mirror of
https://github.com/KelvinTegelaar/CIPP.git
synced 2026-04-25 08:16:01 +03:00
[GH-ISSUE #4100] [Bug]: Check Signatures Before Scan in Windows Defender AV Policy creation has no effect. #1858
Labels
No labels
API
Feature
NotABug
NotABug
Planned
Sponsor Priority
Sponsor Priority
bug
documentation
duplicate
enhancement
needs more info
no-activity
no-priority
not-assigned
pull-request
react-conversion
react-conversion
roadmap
security
stale
unconfirmed-by-user
unconfirmed-by-user
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/CIPP#1858
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @orangevan on GitHub (May 15, 2025).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/4100
Originally assigned to: @kris6673 on GitHub.
Required confirmations before submitting
Issue Description
Use Defender Deployment, create a policy with options as you like, have "Check Signatures Before Scan" checked or unchecked. The resulting policy created has it "Not Configured" either way.
The ASR Policy for Win32 API Calls also didn't work properly, but i didn't test as thoroughly.
I haven't tried CIPP-API, just the cipp webui as I haven't used API yet.
Environment Type
Sponsored (paying) user
Front End Version
7.5.3
Back End Version
7.5.3
Relevant Logs / Stack Trace
@github-actions[bot] commented on GitHub (May 15, 2025):
Thank you for reporting a potential bug. If you would like to work on this bug, please comment:
Thank you for helping us maintain the project!
@kris6673 commented on GitHub (May 22, 2025):
I would like to work on this please!
@github-actions[bot] commented on GitHub (May 22, 2025):
Great! I assigned you (@kris6673) to the issue. Have fun working on it!
@kris6673 commented on GitHub (May 23, 2025):
Thanks for reporting this bug!
PR is in!
Improved a few of the aspects of the whole deployment experience, like adding support for deploying the ASR rules in audit mode, bit more validation for buttons and checks if the defender connector settings are correct.
Enjoy!
@orangevan commented on GitHub (May 23, 2025):
Thank you for working on this!
Did you see what was causing the adobe option and the win32 api option in ASR to not work properly by chance?
@kris6673 commented on GitHub (May 23, 2025):
Yep, one of them was a typo in the code, and the other was set to deploy another ASR option twice
@orangevan commented on GitHub (May 23, 2025):
That's awesome! Thanks for improving this!! I'm eager to try it out :)
@orangevan commented on GitHub (May 23, 2025):
I wonder if it's possible to also create BitLocker policies here + firewall policies and other options from the InTune configuration such as account protection, etc. I know it's not related to this bug but it is related to that area of the app.
I don't know how possible it is, but being able to pre-configure set options and save as a default for future deployments would be really cool as well, just like how it exists for the off-boarding wizard perhaps?
@kris6673 commented on GitHub (May 23, 2025):
You're welcome, thanks for spotting it!
Much of this is possible via the template system combined with standards and tenant groups. I'd suggest looking at that for deploying those types of policies at scale :D
@orangevan commented on GitHub (May 23, 2025):
I will do that! Thanks a bunch! I'm just getting into CIPP and seeing the potential! I wish I had the skills to contribute/improve the projects code, But all I have is ideas :)
Thanks again!