Skip to content

5Noxi/Security-Detection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
LICENSE
LICENSE
 
 
NV-SecDetect.ps1
NV-SecDetect.ps1
 
 
README.md
README.md
 
 
sec.png
sec.png
 
 

Repository files navigation

Security Detection

Preview: avpre

Script Output

  • Windows Defender status
    • Get-MpComputerStatus - AntivirusEnabled
  • Status of all firewall profiles
    • Get-NetFirewallProfile | Select-Object -Property Name, Enabled
  • Secure boot state
    • Confirm-SecureBootUEFI, outputs True or False
  • BitLocker encryption status for drives
    • Get-BitLockerVolume | Select-Object -Property MountPoint, VolumeStatus, EncryptionMethod, ProtectionStatus
  • Installed AV programs
  • Currently running antivirus services
    • Searches for services including a predefined pattern (AV names), this might be a bit faulty
  • UAC status (UserAccountControlSettings.exe):

Always notify me when: ...

RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA    Type: REG_DWORD, Length: 4, Data: 1
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin    Type: REG_DWORD, Length: 4, Data: 2
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop    Type: REG_DWORD, Length: 4, Data: 1

Notify me only when apps try to make changes to my computer (default)

RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA    Type: REG_DWORD, Length: 4, Data: 1
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin    Type: REG_DWORD, Length: 4, Data: 5
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop    Type: REG_DWORD, Length: 4, Data: 1

Notify me only when apps try to make changes to my computer (do not dim my desktop)

RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA    Type: REG_DWORD, Length: 4, Data: 1
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin    Type: REG_DWORD, Length: 4, Data: 5
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop    Type: REG_DWORD, Length: 4, Data: 0

Never notify me when: ...

RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA    Type: REG_DWORD, Length: 4, Data: 1
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin    Type: REG_DWORD, Length: 4, Data: 0
RegSetValue    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop    Type: REG_DWORD, Length: 4, Data: 0

Disable UAC:

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

References:

https://learn.microsoft.com/en-us/powershell/module/defender/get-mpcomputerstatus?view=windowsserver2025-ps

https://learn.microsoft.com/en-us/powershell/module/netsecurity/get-netfirewallprofile?view=windowsserver2025-ps (Select-Object -Property Name, Enabled)

https://learn.microsoft.com/en-us/powershell/module/secureboot/confirm-securebootuefi?view=windowsserver2025-ps

https://learn.microsoft.com/en-us/powershell/module/bitlocker/get-bitlockervolume?view=windowsserver2025-ps (Select-Object -Property MountPoint, VolumeStatus, EncryptionMethod, ProtectionStatus)

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-executionpolicy?view=powershell-7.5

Discord Server

About

Detects Windows security features.

discord.gg/E2ybG4j9jU

Topics

automation powershell firewall detection uac detector antivirus av bitlocker secureboot

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages