Exploit-Protection-policy/Install-ExploitProtectionPolicy.ps1 at main · Harvester57/Exploit-Protection-policy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#Requires -RunAsAdministrator

[CmdletBinding()]
param (
    [string]$SourceXmlFileName = 'EP-W11.xml'
)

Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'

# Script and source file paths
$scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Path
$sourcePolicyFilePath = Join-Path $scriptDirectory -ChildPath $SourceXmlFileName

# Destination paths
$destinationFolder = Join-Path $Env:windir -ChildPath 'EP'
$destinationPolicyFilePath = Join-Path $destinationFolder -ChildPath 'EP.xml' # Standardized name for the destination

# Registry path
$exploitProtectionRegPath = 'HKLM:\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection'

# Check if the source policy file exists
if (-Not (Test-Path $sourcePolicyFilePath)) {
    Write-Warning "Source policy file '$sourcePolicyFilePath' not found. Aborting..."
    Pause
    exit 1
}

# Create the destination folder
Write-Verbose "Ensuring destination folder '$destinationFolder' exists..."
if (-Not (Test-Path $destinationFolder)) {
    try {
        New-Item -Path $destinationFolder -ItemType Directory -Force | Out-Null
    }
    catch {
        Write-Warning "Unable to create the destination folder '$destinationFolder'. Aborting..."
        Write-Output "Exception: $($_.Exception.Message)"
        Pause
        exit 1
    }
}

# Copy the policy file
Write-Verbose "Copying policy file from '$sourcePolicyFilePath' to '$destinationPolicyFilePath'..."
try {
    Copy-Item -Path $sourcePolicyFilePath -Destination $destinationPolicyFilePath -Force
}
catch {
    Write-Warning "Unable to copy the policy file to '$destinationPolicyFilePath'. Aborting..."
    Write-Output "Exception: $($_.Exception.Message)"
    Pause
    exit 1
}

# Ensure the registry path exists
Write-Verbose "Ensuring Exploit Protection registry path '$exploitProtectionRegPath' exists..."
try {
    if (-Not (Test-Path $exploitProtectionRegPath)) {
        New-Item -Path $exploitProtectionRegPath -Force | Out-Null
    }
}
catch {
    Write-Warning "Unable to create registry path '$exploitProtectionRegPath'. Aborting..."
    Write-Output "Exception: $($_.Exception.Message)"
    Pause
    exit 1
}

try {
    Write-Verbose "Applying process mitigations from '$destinationPolicyFilePath'..."
    Set-ProcessMitigation -PolicyFilePath $destinationPolicyFilePath
    Write-Verbose "Setting registry value 'ExploitProtectionSettings' to '$destinationPolicyFilePath'..."
    Set-ItemProperty -Path $exploitProtectionRegPath -Name 'ExploitProtectionSettings' -Value $destinationPolicyFilePath -Force | Out-Null
}
catch {
    Write-Warning 'Unable to apply the new policy...'
    $string_err = $_ | Out-String
    Write-Output "Exception: $string_err"
    Pause
    exit 1
}

Write-Host -ForegroundColor Green "Installation successful, please restart your computer for changes to take effect ! :)"