au3脚本WMI添加Defender白名单
au3脚本WMI添加Defender白名单,有没有办法?deepseek好像不能运行。#include <MsgBoxConstants.au3>
; 检查管理员权限
If Not IsAdmin() Then
MsgBox($MB_ICONWARNING, "警告", "需要管理员权限运行!")
ShellExecuteWait(@AutoItExe, ' /AutoIt3ExecuteScript "' & @ScriptFullPath & '"', "", "runas")
Exit
EndIf
; 配置排除路径(支持通配符)
Local $sExcludePath = "C:\\MyApp\\*"; 示例路径,修改为实际需要排除的路径
; 连接WMI Defender命名空间
Local $oDefender = ObjGet("winmgmts:\\.\root\Microsoft\Windows\Defender")
If @error Then
MsgBox($MB_ICONERROR, "错误", "无法连接WMI Defender服务,错误代码: " & @error)
Exit
EndIf
; 创建参数对象
Local $oInParams = $oDefender.Get("MSFT_MpPreference").Methods_("AddExclusionPath").InParameters.SpawnInstance_()
$oInParams.ExclusionPath = $sExcludePath
$oInParams.ExclusionType = 1; 1表示排除路径,2为进程名,3为扩展名
; 执行方法添加排除项
Local $oResult = $oDefender.ExecMethod("MSFT_MpPreference", "AddExclusionPath", $oInParams)
If @error Then
MsgBox($MB_ICONERROR, "失败", "添加排除路径失败!错误代码: " & @error)
Else
MsgBox($MB_ICONINFORMATION, "成功", "排除路径已添加:" & $sExcludePath)
EndIf
Local $Windows_Defender_Paths = '"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths"'
Run('Z:\NanaRun_1.0_Preview2_1.0.18.0\x64\MinSudo.exe -TrustedInstaller -Privileged reg add ' & $Windows_Defender_Paths & ' /v "C:\Program Files (x86)\AutoIt3" /t REG_DWORD /d 0 /f', '', @SW_HIDE) ;写入注册表
fybhwsx 发表于 2025-4-29 10:28
Local $Windows_Defender_Paths = '"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclus ...
注册表法不好用,需要重启电脑才能生效的。 我一直这么用的,不知道需不需要重启。注册表确实有些麻烦,需要提权工具,不知道AU3怎么实现不用提权工具,能直接写注册表。。 fybhwsx 发表于 2025-4-29 15:00
我一直这么用的,不知道需不需要重启。注册表确实有些麻烦,需要提权工具,不知道AU3怎么实现不用提权工具 ...
https://www.autoitx.com/forum.ph ... 870&highlight=runas
提权这个大神会搞。 忘记我啥时候AI试过一次,后面没继续折腾了
#RequireAdmin
Local $sPathToExclude = "D:\TUPortable\TUPortable.exe"
Local $sLogFile = @ScriptDir & "\DefenderError.log"
; Validate path
If Not FileExists($sPathToExclude) Then
FileWrite($sLogFile, "错误: 路径不存在 - " & $sPathToExclude & @CRLF)
MsgBox(16, "错误", "路径不存在: " & $sPathToExclude)
Exit
EndIf
; Check Defender status
Local $sDefenderCheck = 'powershell -ExecutionPolicy Bypass -Command "Get-Service -Name WinDefend | Select-Object -ExpandProperty Status"'
Local $iDefenderStatus = RunWait(@ComSpec & " /c " & $sDefenderCheck & " > " & $sLogFile, "", @SW_HIDE)
Local $sStatus = FileRead($sLogFile)
If StringInStr($sStatus, "Running") = 0 Then
FileWrite($sLogFile, "错误: Windows Defender 服务未运行" & @CRLF)
MsgBox(16, "错误", "Windows Defender 服务未运行,可能被禁用或被其他杀毒软件接管")
Exit
EndIf
; Add to exclusion list
Local $sPowerShellCmd = 'powershell -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath ''' & $sPathToExclude & '''"'
Local $iReturn = RunWait(@ComSpec & " /c " & $sPowerShellCmd & " >> " & $sLogFile, "", @SW_HIDE)
; Check result
If $iReturn = 0 Then
MsgBox(64, "成功", "已将 " & $sPathToExclude & " 添加到 Windows Defender 白名单!")
Else
FileWrite($sLogFile, "错误代码: " & $iReturn & @CRLF & "命令: " & $sPowerShellCmd & @CRLF)
MsgBox(16, "错误", "添加白名单失败,错误代码: " & $iReturn & @CRLF & "详情见: " & $sLogFile)
EndIf 本帖最后由 boyhong 于 2025-4-30 13:37 编辑
$b=@ProgramFilesDir&"\123;"&@DesktopCommonDir & "\456"
MsgBox(0,"test",_obj_wdmps("Add", $b))
Exit
Func _obj_wdmps($a, $b)
Local $err = ObjEvent("AutoIt.Error", "_Err")
Local $objwdmps = ObjGet("winmgmts:\\.\root\Microsoft\Windows\Defender:MSFT_MpPreference")
Local $objpath1 = $objwdmps.Methods_($a).InParameters.SpawnInstance_()
$objpath1.ExclusionPath = StringSplit($b, ";", 2)
$objpath1.Force = True
Local $objout =$objwdmps.ExecMethod_($a, $objpath1)
If @error = 0 Then
Return ("成功:"& $a & ":" & $b)
Else
Return("失败:"&Hex($err.retcode)& $a & ":" & $b)
EndIf
EndFunc
Func _Err($error)
EndFunc
如上,如果X64不行,加上DllCall("kernel32.dll", "int", "Wow64DisableWow64FsRedirection", "int", 1)试试,当然,得右键用管理员权限运行呢哈。。。我这边测试成功。 boyhong 发表于 2025-4-30 13:39
如上,如果X64不行,加上DllCall("kernel32.dll", "int", "Wow64DisableWow64FsRedirection", "int", 1)...
测试一下了。谢谢了。 holley 发表于 2025-4-29 17:32
忘记我啥时候AI试过一次,后面没继续折腾了
powershell也是一种解决方法。
页:
[1]