Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-04-05 23:37:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
noid-privacy/Tools
History
Nexus 6192753a7a feat: detect EDR/XDR and third-party AV in passive mode (#15) 
CrowdStrike Falcon and other EDR/XDR products don't register in WMI
SecurityCenter2, but put Defender in Passive Mode. This caused ASR
rules to either silently fail or throw errors.

New 3-layer detection:
- Layer 1: WMI SecurityCenter2 (traditional AV: Bitdefender, Kaspersky, etc.)
- Layer 2: Defender Passive Mode via Get-MpComputerStatus (EDR/XDR)
- Layer 3: 18 known EDR service names for display identification

Changes:
- Utils/Dependencies.ps1: New Test-ThirdPartySecurityProduct function,
  updated Test-WindowsDefenderAvailable with IsPassiveMode property,
  updated Test-AllDependencies to handle passive mode gracefully
- Modules/ASR/Public/Invoke-ASRRules.ps1: Detection runs before
  Defender service check, inline fallback for standalone execution
- Tools/Verify-Complete-Hardening.ps1: Same 3-layer detection, ASR
  counted as 19/19 verified when third-party product detected

Closes #15

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 20:41:38 +01:00
..
Generate-ReleaseChecksums.ps1 release: v2.2.3 - Fix Restore Mode module selection crash 2026-01-07 18:46:14 +01:00
Parse-EdgeBaseline.ps1 release: v2.2.3 - Fix Restore Mode module selection crash 2026-01-07 18:46:14 +01:00
Parse-SecurityBaseline.ps1 release: v2.2.3 - Fix Restore Mode module selection crash 2026-01-07 18:46:14 +01:00
Verify-Complete-Hardening.ps1 feat: detect EDR/XDR and third-party AV in passive mode (#15) 2026-03-23 20:41:38 +01:00