TestimoX

API Reference

Class

DefenderPolicyInfo

Edit on GitHub
Namespace ADPlayground.Gpo
Assembly ADPlayground
Source ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:13
Modifiers sealed

Flattened view of Microsoft Defender policy settings captured from GPO for a specific GPO/domain pair. Booleans indicate configured values; null means not configured.

Inheritance

  • Object
  • DefenderPolicyInfo

Constructors

Properties

public Guid GpoId { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:11

GPO identifier.

public String DomainName { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:13

DNS domain name that owns the GPO.

public Nullable<Boolean> DisableRealtimeMonitoring { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:17

Disable real-time protection.

public Nullable<Boolean> DisableBehaviorMonitoring { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:19

Disable behavior monitoring.

public Nullable<Boolean> DisableIOAVProtection { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:21

Disable IOAV (I/O Antivirus) protection.

public Nullable<Boolean> DisableScriptScanning { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:23

Disable script scanning.

public Nullable<Boolean> Notification_Suppress { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:27

Suppress Defender notifications.

public Nullable<Boolean> SuppressRebootNotification { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:29

Suppress reboot notifications.

public Nullable<Boolean> UILockdown { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:31

Enable UI lockdown.

public Nullable<Boolean> DisableRemovableDriveScanning { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:35

Disable removable drive scanning.

public Nullable<Boolean> DisableBlockAtFirstSeen { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:37

Disable Block at First Sight feature.

public Nullable<Boolean> ASRRulesEnabled { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:41

Any Attack Surface Reduction (ASR) rules enabled.

public Nullable<Boolean> ControlledFolderAccessAllowedAppsConfigured { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:43

Controlled Folder Access allowed apps configured.

public Nullable<Boolean> ControlledFolderAccessProtectedFoldersConfigured { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:45

Controlled Folder Access protected folders configured.

public String[] ExclusionExtensions { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:49

File extension exclusions.

public String[] ExclusionPaths { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:51

Path exclusions.

public String[] ExclusionProcesses { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:53

Process image exclusions.

public IReadOnlyDictionary<String, Int32> ASRRules { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:57

ASR rule actions keyed by rule ID (DWORD action value).

public String[] CFAAllowedApplications { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:61

Controlled Folder Access allowed application paths.

public String[] CFAProtectedFolders { get; set; } #
ADPlayground/Gpo/Models/DefenderPolicyInfo.cs:63

Controlled Folder Access protected folder paths.