0

I have a powershell script that adds file exclusions to Windows Defender on a computer running Windows 10.

But I run the same script with Windows 8.1 but I get an error message saying:

Add-MpPreference : The 'Add-MpPreference' command was found in the module 'Defender', but the module could not be loaded. For more information, run 'Import-Module Defender'. At line:1 char:1 + Add-MpPreference -ExclusionPath "C:\Temp" + ~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], CommandNotFoundException + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule

What can I do to make it work with Windows 8/8.1?

M. Simon
  • 101
  • 1
  • 2
  • 14

3 Answers3

1

Alternatively you can copy MSFT_MpWDOScan.cdxml from a Windows 10 / 2016 to C:\WindowsPowerShell\v1.0\modules\Defender\

Nagaraju
  • 1,853
  • 2
  • 27
  • 46
RetoFelix
  • 21
  • 1
  • Upvoted (to balance the one downvote), because this is indeed an [official resolution option from Microsoft](https://support.microsoft.com/en-us/help/4497578/windows-8-1-windows-powershell-cannot-import-windows-defender-module) – Herve May 27 '20 at 07:31
  • Yeah, works great but correct path is C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Defender. Upvoted. – AndresRohrAtlasInformatik Oct 15 '22 at 12:15
0

Try with WMI class. I remember there was WMI class exist for defender. Use some WMI tools to explore those classes.

MadhuSunke
  • 16
  • 1
  • 3
  • Can you send me a link for that? – M. Simon Oct 16 '17 at 16:01
  • So can you give me an example. If I want to add the folder "C:\Temp" and the process "C:\Users\ME\Desktop\test.exe" as exclusions to WD, what is the correct syntax? – M. Simon Oct 16 '17 at 17:09
  • Sure ,will check and let you know – MadhuSunke Oct 16 '17 at 17:30
  • Try this : $DefPreference = Get-WmiObject -Namespace ROOT\Microsoft\Windows\Defender -Class MSFT_MpPreference -ComputerName -ErrorAction Stop $DefPreference.ExclusionPath = "C:\Temp" $DefPreference.ExclusionProcess = 'C:\Program Files\Adobe\' – MadhuSunke Oct 17 '17 at 09:14
  • Do you mind putting that into your answer. Just for better formatting... – M. Simon Oct 17 '17 at 11:58
  • I would like to be able to run this script on any computer. In here I need to specify the computer name: `-ComputerName `. Is there some kind of wildcard to be able to run on it any computer? – M. Simon Oct 17 '17 at 14:33
  • You can use advanced funtions to pass multiple computers. – MadhuSunke Oct 17 '17 at 14:37
  • I would recommend you to search in Google about powershell advanced funtions – MadhuSunke Oct 17 '17 at 14:58
0

Microsoft broke Defender module in 2017-04 Monthly Rollup and later.
Below is C:\WindowsPowerShell\v1.0\modules\Defender\Defender.psd1.

@{
GUID = 'C46BE3DC-30A9-452F-A5FD-4BF9CA87A854'
Author="Microsoft Corporation"
CompanyName="Microsoft Corporation"
Copyright="ゥ Microsoft Corporation. All rights reserved."
ModuleVersion = '1.0'
NestedModules = @( 'MSFT_MpComputerStatus.cdxml',
                   'MSFT_MpPreference.cdxml',
                   'MSFT_MpThreat.cdxml',
                   'MSFT_MpThreatCatalog.cdxml',
                   'MSFT_MpThreatDetection.cdxml',
                   'MSFT_MpScan.cdxml',
                   'MSFT_MpSignature.cdxml',
                   'MSFT_MpWDOScan.cdxml')


AliasesToExport = @()
FunctionsToExport = @( 'Get-MpPreference',
                       'Set-MpPreference',
                       'Add-MpPreference',
                       'Remove-MpPreference',
                       'Get-MpComputerStatus',
                       'Get-MpThreat',
                       'Get-MpThreatCatalog',
                       'Get-MpThreatDetection',
                       'Start-MpScan',
                       'Update-MpSignature',
                       'Remove-MpThreat',
                       'Start-MpWDOScan')

PowerShellVersion = '3.0'
HelpInfoUri="http://go.microsoft.com/fwlink/?linkid=390762"
}

MSFT_MpWDOScan.cdxml and Start-MpWDOScan isn't present in Windows 8.1.
Removing them works again. (This file is protected by TrustedInstaller.)

BugMeNot114514
  • 69
  • 2