upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2025-12-21 07:10:15 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adds KW for Microsoft Defender problems

Browse source
This commit is contained in:
Lord Hepipud 2022-02-07 15:10:54 +01:00
parent 2d883dbe79
commit a1d32a584a
3 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/300-Knowledge-Base.md
View file

@ -19,3 +19,4 @@ For this reason you will find a list of Icinga knowledge base entries below. Ent
| [IWKB000009](knowledgebase/IWKB000009.md) | The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service |
| [IWKB000010](knowledgebase/IWKB000010.md) | The Icinga PowerShell Framework is either not installed on the system or not configured properly. Please check https://icinga.com/docs/windows for further details Error: The term 'Use-Icinga' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. |
| [IWKB000011](knowledgebase/IWKB000011.md) | The Icinga PowerShell Framework is either not installed on the system or not configured properly. Please check https://icinga.com/docs/windows for further details Error: The term 'Use-Icinga' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. |
| [IWKB000012](knowledgebase/IWKB000012.md) | Icinga for Windows cannot be used with Microsoft Defender: `Windows Defender Antivirus has detected malware or other potentially unwanted software` |

BIN
doc/images/04_knowledgebase/IWKB000012/01_Defender_Log.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 47 KiB

19
doc/knowledgebase/IWKB000012.md Normal file
View file

@ -0,0 +1,19 @@
# Icinga Knowledge Base - IWKB000012
## Short Message
Icinga for Windows cannot be used with Microsoft Defender: `Windows Defender Antivirus has detected malware or other potentially unwanted software`
## Example Exception
![EventLog Defender](../images/04_knowledgebase/IWKB000012/01_Defender_Log.png)
## Reason
Icinga for Windows is using many `Functions` and `Cmdlets` and different `Add-Type` features, to accomplish an overall monitoring of the Windows environment. In some cases it can happen, that false positives are generated, preventing the usage of Icinga for Windows.
## Solution
In case you are running into the above problem, please [open a new issue](https://github.com/Icinga/icinga-powershell-framework/issues) and provide us with as much information as possible, allowing us to verify the problem and providing a solution.
In addition, please ensure that your Microsoft Defender is up-to-date and the latest patches are installed for the detection engine.