is fine. Protection definitions are up to date, exclusions are set ... (managed with SCCM) But when i use the Get-MpComputerStatus it returns no output. (not even an error) Please help.
New-AntiPhishPolicy Parameters Don't seem to work properly
I'm making a script to automate the process of setting up EOP automatically for our customers everything works fine, except the part with the anti-phishing policy. When running the command New-AntiPhishPolicy with a variety of parameters (see Original command) i get the error "-ParameterX" is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again (For full error see Error Example). When the parameters that cause the error are removed from the script i end up with only eight working parameters (See Working parameters). When i create the policy in the GUI all Parameters i use below are available. I also tried different accounts i first tried via delegated acces, i then tried to run the same command with the global admin but no luck either. Security license used in the tenant: Defender for O365 (subscription 1) Original command: New-AntiPhishPolicy -Name $AntiPhishPolicyName -ImpersonationProtectionState automatic ` -EnableTargetedUserProtection $true ` -EnableMailboxIntelligenceProtection $true ` -EnableTargetedDomainsProtection $true ` -EnableOrganizationDomainsProtection $true ` -EnableMailboxIntelligence $true ` -EnableFirstContactSafetyTips $true -EnableSimilarUsersSafetyTips $true ` -EnableSimilarDomainsSafetyTips $true ` -EnableUnusualCharactersSafetyTips $true ` -TargetedUserProtectionAction Quarantine ` -TargetedUserQuarantineTag $quarantinepolicy ` -MailboxIntelligenceProtectionAction Quarantine ` -MailboxIntelligenceQuarantineTag $quarantinepolicy ` -TargetedDomainProtectionAction Quarantine ` -TargetedDomainQuarantineTag $quarantinepolicy ` -AuthenticationFailAction Quarantine ` -SpoofQuarantineTag $quarantinepolicy ` -EnableSpoofIntelligence $true ` -EnableViaTag $true ` -EnableUnauthenticatedSender $true ` -EnableSuspiciousSafetyTip $true ` -PhishThresholdLevel 2 ` -MakeDefault ` -TargetedDomainsToProtect $Customerdomains Working Parameters: New-AntiPhishPolicy -Name $AntiPhishPolicyName ` -ImpersonationProtectionState automatic ` -EnableTargetedUserProtection $true ` -EnableMailboxIntelligenceProtection $true ` -EnableTargetedDomainsProtection $true ` -EnableOrganizationDomainsProtection $true ` -EnableMailboxIntelligence $true ` -EnableFirstContactSafetyTips $true Error Example: -EnableSimilarUsersSafetyTips : The term '-EnableSimilarUsersSafetyTips' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:9 char:2 + -EnableSimilarUsersSafetyTips $true ` + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (-EnableSimilarUsersSafetyTips:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException -EnableSpoofIntelligence : The term '-EnableSpoofIntelligence' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:20 char:2 + -EnableSpoofIntelligence $true ` + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (-EnableSpoofIntelligence:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
Get-MpPreference
I try the attached commands in powershell and I have no answer Get-MpPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules_Ids Get-MpPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules_Actions by example seems to be ok -PS C:\WINDOWS\system32> (Get-Service windefend).Status Running
PowerShell script is triggering the AD alert when executing on any local server. as user or computer
Hello All, I have PowerShell script which generates the data from each local server. This script tested and its working fine but the challenge is it trigger the alert on AD server as "user of computer logged on to this computer from the network" , but script is executing on any server not on AD. Why this is happening I am not able to find out it. Is the AD level security configured or hardening which is creating this problem. Where I do find the exact cause of this. Can any one help me please. I am attaching the script here for the reference. ############################Script##################### $Computer = $env:ComputerName $OutputDir = "c:\temp\" $Name = ($OutputDir + $Computer + "_LocalUser.csv") out-file -filepath $Name $OutputFile = $Name Add-Content -Path $OutPutFile -Value "ComputerName;OS;IP;UserID;FullName;SID;UserType;PasswordLastSet;Enabled;UserMayChangePassword;PasswordNeverExpires;InteractiveLogon;AccessDetails;LastLogOn;TimeZone" $LocalUsers = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True" | Select-Object -ExpandProperty Name $localgroups = Get-WmiObject Win32_Group -Filter “LocalAccount=True” | Select-Object -ExpandProperty Name $groupsOutput = $null $IP = $(((ipconfig | findstr [0-9].\.)[0]).Split()[-1]) if($PSVersionTable.PSVersion.Major -gt 4){ foreach($localuser in $LocalUsers) { $Name = $localuser $FullName = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty FullName $SID = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty SID $UserType = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty PrincipalSource $PasswordLastSet = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty PasswordLastSet $Enabled = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty Enabled $UserMayChangePassword = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty UserMayChangePassword $PasswordNeverExpires = (Get-LocalUser -Name $localuser | Select-Object -ExpandProperty PasswordExpires) -eq $null [Int]$i=0 $groupsOutput = "" $groups = (Get-LocalGroup | Where-Object { (Get-LocalGroupMember $_).name -eq "$Computer\$Name" }).Name foreach($group in $groups) { $i++ if($i -le 1) { $groupsOutput = -join ("$groupsOutput", "$group") } else { $groupsOutput = -join ("$groupsOutput", " / " ,"$group") } } $LastLogOn = Get-LocalUser -Name $localuser | Select-Object -ExpandProperty LastLogOn $TimeZone = [regex]::Matches([System.TimeZoneInfo]::Local.DisplayName, '(?<=\()(.*)(?=\))').Value Add-Content -Path $OutPutFile -Value "$Computer;Windows;$IP;$Name;$FullName;$SID;$UserType;$PasswordLastSet;$Enabled;$UserMayChangePassword;$PasswordNeverExpires;;$groupsOutput;$LastLogOn;$TimeZone" } }else{ foreach($localuser in $LocalUsers) { $user = Get-WmiObject -query "SELECT * FROM Win32_UserAccount WHERE LocalAccount = 'True' and Name = ""$localuser""" $Name = $localuser $FullName = $user.FullName $SID = $user.SID $UserType = "Local" $PasswordLastSet = $(net user $Name| findstr /B /C:"Password last set") $PasswordLastSet = $PasswordLastSet.Substring(29) $Enabled = -not $user.Disabled $UserMayChangePassword = -not $user.PasswordChangeable $PasswordNeverExpires = -not $user.PasswordExpires $groupList = Get-CimInstance -ClassName Win32_UserAccount -Filter "Name='$name'" | Get-CimAssociatedInstance -Association Win32_GroupUser | Select-Object Name $groups = "" foreach($group in $groupList.Name){ $groups += $group + "," } $groups = $groups.Substring(0,$groups.Length-1) $LastLogOn = $(net user $Name| findstr /B /C:"Last logon") $LastLogOn = $LastLogOn.Substring(29) $TimeZone = [regex]::Matches([System.TimeZoneInfo]::Local.DisplayName, '(?<=\()(.*)(?=\))').Value $passwordNeverExpires = -not $user.passwordExpires Add-Content -Path $OutPutFile -Value "$Computer;Windows;$IP;$Name;$FullName;$SID;$UserType;$PasswordLastSet;$Enabled;$UserMayChangePassword;$PasswordNeverExpires;;$groups;$LastLogOn;$TimeZone" } }
Get-mpcomputerstatus throwing error
Hi, When I am trying to get result from powershell command "Get-MpComputerStatus" it is throwing below error: I have checked the WinDefend service it is in started status. Checked event logs it is showing caused due to unknown error. OS edition : Windows 10 Enterprise Version : 1709 OS build : 16299.1087 Please help to solve this issue.
