🎨 Support one-click addition of Microsoft Defender exclusions https://github.com/siyuan-note/siyuan/issues/13650

kernel/api/router.go

@@ -66,6 +66,7 @@ func ServeAPI(ginServer *gin.Engine) {
 	ginServer.Handle("POST", "/api/system/importConf", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, importConf)
 	ginServer.Handle("POST", "/api/system/getWorkspaceInfo", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, getWorkspaceInfo)
 	ginServer.Handle("POST", "/api/system/reloadUI", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, reloadUI)
+	ginServer.Handle("POST", "/api/system/addMicrosoftDefenderExclusion", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, addMicrosoftDefenderExclusion)
 
 	ginServer.Handle("POST", "/api/storage/setLocalStorage", model.CheckAuth, model.CheckAdminRole, model.CheckReadonly, setLocalStorage)
 	ginServer.Handle("POST", "/api/storage/getLocalStorage", model.CheckAuth, getLocalStorage)

kernel/api/system.go

@@ -35,6 +35,21 @@ import (
 	"github.com/siyuan-note/siyuan/kernel/util"
 )
 
+func addMicrosoftDefenderExclusion(c *gin.Context) {
+	ret := gulu.Ret.NewResult()
+	defer c.JSON(http.StatusOK, ret)
+
+	if !gulu.OS.IsWindows() {
+		return
+	}
+
+	err := model.AddMicrosoftDefenderExclusion()
+	if nil != err {
+		ret.Code = -1
+		ret.Msg = err.Error()
+	}
+}
+
 func reloadUI(c *gin.Context) {
 	ret := gulu.Ret.NewResult()
 	defer c.JSON(http.StatusOK, ret)

kernel/job/cron.go

@@ -43,6 +43,7 @@ func StartCron() {
 	go every(30*time.Second, model.FlushAssetsTextsJob)
 	go every(30*time.Second, model.HookDesktopUIProcJob)
 	go every(24*time.Hour, model.AutoPurgeRepoJob)
+	go every(30*time.Minute, model.AutoProcessMicrosoftDefender)
 }
 
 func every(interval time.Duration, f func()) {

kernel/model/elevator.go

@@ -18,6 +18,5 @@
 
 package model
 
-func processMicrosoftDefender() {
-	return
+func AutoProcessMicrosoftDefender() {
 }

kernel/model/elevator_windows.go

@@ -19,6 +19,8 @@
 package model
 
 import (
+	"errors"
+	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -32,6 +34,59 @@ import (
 	"golang.org/x/sys/windows"
 )
 
+func AddMicrosoftDefenderExclusion() (err error) {
+	if !gulu.OS.IsWindows() {
+		return
+	}
+
+	if !isUsingMicrosoftDefender() {
+		return
+	}
+
+	installPath := filepath.Dir(util.WorkingDir)
+	psArgs := []string{"-Command", "Add-MpPreference", "-ExclusionPath", installPath, ",", util.WorkspaceDir}
+	if isAdmin() {
+		cmd := exec.Command("powershell", psArgs...)
+		gulu.CmdAttr(cmd)
+		output, cmdErr := cmd.CombinedOutput()
+		if nil != cmdErr {
+			logging.LogErrorf("add Windows Defender exclusion path [%s] failed: %s, %s", installPath, cmdErr, string(output))
+			err = cmdErr
+			return
+		}
+	} else {
+		elevator := filepath.Join(util.WorkingDir, "elevator.exe")
+		if "dev" == util.Mode || !gulu.File.IsExist(elevator) {
+			elevator = filepath.Join(util.WorkingDir, "elevator", "elevator-"+runtime.GOARCH+".exe")
+		}
+
+		if !gulu.File.IsExist(elevator) {
+			msg := fmt.Sprintf("not found elevator [%s]", elevator)
+			logging.LogWarnf(msg)
+			err = errors.New(msg)
+			return
+		}
+
+		ps := []string{"powershell"}
+		ps = append(ps, psArgs...)
+		verbPtr, _ := syscall.UTF16PtrFromString("runas")
+		exePtr, _ := syscall.UTF16PtrFromString(elevator)
+		cwdPtr, _ := syscall.UTF16PtrFromString(util.WorkingDir)
+		argPtr, _ := syscall.UTF16PtrFromString(strings.Join(ps, " "))
+		execErr := windows.ShellExecute(0, verbPtr, exePtr, argPtr, cwdPtr, 1)
+		if execErr != nil {
+			logging.LogErrorf("add Windows Defender exclusion path [%s] failed: %s", installPath, execErr)
+			err = execErr
+			return
+		}
+	}
+	return
+}
+
+func AutoProcessMicrosoftDefender() {
+	processMicrosoftDefender()
+}
+
 func processMicrosoftDefender() {
 	if !gulu.OS.IsWindows() || Conf.System.MicrosoftDefenderExcluded {
 		return
@@ -76,7 +131,7 @@ func processMicrosoftDefender() {
 	}
 
 	// TODO Conf.System.MicrosoftDefenderExcluded = true
-	Conf.Save()
+	//Conf.Save()
 }
 
 func isUsingMicrosoftDefender() bool {