01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93066 Keywords=None Message=Completed invocation of ScriptBlock ID: 195c443b-8acc-4951-940a-899396acbfec Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93065 Keywords=None Message=Started invocation of ScriptBlock ID: 195c443b-8acc-4951-940a-899396acbfec Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93064 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreatDetection' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpThreatDetection { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreatDetection')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreatDetection.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreatDetection' -Alias '*' ScriptBlock ID: 195c443b-8acc-4951-940a-899396acbfec Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93063 Keywords=None Message=Completed invocation of ScriptBlock ID: e31a6eb5-81b1-4634-bdb5-f03b46723c7c Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93062 Keywords=None Message=Started invocation of ScriptBlock ID: e31a6eb5-81b1-4634-bdb5-f03b46723c7c Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93061 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreatCatalog' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpThreatCatalog { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreatCatalog')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreatCatalog.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreatCatalog' -Alias '*' ScriptBlock ID: e31a6eb5-81b1-4634-bdb5-f03b46723c7c Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93060 Keywords=None Message=Completed invocation of ScriptBlock ID: 4f1545dc-9092-4c53-b300-b454515b40a7 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93059 Keywords=None Message=Started invocation of ScriptBlock ID: 4f1545dc-9092-4c53-b300-b454515b40a7 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93058 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreat' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Remove-MpThreat { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Remove0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreat.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-MpThreat' -Alias '*' function Get-MpThreat { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreat')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreat.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreat' -Alias '*' ScriptBlock ID: 4f1545dc-9092-4c53-b300-b454515b40a7 Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93057 Keywords=None Message=Completed invocation of ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93056 Keywords=None Message=Started invocation of ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93055 Keywords=None Message=Creating Scriptblock text (21 of 21): [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableInboundConnectionFiltering')) { [object]$__cmdletization_value = ${DisableInboundConnectionFiltering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRdpParsing')) { [object]$__cmdletization_value = ${DisableRdpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableNetworkProtectionPerfTelemetry')) { [object]$__cmdletization_value = ${DisableNetworkProtectionPerfTelemetry} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TrustLabelProtectionStatus')) { [object]$__cmdletization_value = ${TrustLabelProtectionStatus} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-MpPreference' -Alias '*' function Get-MpPreference { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root\Microsoft\Windows\Defender\MSFT_MpPreference')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpPreference' -Alias '*' ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93054 Keywords=None Message=Creating Scriptblock text (20 of 21): } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableTlsParsing')) { [object]$__cmdletization_value = ${DisableTlsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableHttpParsing')) { [object]$__cmdletization_value = ${DisableHttpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsParsing')) { [object]$__cmdletization_value = ${DisableDnsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsOverTcpParsing')) { [object]$__cmdletization_value = ${DisableDnsOverTcpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableSshParsing')) { [object]$__cmdletization_value = ${DisableSshParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PlatformUpdatesChannel')) { [object]$__cmdletization_value = ${PlatformUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EngineUpdatesChannel')) { [object]$__cmdletization_value = ${EngineUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefinitionUpdatesChannel')) { [object]$__cmdletization_value = ${DefinitionUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableGradualRelease')) { [object]$__cmdletization_value = ${DisableGradualRelease} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionDownLevel')) { [object]$__cmdletization_value = ${AllowNetworkProtectionDownLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowDatagramProcessingOnWinServer')) { [object]$__cmdletization_value = ${AllowDatagramProcessingOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDnsSinkhole')) { [object]$__cmdletization_value = ${EnableDnsSinkhole} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93053 Keywords=None Message=Creating Scriptblock text (19 of 21): = $false if ($PSBoundParameters.ContainsKey('EnableControlledFolderAccess')) { [object]$__cmdletization_value = ${EnableControlledFolderAccess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableLowCpuPriority')) { [object]$__cmdletization_value = ${EnableLowCpuPriority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFileHashComputation')) { [object]$__cmdletization_value = ${EnableFileHashComputation} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFullScanOnBatteryPower')) { [object]$__cmdletization_value = ${EnableFullScanOnBatteryPower} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyPacUrl')) { [object]$__cmdletization_value = ${ProxyPacUrl} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyServer')) { [object]$__cmdletization_value = ${ProxyServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyBypass')) { [object]$__cmdletization_value = ${ProxyBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceUseProxyOnly')) { [object]$__cmdletization_value = ${ForceUseProxyOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93052 Keywords=None Message=Creating Scriptblock text (18 of 21): ation.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UnknownThreatDefaultAction')) { [object]$__cmdletization_value = ${UnknownThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LowThreatDefaultAction')) { [object]$__cmdletization_value = ${LowThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ModerateThreatDefaultAction')) { [object]$__cmdletization_value = ${ModerateThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('HighThreatDefaultAction')) { [object]$__cmdletization_value = ${HighThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SevereThreatDefaultAction')) { [object]$__cmdletization_value = ${SevereThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBlockAtFirstSeen')) { [object]$__cmdletization_value = ${DisableBlockAtFirstSeen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PUAProtection')) { [object]$__cmdletization_value = ${PUAProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudBlockLevel')) { [object]$__cmdletization_value = ${CloudBlockLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudExtendedTimeout')) { [object]$__cmdletization_value = ${CloudExtendedTimeout} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableNetworkProtection')) { [object]$__cmdletization_value = ${EnableNetworkProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93051 Keywords=None Message=Creating Scriptblock text (17 of 21): dletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIOAVProtection')) { [object]$__cmdletization_value = ${DisableIOAVProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRealtimeMonitoring')) { [object]$__cmdletization_value = ${DisableRealtimeMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScriptScanning')) { [object]$__cmdletization_value = ${DisableScriptScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableArchiveScanning')) { [object]$__cmdletization_value = ${DisableArchiveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupFullScan')) { [object]$__cmdletization_value = ${DisableCatchupFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupQuickScan')) { [object]$__cmdletization_value = ${DisableCatchupQuickScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableEmailScanning')) { [object]$__cmdletization_value = ${DisableEmailScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRemovableDriveScanning')) { [object]$__cmdletization_value = ${DisableRemovableDriveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRestorePoint')) { [object]$__cmdletization_value = ${DisableRestorePoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningMappedNetworkDrivesForFullScan')) { [object]$__cmdletization_value = ${DisableScanningMappedNetworkDrivesForFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningNetworkFiles')) { [object]$__cmdletization_value = ${DisableScanningNetworkFiles} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UILockdown')) { [object]$__cmdletization_value = ${UILockdown} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletiz ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93050 Keywords=None Message=Creating Scriptblock text (16 of 21): methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobFileSharesSources')) { [object]$__cmdletization_value = ${SignatureBlobFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MeteredConnectionUpdates')) { [object]$__cmdletization_value = ${MeteredConnectionUpdates} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionOnWinServer')) { [object]$__cmdletization_value = ${AllowNetworkProtectionOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDatagramProcessing')) { [object]$__cmdletization_value = ${DisableDatagramProcessing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCpuThrottleOnIdleScans')) { [object]$__cmdletization_value = ${DisableCpuThrottleOnIdleScans} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MAPSReporting')) { [object]$__cmdletization_value = ${MAPSReporting} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SubmitSamplesConsent')) { [object]$__cmdletization_value = ${SubmitSamplesConsent} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableAutoExclusions')) { [object]$__cmdletization_value = ${DisableAutoExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisablePrivacyMode')) { [object]$__cmdletization_value = ${DisablePrivacyMode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeScheduleTaskTimes')) { [object]$__cmdletization_value = ${RandomizeScheduleTaskTimes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SchedulerRandomizationTime')) { [object]$__cmdletization_value = ${SchedulerRandomizationTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBehaviorMonitoring')) { [object]$__cmdletization_value = ${DisableBehaviorMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIntrusionPreventionSystem')) { [object]$__cmdletization_value = ${DisableIntrusionPreventionSystem} $__cm ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93049 Keywords=None Message=Creating Scriptblock text (15 of 21): rameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThrottleForScheduledScanOnly')) { [object]$__cmdletization_value = ${ThrottleForScheduledScanOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFirstAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureFirstAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDefinitionUpdateFileSharesSources')) { [object]$__cmdletization_value = ${SignatureDefinitionUpdateFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDisableUpdateOnStartupWithoutEngine')) { [object]$__cmdletization_value = ${SignatureDisableUpdateOnStartupWithoutEngine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFallbackOrder')) { [object]$__cmdletization_value = ${SignatureFallbackOrder} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SharedSignaturesPath')) { [object]$__cmdletization_value = ${SharedSignaturesPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleDay')) { [object]$__cmdletization_value = ${SignatureScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleTime')) { [object]$__cmdletization_value = ${SignatureScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateCatchupInterval')) { [object]$__cmdletization_value = ${SignatureUpdateCatchupInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateInterval')) { [object]$__cmdletization_value = ${SignatureUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobUpdateInterval')) { [object]$__cmdletization_value = ${SignatureBlobUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_ ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93048 Keywords=None Message=Creating Scriptblock text (14 of 21): eter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleTime')) { [object]$__cmdletization_value = ${RemediationScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingAdditionalActionTimeOut')) { [object]$__cmdletization_value = ${ReportingAdditionalActionTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingCriticalFailureTimeOut')) { [object]$__cmdletization_value = ${ReportingCriticalFailureTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingNonCriticalTimeOut')) { [object]$__cmdletization_value = ${ReportingNonCriticalTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanAvgCPULoadFactor')) { [object]$__cmdletization_value = ${ScanAvgCPULoadFactor} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CheckForSignaturesBeforeRunningScan')) { [object]$__cmdletization_value = ${CheckForSignaturesBeforeRunningScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${ScanPurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanOnlyIfIdleEnabled')) { [object]$__cmdletization_value = ${ScanOnlyIfIdleEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanParameters')) { [object]$__cmdletization_value = ${ScanParameters} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleDay')) { [object]$__cmdletization_value = ${ScanScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleQuickScanTime')) { [object]$__cmdletization_value = ${ScanScheduleQuickScanTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleTime')) { [object]$__cmdletization_value = ${ScanScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; Pa ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93047 Keywords=None Message=Creating Scriptblock text (13 of 21): (ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Remove2')] [Alias('elcp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableLowCpuPriority}, [Parameter(ParameterSetName='Remove2')] [Alias('efhc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableFileHashComputation}, [Parameter(ParameterSetName='Remove2')] [Alias('efsobp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableFullScanOnBatteryPower}, [Parameter(ParameterSetName='Remove2')] [Alias('ppurl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyPacUrl}, [Parameter(ParameterSetName='Remove2')] [Alias('proxsrv')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyServer}, [Parameter(ParameterSetName='Remove2')] [Alias('proxbps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyBypass}, [Parameter(ParameterSetName='Remove2')] [Alias('fupo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ForceUseProxyOnly}, [Parameter(ParameterSetName='Remove2')] [Alias('dtlsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableTlsParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dhttpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableHttpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('ddnsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDnsParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('ddnstcpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDnsOverTcpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dsshp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableSshParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('puc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PlatformUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('euc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EngineUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('duc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DefinitionUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('dgr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableGradualRelease}, [Parameter(ParameterSetName='Remove2')] [Alias('anpdl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowNetworkProtectionDownLevel}, [Parameter(ParameterSetName='Remove2')] [Alias('adpows')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowDatagramProcessingOnWinServer}, [Parameter(ParameterSetName='Remove2')] [Alias('ednss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableDnsSinkhole}, [Parameter(ParameterSetName='Remove2')] [Alias('dicf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableInboundConnectionFiltering}, [Parameter(ParameterSetName='Remove2')] [Alias('drdpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRdpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dnppt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableNetworkProtectionPerfTelemetry}, [Parameter(ParameterSetName='Remove2')] [Alias('tlps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TrustLabelProtectionStatus}, [Parameter(ParameterSetName='Remove2')] [switch] ${Force}, [Parameter(ParameterSetName='Remove2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RealTimeScanDirection')) { [object]$__cmdletization_value = ${RealTimeScanDirection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuarantinePurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${QuarantinePurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleDay')) { [object]$__cmdletization_value = ${RemediationScheduleDay} $__cmdletization_methodParam ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93046 Keywords=None Message=Creating Scriptblock text (12 of 21): rameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Remove2')] [Alias('rtsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RealTimeScanDirection}, [Parameter(ParameterSetName='Remove2')] [Alias('qpiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${QuarantinePurgeItemsAfterDelay}, [Parameter(ParameterSetName='Remove2')] [Alias('rsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RemediationScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('rst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RemediationScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('raat')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingAdditionalActionTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('rcto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingCriticalFailureTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('rncto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingNonCriticalTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('saclf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanAvgCPULoadFactor}, [Parameter(ParameterSetName='Remove2')] [Alias('csbr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CheckForSignaturesBeforeRunningScan}, [Parameter(ParameterSetName='Remove2')] [Alias('spiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanPurgeItemsAfterDelay}, [Parameter(ParameterSetName='Remove2')] [Alias('soiie')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanOnlyIfIdleEnabled}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanParameters}, [Parameter(ParameterSetName='Remove2')] [Alias('scsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('scsqst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleQuickScanTime}, [Parameter(ParameterSetName='Remove2')] [Alias('scst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('tfsso')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ThrottleForScheduledScanOnly}, [Parameter(ParameterSetName='Remove2')] [Alias('sigfagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureFirstAuGracePeriod}, [Parameter(ParameterSetName='Remove2')] [Alias('sigagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureAuGracePeriod}, [Parameter(ParameterSetName='Remove2')] [Alias('sigdufss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureDefinitionUpdateFileSharesSources}, [Parameter(ParameterSetName='Remove2')] [Alias('sigduoswo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureDisableUpdateOnStartupWithoutEngine}, [Parameter(ParameterSetName='Remove2')] [Alias('sfo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureFallbackOrder}, [Parameter(ParameterSetName='Remove2')] [Alias('ssp','SecurityIntelligenceLocation','ssl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SharedSignaturesPath}, [Parameter(ParameterSetName='Remove2')] [Alias('sigsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('sigst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('siguci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureUpdateCatchupInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureUpdateInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigbui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureBlobUpdateInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigbfs')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureBlobFileSharesSources}, [Parameter(ParameterSetName='Remove2')] [Alias('mcupd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${MeteredConnectionUpdates}, [Parameter(ParameterSetName='Remove2')] [Alias('anpws')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowNetworkProtectionOnWinServer}, [Parameter(ParameterSetName='Remove2')] [Alias('ddtgp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDatagramProcessing}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCpuThrottleOnIdleScans}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${MAPSReporting}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SubmitSamplesConsent}, [Parameter(ParameterSetName='Remove2')] [Alias('dae')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableAutoExclusions}, [Parameter(ParameterSetName='Remove2')] [Alias('dpm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisablePrivacyMode}, [Parameter(ParameterSetName='Remove2')] [Alias('rstt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RandomizeScheduleTaskTimes}, [Parameter(ParameterSetName='Remove2')] [Alias('srt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SchedulerRandomizationTime}, [Parameter(ParameterSetName='Remove2')] [Alias('dbm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableBehaviorMonitoring}, [Parameter(ParameterSetName='Remove2')] [Alias('dips')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableIntrusionPreventionSystem}, [Parameter(ParameterSetName='Remove2')] [Alias('dioavp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableIOAVProtection}, [Parameter(ParameterSetName='Remove2')] [Alias('drtm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRealtimeMonitoring}, [Parameter(ParameterSetName='Remove2')] [Alias('dscrptsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScriptScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('darchsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableArchiveScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('dcfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCatchupFullScan}, [Parameter(ParameterSetName='Remove2')] [Alias('dcqsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCatchupQuickScan}, [Parameter(ParameterSetName='Remove2')] [Alias('demsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableEmailScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('drdsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRemovableDriveScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('drp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRestorePoint}, [Parameter(ParameterSetName='Remove2')] [Alias('dsmndfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScanningMappedNetworkDrivesForFullScan}, [Parameter(ParameterSetName='Remove2')] [Alias('dsnf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScanningNetworkFiles}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UILockdown}, [Parameter(ParameterSetName='Remove2')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Remove2')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Remove2')] [Alias('unktdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UnknownThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('ltdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${LowThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('mtdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ModerateThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('htdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${HighThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('stdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SevereThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('dbaf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableBlockAtFirstSeen}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PUAProtection}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CloudBlockLevel}, [Parameter(ParameterSetName='Remove2')] [Alias('cloudextimeout')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CloudExtendedTimeout}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableNetworkProtection}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableControlledFolderAccess}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93045 Keywords=None Message=Creating Scriptblock text (11 of 21): meters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Add', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Add-MpPreference' -Alias '*' function Remove-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(Pa ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93044 Keywords=None Message=Creating Scriptblock text (10 of 21): rType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowDatagramProcessingOnWinServer')) { [object]$__cmdletization_value = ${AllowDatagramProcessingOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDnsSinkhole')) { [object]$__cmdletization_value = ${EnableDnsSinkhole} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableInboundConnectionFiltering')) { [object]$__cmdletization_value = ${DisableInboundConnectionFiltering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRdpParsing')) { [object]$__cmdletization_value = ${DisableRdpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableNetworkProtectionPerfTelemetry')) { [object]$__cmdletization_value = ${DisableNetworkProtectionPerfTelemetry} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TrustLabelProtectionStatus')) { [object]$__cmdletization_value = ${TrustLabelProtectionStatus} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-MpPreference' -Alias '*' function Add-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Add1')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Add1')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Add1')] [switch] ${Force}, [Parameter(ParameterSetName='Add1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Add1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Add1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundPara ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93043 Keywords=None Message=Creating Scriptblock text (9 of 21): .MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyServer')) { [object]$__cmdletization_value = ${ProxyServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyBypass')) { [object]$__cmdletization_value = ${ProxyBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceUseProxyOnly')) { [object]$__cmdletization_value = ${ForceUseProxyOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableTlsParsing')) { [object]$__cmdletization_value = ${DisableTlsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableHttpParsing')) { [object]$__cmdletization_value = ${DisableHttpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsParsing')) { [object]$__cmdletization_value = ${DisableDnsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsOverTcpParsing')) { [object]$__cmdletization_value = ${DisableDnsOverTcpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableSshParsing')) { [object]$__cmdletization_value = ${DisableSshParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PlatformUpdatesChannel')) { [object]$__cmdletization_value = ${PlatformUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EngineUpdatesChannel')) { [object]$__cmdletization_value = ${EngineUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefinitionUpdatesChannel')) { [object]$__cmdletization_value = ${DefinitionUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableGradualRelease')) { [object]$__cmdletization_value = ${DisableGradualRelease} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionDownLevel')) { [object]$__cmdletization_value = ${AllowNetworkProtectionDownLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; Paramete ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93042 Keywords=None Message=Creating Scriptblock text (8 of 21): [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudBlockLevel')) { [object]$__cmdletization_value = ${CloudBlockLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudExtendedTimeout')) { [object]$__cmdletization_value = ${CloudExtendedTimeout} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableNetworkProtection')) { [object]$__cmdletization_value = ${EnableNetworkProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableControlledFolderAccess')) { [object]$__cmdletization_value = ${EnableControlledFolderAccess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableLowCpuPriority')) { [object]$__cmdletization_value = ${EnableLowCpuPriority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFileHashComputation')) { [object]$__cmdletization_value = ${EnableFileHashComputation} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFullScanOnBatteryPower')) { [object]$__cmdletization_value = ${EnableFullScanOnBatteryPower} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyPacUrl')) { [object]$__cmdletization_value = ${ProxyPacUrl} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93041 Keywords=None Message=Creating Scriptblock text (7 of 21): ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningNetworkFiles')) { [object]$__cmdletization_value = ${DisableScanningNetworkFiles} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UILockdown')) { [object]$__cmdletization_value = ${UILockdown} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UnknownThreatDefaultAction')) { [object]$__cmdletization_value = ${UnknownThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LowThreatDefaultAction')) { [object]$__cmdletization_value = ${LowThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ModerateThreatDefaultAction')) { [object]$__cmdletization_value = ${ModerateThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('HighThreatDefaultAction')) { [object]$__cmdletization_value = ${HighThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SevereThreatDefaultAction')) { [object]$__cmdletization_value = ${SevereThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBlockAtFirstSeen')) { [object]$__cmdletization_value = ${DisableBlockAtFirstSeen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PUAProtection')) { [object]$__cmdletization_value = ${PUAProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93040 Keywords=None Message=Creating Scriptblock text (6 of 21): on_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SchedulerRandomizationTime')) { [object]$__cmdletization_value = ${SchedulerRandomizationTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBehaviorMonitoring')) { [object]$__cmdletization_value = ${DisableBehaviorMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIntrusionPreventionSystem')) { [object]$__cmdletization_value = ${DisableIntrusionPreventionSystem} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIOAVProtection')) { [object]$__cmdletization_value = ${DisableIOAVProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRealtimeMonitoring')) { [object]$__cmdletization_value = ${DisableRealtimeMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScriptScanning')) { [object]$__cmdletization_value = ${DisableScriptScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableArchiveScanning')) { [object]$__cmdletization_value = ${DisableArchiveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupFullScan')) { [object]$__cmdletization_value = ${DisableCatchupFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupQuickScan')) { [object]$__cmdletization_value = ${DisableCatchupQuickScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableEmailScanning')) { [object]$__cmdletization_value = ${DisableEmailScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRemovableDriveScanning')) { [object]$__cmdletization_value = ${DisableRemovableDriveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRestorePoint')) { [object]$__cmdletization_value = ${DisableRestorePoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningMappedNetworkDrivesForFullScan')) { [object]$__cmdletization_value = ${DisableScanningMappedNetworkDrivesForFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93039 Keywords=None Message=Creating Scriptblock text (5 of 21): terType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateCatchupInterval')) { [object]$__cmdletization_value = ${SignatureUpdateCatchupInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateInterval')) { [object]$__cmdletization_value = ${SignatureUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobUpdateInterval')) { [object]$__cmdletization_value = ${SignatureBlobUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobFileSharesSources')) { [object]$__cmdletization_value = ${SignatureBlobFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MeteredConnectionUpdates')) { [object]$__cmdletization_value = ${MeteredConnectionUpdates} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionOnWinServer')) { [object]$__cmdletization_value = ${AllowNetworkProtectionOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDatagramProcessing')) { [object]$__cmdletization_value = ${DisableDatagramProcessing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCpuThrottleOnIdleScans')) { [object]$__cmdletization_value = ${DisableCpuThrottleOnIdleScans} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MAPSReporting')) { [object]$__cmdletization_value = ${MAPSReporting} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SubmitSamplesConsent')) { [object]$__cmdletization_value = ${SubmitSamplesConsent} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableAutoExclusions')) { [object]$__cmdletization_value = ${DisableAutoExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisablePrivacyMode')) { [object]$__cmdletization_value = ${DisablePrivacyMode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeScheduleTaskTimes')) { [object]$__cmdletization_value = ${RandomizeScheduleTaskTimes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletizati ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93038 Keywords=None Message=Creating Scriptblock text (4 of 21): $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanParameters')) { [object]$__cmdletization_value = ${ScanParameters} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleDay')) { [object]$__cmdletization_value = ${ScanScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleQuickScanTime')) { [object]$__cmdletization_value = ${ScanScheduleQuickScanTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleTime')) { [object]$__cmdletization_value = ${ScanScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThrottleForScheduledScanOnly')) { [object]$__cmdletization_value = ${ThrottleForScheduledScanOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFirstAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureFirstAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDefinitionUpdateFileSharesSources')) { [object]$__cmdletization_value = ${SignatureDefinitionUpdateFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDisableUpdateOnStartupWithoutEngine')) { [object]$__cmdletization_value = ${SignatureDisableUpdateOnStartupWithoutEngine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFallbackOrder')) { [object]$__cmdletization_value = ${SignatureFallbackOrder} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SharedSignaturesPath')) { [object]$__cmdletization_value = ${SharedSignaturesPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleDay')) { [object]$__cmdletization_value = ${SignatureScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleTime')) { [object]$__cmdletization_value = ${SignatureScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; Parame ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93037 Keywords=None Message=Creating Scriptblock text (3 of 21): dParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RealTimeScanDirection')) { [object]$__cmdletization_value = ${RealTimeScanDirection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuarantinePurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${QuarantinePurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleDay')) { [object]$__cmdletization_value = ${RemediationScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleTime')) { [object]$__cmdletization_value = ${RemediationScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingAdditionalActionTimeOut')) { [object]$__cmdletization_value = ${ReportingAdditionalActionTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingCriticalFailureTimeOut')) { [object]$__cmdletization_value = ${ReportingCriticalFailureTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingNonCriticalTimeOut')) { [object]$__cmdletization_value = ${ReportingNonCriticalTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanAvgCPULoadFactor')) { [object]$__cmdletization_value = ${ScanAvgCPULoadFactor} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CheckForSignaturesBeforeRunningScan')) { [object]$__cmdletization_value = ${CheckForSignaturesBeforeRunningScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${ScanPurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanOnlyIfIdleEnabled')) { [object]$__cmdletization_value = ${ScanOnlyIfIdleEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93036 Keywords=None Message=Creating Scriptblock text (2 of 21): }, [Parameter(ParameterSetName='Set0')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Set0')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Set0')] [Alias('unktdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${UnknownThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('ltdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${LowThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('mtdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${ModerateThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('htdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${HighThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('stdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${SevereThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [switch] ${Force}, [Parameter(ParameterSetName='Set0')] [Alias('dbaf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableBlockAtFirstSeen}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType] ${PUAProtection}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Default','Moderate','High','HighPlus','ZeroTolerance')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType] ${CloudBlockLevel}, [Parameter(ParameterSetName='Set0')] [Alias('cloudextimeout')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${CloudExtendedTimeout}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType] ${EnableNetworkProtection}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode','BlockDiskModificationOnly','AuditDiskModificationOnly')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType] ${EnableControlledFolderAccess}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Set0')] [Alias('elcp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableLowCpuPriority}, [Parameter(ParameterSetName='Set0')] [Alias('efhc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableFileHashComputation}, [Parameter(ParameterSetName='Set0')] [Alias('efsobp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableFullScanOnBatteryPower}, [Parameter(ParameterSetName='Set0')] [Alias('ppurl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ProxyPacUrl}, [Parameter(ParameterSetName='Set0')] [Alias('proxsrv')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ProxyServer}, [Parameter(ParameterSetName='Set0')] [Alias('proxbps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ProxyBypass}, [Parameter(ParameterSetName='Set0')] [Alias('fupo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ForceUseProxyOnly}, [Parameter(ParameterSetName='Set0')] [Alias('dtlsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableTlsParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dhttpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableHttpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('ddnsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDnsParsing}, [Parameter(ParameterSetName='Set0')] [Alias('ddnstcpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDnsOverTcpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dsshp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableSshParsing}, [Parameter(ParameterSetName='Set0')] [Alias('puc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Beta','Preview','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${PlatformUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('euc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Beta','Preview','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${EngineUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('duc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${DefinitionUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('dgr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableGradualRelease}, [Parameter(ParameterSetName='Set0')] [Alias('anpdl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowNetworkProtectionDownLevel}, [Parameter(ParameterSetName='Set0')] [Alias('adpows')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowDatagramProcessingOnWinServer}, [Parameter(ParameterSetName='Set0')] [Alias('ednss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableDnsSinkhole}, [Parameter(ParameterSetName='Set0')] [Alias('dicf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableInboundConnectionFiltering}, [Parameter(ParameterSetName='Set0')] [Alias('drdpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRdpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dnppt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableNetworkProtectionPerfTelemetry}, [Parameter(ParameterSetName='Set0')] [Alias('tlps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${TrustLabelProtectionStatus}, [Parameter(ParameterSetName='Set0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_metho ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93035 Keywords=None Message=Creating Scriptblock text (1 of 21): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root\Microsoft\Windows\Defender\MSFT_MpPreference' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Set-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Set0')] [Alias('rtsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Both','Incoming','Outcoming')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection] ${RealTimeScanDirection}, [Parameter(ParameterSetName='Set0')] [Alias('qpiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${QuarantinePurgeItemsAfterDelay}, [Parameter(ParameterSetName='Set0')] [Alias('rsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${RemediationScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('rst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${RemediationScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('raat')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingAdditionalActionTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('rcto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingCriticalFailureTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('rncto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingNonCriticalTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('saclf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${ScanAvgCPULoadFactor}, [Parameter(ParameterSetName='Set0')] [Alias('csbr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${CheckForSignaturesBeforeRunningScan}, [Parameter(ParameterSetName='Set0')] [Alias('spiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ScanPurgeItemsAfterDelay}, [Parameter(ParameterSetName='Set0')] [Alias('soiie')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ScanOnlyIfIdleEnabled}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('QuickScan','FullScan')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType] ${ScanParameters}, [Parameter(ParameterSetName='Set0')] [Alias('scsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${ScanScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('scsqst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${ScanScheduleQuickScanTime}, [Parameter(ParameterSetName='Set0')] [Alias('scst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${ScanScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('tfsso')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ThrottleForScheduledScanOnly}, [Parameter(ParameterSetName='Set0')] [Alias('sigfagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureFirstAuGracePeriod}, [Parameter(ParameterSetName='Set0')] [Alias('sigagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureAuGracePeriod}, [Parameter(ParameterSetName='Set0')] [Alias('sigdufss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureDefinitionUpdateFileSharesSources}, [Parameter(ParameterSetName='Set0')] [Alias('sigduoswo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${SignatureDisableUpdateOnStartupWithoutEngine}, [Parameter(ParameterSetName='Set0')] [Alias('sfo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureFallbackOrder}, [Parameter(ParameterSetName='Set0')] [Alias('ssp','SecurityIntelligenceLocation','ssl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SharedSignaturesPath}, [Parameter(ParameterSetName='Set0')] [Alias('sigsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${SignatureScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('sigst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${SignatureScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('siguci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureUpdateCatchupInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureUpdateInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigbui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureBlobUpdateInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigbfs')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureBlobFileSharesSources}, [Parameter(ParameterSetName='Set0')] [Alias('mcupd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${MeteredConnectionUpdates}, [Parameter(ParameterSetName='Set0')] [Alias('anpws')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowNetworkProtectionOnWinServer}, [Parameter(ParameterSetName='Set0')] [Alias('ddtgp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDatagramProcessing}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCpuThrottleOnIdleScans}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Basic','Advanced')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType] ${MAPSReporting}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('AlwaysPrompt','SendSafeSamples','NeverSend','SendAllSamples')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType] ${SubmitSamplesConsent}, [Parameter(ParameterSetName='Set0')] [Alias('dae')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableAutoExclusions}, [Parameter(ParameterSetName='Set0')] [Alias('dpm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisablePrivacyMode}, [Parameter(ParameterSetName='Set0')] [Alias('rstt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${RandomizeScheduleTaskTimes}, [Parameter(ParameterSetName='Set0')] [Alias('srt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SchedulerRandomizationTime}, [Parameter(ParameterSetName='Set0')] [Alias('dbm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableBehaviorMonitoring}, [Parameter(ParameterSetName='Set0')] [Alias('dips')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableIntrusionPreventionSystem}, [Parameter(ParameterSetName='Set0')] [Alias('dioavp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableIOAVProtection}, [Parameter(ParameterSetName='Set0')] [Alias('drtm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRealtimeMonitoring}, [Parameter(ParameterSetName='Set0')] [Alias('dscrptsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScriptScanning}, [Parameter(ParameterSetName='Set0')] [Alias('darchsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableArchiveScanning}, [Parameter(ParameterSetName='Set0')] [Alias('dcfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCatchupFullScan}, [Parameter(ParameterSetName='Set0')] [Alias('dcqsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCatchupQuickScan}, [Parameter(ParameterSetName='Set0')] [Alias('demsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableEmailScanning}, [Parameter(ParameterSetName='Set0')] [Alias('drdsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRemovableDriveScanning}, [Parameter(ParameterSetName='Set0')] [Alias('drp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRestorePoint}, [Parameter(ParameterSetName='Set0')] [Alias('dsmndfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScanningMappedNetworkDrivesForFullScan}, [Parameter(ParameterSetName='Set0')] [Alias('dsnf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScanningNetworkFiles}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${UILockdown ScriptBlock ID: 49f67ad7-550b-4572-8674-311d2a2542ed Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93034 Keywords=None Message=Completed invocation of ScriptBlock ID: 9c37cb56-d356-4a0c-bf6d-80014bd57173 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93033 Keywords=None Message=Started invocation of ScriptBlock ID: 9c37cb56-d356-4a0c-bf6d-80014bd57173 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93032 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus' $script:ClassVersion = '' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpComputerStatus { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpComputerStatus.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpComputerStatus' -Alias '*' ScriptBlock ID: 9c37cb56-d356-4a0c-bf6d-80014bd57173 Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93031 Keywords=None Message=Completed invocation of ScriptBlock ID: def7cedc-4441-44b1-9690-43cd2beea752 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93030 Keywords=None Message=Started invocation of ScriptBlock ID: def7cedc-4441-44b1-9690-43cd2beea752 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93029 Keywords=None Message=Started invocation of ScriptBlock ID: 07585119-0ac0-4773-8450-19076d3bfa86 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93028 Keywords=None Message=Creating Scriptblock text (1 of 1): Set-MpPreference -ExclusionPath 'C:\' ScriptBlock ID: 07585119-0ac0-4773-8450-19076d3bfa86 Path: 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40962 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Stop RecordNumber=93027 Keywords=None Message=PowerShell console is ready for user input 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=53504 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Named Pipe IPC OpCode=Open (async) RecordNumber=93026 Keywords=None Message=Windows PowerShell has started an IPC listening thread on process: 4960 in AppDomain: DefaultAppDomain. 01/20/2022 01:59:07 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40961 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Start RecordNumber=93025 Keywords=None Message=PowerShell console is starting up 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93102 Keywords=None Message=Completed invocation of ScriptBlock ID: 20cd66bb-6bf8-4097-88a0-1c9f1b6d6fcd Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93101 Keywords=None Message=Started invocation of ScriptBlock ID: 20cd66bb-6bf8-4097-88a0-1c9f1b6d6fcd Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93100 Keywords=None Message=Creating Scriptblock text (1 of 1): $global:? ScriptBlock ID: 20cd66bb-6bf8-4097-88a0-1c9f1b6d6fcd Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93099 Keywords=None Message=Completed invocation of ScriptBlock ID: 07585119-0ac0-4773-8450-19076d3bfa86 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93098 Keywords=None Message=Completed invocation of ScriptBlock ID: cf33d9e0-b8ab-48d0-8b04-0d4b6524531a Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93097 Keywords=None Message=Completed invocation of ScriptBlock ID: ec66435c-238e-402b-a010-1afeb3766fc6 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93096 Keywords=None Message=Started invocation of ScriptBlock ID: ec66435c-238e-402b-a010-1afeb3766fc6 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93095 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.OriginInfo } ScriptBlock ID: ec66435c-238e-402b-a010-1afeb3766fc6 Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93094 Keywords=None Message=Completed invocation of ScriptBlock ID: f29fe005-e838-40ee-9936-e27a63d427ad Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93093 Keywords=None Message=Started invocation of ScriptBlock ID: f29fe005-e838-40ee-9936-e27a63d427ad Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93092 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.ErrorCategory_Message } ScriptBlock ID: f29fe005-e838-40ee-9936-e27a63d427ad Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93091 Keywords=None Message=Completed invocation of ScriptBlock ID: a77286f4-d0ad-49f8-bb85-b4f3b8c3fca8 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93090 Keywords=None Message=Completed invocation of ScriptBlock ID: eeeb3ed6-d52b-48bf-a7b4-c6e50f8721a5 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93089 Keywords=None Message=Completed invocation of ScriptBlock ID: 379b9b16-f850-42c1-a509-591cb39bb4c8 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93088 Keywords=None Message=Started invocation of ScriptBlock ID: 379b9b16-f850-42c1-a509-591cb39bb4c8 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93087 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails } ScriptBlock ID: 379b9b16-f850-42c1-a509-591cb39bb4c8 Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93086 Keywords=None Message=Started invocation of ScriptBlock ID: eeeb3ed6-d52b-48bf-a7b4-c6e50f8721a5 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93085 Keywords=None Message=Started invocation of ScriptBlock ID: a77286f4-d0ad-49f8-bb85-b4f3b8c3fca8 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93084 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.PSMessageDetails } ScriptBlock ID: a77286f4-d0ad-49f8-bb85-b4f3b8c3fca8 Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93083 Keywords=None Message=Started invocation of ScriptBlock ID: cf33d9e0-b8ab-48d0-8b04-0d4b6524531a Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93082 Keywords=None Message=Completed invocation of ScriptBlock ID: 4d2b23cd-8cec-426f-8270-5c23ad27f0b3 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93081 Keywords=None Message=Started invocation of ScriptBlock ID: 4d2b23cd-8cec-426f-8270-5c23ad27f0b3 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93080 Keywords=None Message=Completed invocation of ScriptBlock ID: a3fb3306-64fa-4169-91ab-a9903267ee82 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93079 Keywords=None Message=Started invocation of ScriptBlock ID: a3fb3306-64fa-4169-91ab-a9903267ee82 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93078 Keywords=None Message=Creating Scriptblock text (1 of 1): function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: a3fb3306-64fa-4169-91ab-a9903267ee82 Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93077 Keywords=None Message=Completed invocation of ScriptBlock ID: 7adb624e-e476-4cd2-be1a-9e933aac9be6 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93076 Keywords=None Message=Started invocation of ScriptBlock ID: 7adb624e-e476-4cd2-be1a-9e933aac9be6 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93075 Keywords=None Message=Completed invocation of ScriptBlock ID: 1efdaec8-9080-4da9-be0f-a0a92b140c38 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93074 Keywords=None Message=Started invocation of ScriptBlock ID: 1efdaec8-9080-4da9-be0f-a0a92b140c38 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93073 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpWDOScan' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Start-MpWDOScan { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Start0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Start0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Start0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Start', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpWDOScan.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Start-MpWDOScan' -Alias '*' ScriptBlock ID: 1efdaec8-9080-4da9-be0f-a0a92b140c38 Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93072 Keywords=None Message=Completed invocation of ScriptBlock ID: 155b22a7-5dba-4fef-9483-685f97d78925 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93071 Keywords=None Message=Started invocation of ScriptBlock ID: 155b22a7-5dba-4fef-9483-685f97d78925 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93070 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpSignature' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Update-MpSignature { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Update0')] [AllowEmptyString()] [AllowNull()] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('InternalDefinitionUpdateServer','MicrosoftUpdateServer','MMPC','FileShares')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource] ${UpdateSource}, [Parameter(ParameterSetName='Update0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Update0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Update0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UpdateSource')) { [object]$__cmdletization_value = ${UpdateSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UpdateSource'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UpdateSource'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Update', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpSignature.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Update-MpSignature' -Alias '*' ScriptBlock ID: 155b22a7-5dba-4fef-9483-685f97d78925 Path: 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93069 Keywords=None Message=Completed invocation of ScriptBlock ID: 5231be36-11d4-401e-aac5-9cbae4a3e3e9 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93068 Keywords=None Message=Started invocation of ScriptBlock ID: 5231be36-11d4-401e-aac5-9cbae4a3e3e9 Runspace ID: 57257c70-797e-47b3-b90c-938b2087ea3a 01/20/2022 01:59:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93067 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpScan' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Start-MpScan { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Start0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ScanPath}, [Parameter(ParameterSetName='Start0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('FullScan','QuickScan','CustomScan')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType] ${ScanType}, [Parameter(ParameterSetName='Start0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Start0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Start0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPath')) { [object]$__cmdletization_value = ${ScanPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanType')) { [object]$__cmdletization_value = ${ScanType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Start', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpScan.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Start-MpScan' -Alias '*' ScriptBlock ID: 5231be36-11d4-401e-aac5-9cbae4a3e3e9 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93147 Keywords=None Message=Completed invocation of ScriptBlock ID: c97a77bf-a825-4502-a141-4c302d205e8d Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93146 Keywords=None Message=Started invocation of ScriptBlock ID: c97a77bf-a825-4502-a141-4c302d205e8d Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93145 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpWDOScan' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Start-MpWDOScan { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Start0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Start0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Start0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Start', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpWDOScan.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Start-MpWDOScan' -Alias '*' ScriptBlock ID: c97a77bf-a825-4502-a141-4c302d205e8d Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93144 Keywords=None Message=Completed invocation of ScriptBlock ID: e242aeac-9163-4cd7-b302-3ef407af80c8 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93143 Keywords=None Message=Started invocation of ScriptBlock ID: e242aeac-9163-4cd7-b302-3ef407af80c8 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93142 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpSignature' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Update-MpSignature { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Update0')] [AllowEmptyString()] [AllowNull()] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('InternalDefinitionUpdateServer','MicrosoftUpdateServer','MMPC','FileShares')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource] ${UpdateSource}, [Parameter(ParameterSetName='Update0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Update0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Update0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UpdateSource')) { [object]$__cmdletization_value = ${UpdateSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UpdateSource'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UpdateSource'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Update', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpSignature.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Update-MpSignature' -Alias '*' ScriptBlock ID: e242aeac-9163-4cd7-b302-3ef407af80c8 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93141 Keywords=None Message=Completed invocation of ScriptBlock ID: 7a8781fd-0989-4012-a6a9-a408f2f2bc6a Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93140 Keywords=None Message=Started invocation of ScriptBlock ID: 7a8781fd-0989-4012-a6a9-a408f2f2bc6a Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93139 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpScan' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Start-MpScan { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Start0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ScanPath}, [Parameter(ParameterSetName='Start0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('FullScan','QuickScan','CustomScan')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType] ${ScanType}, [Parameter(ParameterSetName='Start0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Start0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Start0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPath')) { [object]$__cmdletization_value = ${ScanPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanType')) { [object]$__cmdletization_value = ${ScanType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Start', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpScan.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Start-MpScan' -Alias '*' ScriptBlock ID: 7a8781fd-0989-4012-a6a9-a408f2f2bc6a Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93138 Keywords=None Message=Completed invocation of ScriptBlock ID: c5d6321f-eed2-4ab4-be82-c1bdea83adec Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93137 Keywords=None Message=Started invocation of ScriptBlock ID: c5d6321f-eed2-4ab4-be82-c1bdea83adec Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93136 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreatDetection' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpThreatDetection { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreatDetection')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreatDetection.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreatDetection' -Alias '*' ScriptBlock ID: c5d6321f-eed2-4ab4-be82-c1bdea83adec Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93135 Keywords=None Message=Completed invocation of ScriptBlock ID: 2032af70-b0eb-4aa9-a346-09c1743cfd66 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93134 Keywords=None Message=Started invocation of ScriptBlock ID: 2032af70-b0eb-4aa9-a346-09c1743cfd66 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93133 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreatCatalog' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpThreatCatalog { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreatCatalog')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreatCatalog.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreatCatalog' -Alias '*' ScriptBlock ID: 2032af70-b0eb-4aa9-a346-09c1743cfd66 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93132 Keywords=None Message=Completed invocation of ScriptBlock ID: 9c14c468-15e7-4644-bdff-27a3b367ae8e Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93131 Keywords=None Message=Started invocation of ScriptBlock ID: 9c14c468-15e7-4644-bdff-27a3b367ae8e Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93130 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreat' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Remove-MpThreat { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Remove0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreat.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-MpThreat' -Alias '*' function Get-MpThreat { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreat')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreat.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreat' -Alias '*' ScriptBlock ID: 9c14c468-15e7-4644-bdff-27a3b367ae8e Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93129 Keywords=None Message=Completed invocation of ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93128 Keywords=None Message=Started invocation of ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93127 Keywords=None Message=Creating Scriptblock text (15 of 15): zation_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-MpPreference' -Alias '*' function Get-MpPreference { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root\Microsoft\Windows\Defender\MSFT_MpPreference')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpPreference' -Alias '*' ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93126 Keywords=None Message=Creating Scriptblock text (14 of 15): yOnly')) { [object]$__cmdletization_value = ${ForceUseProxyOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableTlsParsing')) { [object]$__cmdletization_value = ${DisableTlsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableHttpParsing')) { [object]$__cmdletization_value = ${DisableHttpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsParsing')) { [object]$__cmdletization_value = ${DisableDnsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsOverTcpParsing')) { [object]$__cmdletization_value = ${DisableDnsOverTcpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableSshParsing')) { [object]$__cmdletization_value = ${DisableSshParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PlatformUpdatesChannel')) { [object]$__cmdletization_value = ${PlatformUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EngineUpdatesChannel')) { [object]$__cmdletization_value = ${EngineUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefinitionUpdatesChannel')) { [object]$__cmdletization_value = ${DefinitionUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableGradualRelease')) { [object]$__cmdletization_value = ${DisableGradualRelease} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionDownLevel')) { [object]$__cmdletization_value = ${AllowNetworkProtectionDownLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowDatagramProcessingOnWinServer')) { [object]$__cmdletization_value = ${AllowDatagramProcessingOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDnsSinkhole')) { [object]$__cmdletization_value = ${EnableDnsSinkhole} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableInboundConnectionFiltering')) { [object]$__cmdletization_value = ${DisableInboundConnectionFiltering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRdpParsing')) { [object]$__cmdletization_value = ${DisableRdpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableNetworkProtectionPerfTelemetry')) { [object]$__cmdletization_value = ${DisableNetworkProtectionPerfTelemetry} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TrustLabelProtectionStatus')) { [object]$__cmdletization_value = ${TrustLabelProtectionStatus} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdleti ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93125 Keywords=None Message=Creating Scriptblock text (13 of 15): mdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SevereThreatDefaultAction')) { [object]$__cmdletization_value = ${SevereThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBlockAtFirstSeen')) { [object]$__cmdletization_value = ${DisableBlockAtFirstSeen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PUAProtection')) { [object]$__cmdletization_value = ${PUAProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudBlockLevel')) { [object]$__cmdletization_value = ${CloudBlockLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudExtendedTimeout')) { [object]$__cmdletization_value = ${CloudExtendedTimeout} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableNetworkProtection')) { [object]$__cmdletization_value = ${EnableNetworkProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableControlledFolderAccess')) { [object]$__cmdletization_value = ${EnableControlledFolderAccess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableLowCpuPriority')) { [object]$__cmdletization_value = ${EnableLowCpuPriority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFileHashComputation')) { [object]$__cmdletization_value = ${EnableFileHashComputation} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFullScanOnBatteryPower')) { [object]$__cmdletization_value = ${EnableFullScanOnBatteryPower} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyPacUrl')) { [object]$__cmdletization_value = ${ProxyPacUrl} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyServer')) { [object]$__cmdletization_value = ${ProxyServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyBypass')) { [object]$__cmdletization_value = ${ProxyBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceUseProx ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93124 Keywords=None Message=Creating Scriptblock text (12 of 15): cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIOAVProtection')) { [object]$__cmdletization_value = ${DisableIOAVProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRealtimeMonitoring')) { [object]$__cmdletization_value = ${DisableRealtimeMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScriptScanning')) { [object]$__cmdletization_value = ${DisableScriptScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableArchiveScanning')) { [object]$__cmdletization_value = ${DisableArchiveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupFullScan')) { [object]$__cmdletization_value = ${DisableCatchupFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupQuickScan')) { [object]$__cmdletization_value = ${DisableCatchupQuickScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableEmailScanning')) { [object]$__cmdletization_value = ${DisableEmailScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRemovableDriveScanning')) { [object]$__cmdletization_value = ${DisableRemovableDriveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRestorePoint')) { [object]$__cmdletization_value = ${DisableRestorePoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningMappedNetworkDrivesForFullScan')) { [object]$__cmdletization_value = ${DisableScanningMappedNetworkDrivesForFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningNetworkFiles')) { [object]$__cmdletization_value = ${DisableScanningNetworkFiles} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UILockdown')) { [object]$__cmdletization_value = ${UILockdown} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UnknownThreatDefaultAction')) { [object]$__cmdletization_value = ${UnknownThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LowThreatDefaultAction')) { [object]$__cmdletization_value = ${LowThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ModerateThreatDefaultAction')) { [object]$__cmdletization_value = ${ModerateThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('HighThreatDefaultAction')) { [object]$__cmdletization_value = ${HighThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__c ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93123 Keywords=None Message=Creating Scriptblock text (11 of 15): } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleDay')) { [object]$__cmdletization_value = ${SignatureScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleTime')) { [object]$__cmdletization_value = ${SignatureScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateCatchupInterval')) { [object]$__cmdletization_value = ${SignatureUpdateCatchupInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateInterval')) { [object]$__cmdletization_value = ${SignatureUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobUpdateInterval')) { [object]$__cmdletization_value = ${SignatureBlobUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobFileSharesSources')) { [object]$__cmdletization_value = ${SignatureBlobFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MeteredConnectionUpdates')) { [object]$__cmdletization_value = ${MeteredConnectionUpdates} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionOnWinServer')) { [object]$__cmdletization_value = ${AllowNetworkProtectionOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDatagramProcessing')) { [object]$__cmdletization_value = ${DisableDatagramProcessing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCpuThrottleOnIdleScans')) { [object]$__cmdletization_value = ${DisableCpuThrottleOnIdleScans} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MAPSReporting')) { [object]$__cmdletization_value = ${MAPSReporting} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SubmitSamplesConsent')) { [object]$__cmdletization_value = ${SubmitSamplesConsent} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableAutoExclusions')) { [object]$__cmdletization_value = ${DisableAutoExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisablePrivacyMode')) { [object]$__cmdletization_value = ${DisablePrivacyMode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeScheduleTaskTimes')) { [object]$__cmdletization_value = ${RandomizeScheduleTaskTimes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SchedulerRandomizationTime')) { [object]$__cmdletization_value = ${SchedulerRandomizationTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBehaviorMonitoring')) { [object]$__cmdletization_value = ${DisableBehaviorMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIntrusionPreventionSystem')) { [object]$__cmdletization_value = ${DisableIntrusionPreventionSystem} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__ ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93122 Keywords=None Message=Creating Scriptblock text (10 of 15): thodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingAdditionalActionTimeOut')) { [object]$__cmdletization_value = ${ReportingAdditionalActionTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingCriticalFailureTimeOut')) { [object]$__cmdletization_value = ${ReportingCriticalFailureTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingNonCriticalTimeOut')) { [object]$__cmdletization_value = ${ReportingNonCriticalTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanAvgCPULoadFactor')) { [object]$__cmdletization_value = ${ScanAvgCPULoadFactor} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CheckForSignaturesBeforeRunningScan')) { [object]$__cmdletization_value = ${CheckForSignaturesBeforeRunningScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${ScanPurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanOnlyIfIdleEnabled')) { [object]$__cmdletization_value = ${ScanOnlyIfIdleEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanParameters')) { [object]$__cmdletization_value = ${ScanParameters} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleDay')) { [object]$__cmdletization_value = ${ScanScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleQuickScanTime')) { [object]$__cmdletization_value = ${ScanScheduleQuickScanTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleTime')) { [object]$__cmdletization_value = ${ScanScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThrottleForScheduledScanOnly')) { [object]$__cmdletization_value = ${ThrottleForScheduledScanOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFirstAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureFirstAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDefinitionUpdateFileSharesSources')) { [object]$__cmdletization_value = ${SignatureDefinitionUpdateFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDisableUpdateOnStartupWithoutEngine')) { [object]$__cmdletization_value = ${SignatureDisableUpdateOnStartupWithoutEngine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFallbackOrder')) { [object]$__cmdletization_value = ${SignatureFallbackOrder} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SharedSignaturesPath')) { [object]$__cmdletization_value = ${SharedSignaturesPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93121 Keywords=None Message=Creating Scriptblock text (9 of 15): idateNotNullOrEmpty()] [switch] ${DisableCatchupQuickScan}, [Parameter(ParameterSetName='Remove2')] [Alias('demsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableEmailScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('drdsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRemovableDriveScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('drp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRestorePoint}, [Parameter(ParameterSetName='Remove2')] [Alias('dsmndfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScanningMappedNetworkDrivesForFullScan}, [Parameter(ParameterSetName='Remove2')] [Alias('dsnf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScanningNetworkFiles}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UILockdown}, [Parameter(ParameterSetName='Remove2')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Remove2')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Remove2')] [Alias('unktdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UnknownThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('ltdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${LowThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('mtdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ModerateThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('htdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${HighThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('stdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SevereThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('dbaf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableBlockAtFirstSeen}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PUAProtection}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CloudBlockLevel}, [Parameter(ParameterSetName='Remove2')] [Alias('cloudextimeout')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CloudExtendedTimeout}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableNetworkProtection}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableControlledFolderAccess}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Remove2')] [Alias('elcp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableLowCpuPriority}, [Parameter(ParameterSetName='Remove2')] [Alias('efhc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableFileHashComputation}, [Parameter(ParameterSetName='Remove2')] [Alias('efsobp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableFullScanOnBatteryPower}, [Parameter(ParameterSetName='Remove2')] [Alias('ppurl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyPacUrl}, [Parameter(ParameterSetName='Remove2')] [Alias('proxsrv')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyServer}, [Parameter(ParameterSetName='Remove2')] [Alias('proxbps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyBypass}, [Parameter(ParameterSetName='Remove2')] [Alias('fupo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ForceUseProxyOnly}, [Parameter(ParameterSetName='Remove2')] [Alias('dtlsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableTlsParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dhttpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableHttpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('ddnsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDnsParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('ddnstcpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDnsOverTcpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dsshp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableSshParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('puc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PlatformUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('euc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EngineUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('duc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DefinitionUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('dgr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableGradualRelease}, [Parameter(ParameterSetName='Remove2')] [Alias('anpdl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowNetworkProtectionDownLevel}, [Parameter(ParameterSetName='Remove2')] [Alias('adpows')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowDatagramProcessingOnWinServer}, [Parameter(ParameterSetName='Remove2')] [Alias('ednss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableDnsSinkhole}, [Parameter(ParameterSetName='Remove2')] [Alias('dicf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableInboundConnectionFiltering}, [Parameter(ParameterSetName='Remove2')] [Alias('drdpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRdpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dnppt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableNetworkProtectionPerfTelemetry}, [Parameter(ParameterSetName='Remove2')] [Alias('tlps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TrustLabelProtectionStatus}, [Parameter(ParameterSetName='Remove2')] [switch] ${Force}, [Parameter(ParameterSetName='Remove2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RealTimeScanDirection')) { [object]$__cmdletization_value = ${RealTimeScanDirection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuarantinePurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${QuarantinePurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleDay')) { [object]$__cmdletization_value = ${RemediationScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleTime')) { [object]$__cmdletization_value = ${RemediationScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_me ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93120 Keywords=None Message=Creating Scriptblock text (8 of 15): cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Add', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Add-MpPreference' -Alias '*' function Remove-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Remove2')] [Alias('rtsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RealTimeScanDirection}, [Parameter(ParameterSetName='Remove2')] [Alias('qpiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${QuarantinePurgeItemsAfterDelay}, [Parameter(ParameterSetName='Remove2')] [Alias('rsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RemediationScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('rst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RemediationScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('raat')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingAdditionalActionTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('rcto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingCriticalFailureTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('rncto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingNonCriticalTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('saclf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanAvgCPULoadFactor}, [Parameter(ParameterSetName='Remove2')] [Alias('csbr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CheckForSignaturesBeforeRunningScan}, [Parameter(ParameterSetName='Remove2')] [Alias('spiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanPurgeItemsAfterDelay}, [Parameter(ParameterSetName='Remove2')] [Alias('soiie')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanOnlyIfIdleEnabled}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanParameters}, [Parameter(ParameterSetName='Remove2')] [Alias('scsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('scsqst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleQuickScanTime}, [Parameter(ParameterSetName='Remove2')] [Alias('scst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('tfsso')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ThrottleForScheduledScanOnly}, [Parameter(ParameterSetName='Remove2')] [Alias('sigfagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureFirstAuGracePeriod}, [Parameter(ParameterSetName='Remove2')] [Alias('sigagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureAuGracePeriod}, [Parameter(ParameterSetName='Remove2')] [Alias('sigdufss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureDefinitionUpdateFileSharesSources}, [Parameter(ParameterSetName='Remove2')] [Alias('sigduoswo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureDisableUpdateOnStartupWithoutEngine}, [Parameter(ParameterSetName='Remove2')] [Alias('sfo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureFallbackOrder}, [Parameter(ParameterSetName='Remove2')] [Alias('ssp','SecurityIntelligenceLocation','ssl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SharedSignaturesPath}, [Parameter(ParameterSetName='Remove2')] [Alias('sigsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('sigst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('siguci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureUpdateCatchupInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureUpdateInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigbui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureBlobUpdateInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigbfs')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureBlobFileSharesSources}, [Parameter(ParameterSetName='Remove2')] [Alias('mcupd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${MeteredConnectionUpdates}, [Parameter(ParameterSetName='Remove2')] [Alias('anpws')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowNetworkProtectionOnWinServer}, [Parameter(ParameterSetName='Remove2')] [Alias('ddtgp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDatagramProcessing}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCpuThrottleOnIdleScans}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${MAPSReporting}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SubmitSamplesConsent}, [Parameter(ParameterSetName='Remove2')] [Alias('dae')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableAutoExclusions}, [Parameter(ParameterSetName='Remove2')] [Alias('dpm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisablePrivacyMode}, [Parameter(ParameterSetName='Remove2')] [Alias('rstt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RandomizeScheduleTaskTimes}, [Parameter(ParameterSetName='Remove2')] [Alias('srt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SchedulerRandomizationTime}, [Parameter(ParameterSetName='Remove2')] [Alias('dbm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableBehaviorMonitoring}, [Parameter(ParameterSetName='Remove2')] [Alias('dips')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableIntrusionPreventionSystem}, [Parameter(ParameterSetName='Remove2')] [Alias('dioavp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableIOAVProtection}, [Parameter(ParameterSetName='Remove2')] [Alias('drtm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRealtimeMonitoring}, [Parameter(ParameterSetName='Remove2')] [Alias('dscrptsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScriptScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('darchsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableArchiveScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('dcfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCatchupFullScan}, [Parameter(ParameterSetName='Remove2')] [Alias('dcqsc')] [ValidateNotNull()] [Val ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93119 Keywords=None Message=Creating Scriptblock text (7 of 15): UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefinitionUpdatesChannel')) { [object]$__cmdletization_value = ${DefinitionUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableGradualRelease')) { [object]$__cmdletization_value = ${DisableGradualRelease} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionDownLevel')) { [object]$__cmdletization_value = ${AllowNetworkProtectionDownLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowDatagramProcessingOnWinServer')) { [object]$__cmdletization_value = ${AllowDatagramProcessingOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDnsSinkhole')) { [object]$__cmdletization_value = ${EnableDnsSinkhole} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableInboundConnectionFiltering')) { [object]$__cmdletization_value = ${DisableInboundConnectionFiltering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRdpParsing')) { [object]$__cmdletization_value = ${DisableRdpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableNetworkProtectionPerfTelemetry')) { [object]$__cmdletization_value = ${DisableNetworkProtectionPerfTelemetry} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TrustLabelProtectionStatus')) { [object]$__cmdletization_value = ${TrustLabelProtectionStatus} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-MpPreference' -Alias '*' function Add-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Add1')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Add1')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Add1')] [switch] ${Force}, [Parameter(ParameterSetName='Add1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Add1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Add1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__ ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93118 Keywords=None Message=Creating Scriptblock text (6 of 15): $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableLowCpuPriority')) { [object]$__cmdletization_value = ${EnableLowCpuPriority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFileHashComputation')) { [object]$__cmdletization_value = ${EnableFileHashComputation} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFullScanOnBatteryPower')) { [object]$__cmdletization_value = ${EnableFullScanOnBatteryPower} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyPacUrl')) { [object]$__cmdletization_value = ${ProxyPacUrl} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyServer')) { [object]$__cmdletization_value = ${ProxyServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyBypass')) { [object]$__cmdletization_value = ${ProxyBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceUseProxyOnly')) { [object]$__cmdletization_value = ${ForceUseProxyOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableTlsParsing')) { [object]$__cmdletization_value = ${DisableTlsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableHttpParsing')) { [object]$__cmdletization_value = ${DisableHttpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsParsing')) { [object]$__cmdletization_value = ${DisableDnsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsOverTcpParsing')) { [object]$__cmdletization_value = ${DisableDnsOverTcpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableSshParsing')) { [object]$__cmdletization_value = ${DisableSshParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PlatformUpdatesChannel')) { [object]$__cmdletization_value = ${PlatformUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EngineUpdatesChannel')) { [object]$__cmdletization_value = ${EngineUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference. ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93117 Keywords=None Message=Creating Scriptblock text (5 of 15): mdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRestorePoint')) { [object]$__cmdletization_value = ${DisableRestorePoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningMappedNetworkDrivesForFullScan')) { [object]$__cmdletization_value = ${DisableScanningMappedNetworkDrivesForFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningNetworkFiles')) { [object]$__cmdletization_value = ${DisableScanningNetworkFiles} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UILockdown')) { [object]$__cmdletization_value = ${UILockdown} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UnknownThreatDefaultAction')) { [object]$__cmdletization_value = ${UnknownThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LowThreatDefaultAction')) { [object]$__cmdletization_value = ${LowThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ModerateThreatDefaultAction')) { [object]$__cmdletization_value = ${ModerateThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('HighThreatDefaultAction')) { [object]$__cmdletization_value = ${HighThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SevereThreatDefaultAction')) { [object]$__cmdletization_value = ${SevereThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBlockAtFirstSeen')) { [object]$__cmdletization_value = ${DisableBlockAtFirstSeen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PUAProtection')) { [object]$__cmdletization_value = ${PUAProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudBlockLevel')) { [object]$__cmdletization_value = ${CloudBlockLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudExtendedTimeout')) { [object]$__cmdletization_value = ${CloudExtendedTimeout} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableNetworkProtection')) { [object]$__cmdletization_value = ${EnableNetworkProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableControlledFolderAccess')) { [object]$__cmdletization_value = ${EnableControlledFolderAccess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93116 Keywords=None Message=Creating Scriptblock text (4 of 15): MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionOnWinServer')) { [object]$__cmdletization_value = ${AllowNetworkProtectionOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDatagramProcessing')) { [object]$__cmdletization_value = ${DisableDatagramProcessing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCpuThrottleOnIdleScans')) { [object]$__cmdletization_value = ${DisableCpuThrottleOnIdleScans} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MAPSReporting')) { [object]$__cmdletization_value = ${MAPSReporting} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SubmitSamplesConsent')) { [object]$__cmdletization_value = ${SubmitSamplesConsent} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableAutoExclusions')) { [object]$__cmdletization_value = ${DisableAutoExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisablePrivacyMode')) { [object]$__cmdletization_value = ${DisablePrivacyMode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeScheduleTaskTimes')) { [object]$__cmdletization_value = ${RandomizeScheduleTaskTimes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SchedulerRandomizationTime')) { [object]$__cmdletization_value = ${SchedulerRandomizationTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBehaviorMonitoring')) { [object]$__cmdletization_value = ${DisableBehaviorMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIntrusionPreventionSystem')) { [object]$__cmdletization_value = ${DisableIntrusionPreventionSystem} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIOAVProtection')) { [object]$__cmdletization_value = ${DisableIOAVProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRealtimeMonitoring')) { [object]$__cmdletization_value = ${DisableRealtimeMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScriptScanning')) { [object]$__cmdletization_value = ${DisableScriptScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableArchiveScanning')) { [object]$__cmdletization_value = ${DisableArchiveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupFullScan')) { [object]$__cmdletization_value = ${DisableCatchupFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupQuickScan')) { [object]$__cmdletization_value = ${DisableCatchupQuickScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableEmailScanning')) { [object]$__cmdletization_value = ${DisableEmailScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRemovableDriveScanning')) { [object]$__cmdletization_value = ${DisableRemovableDriveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.C ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93115 Keywords=None Message=Creating Scriptblock text (3 of 15): aultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanOnlyIfIdleEnabled')) { [object]$__cmdletization_value = ${ScanOnlyIfIdleEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanParameters')) { [object]$__cmdletization_value = ${ScanParameters} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleDay')) { [object]$__cmdletization_value = ${ScanScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleQuickScanTime')) { [object]$__cmdletization_value = ${ScanScheduleQuickScanTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleTime')) { [object]$__cmdletization_value = ${ScanScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThrottleForScheduledScanOnly')) { [object]$__cmdletization_value = ${ThrottleForScheduledScanOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFirstAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureFirstAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDefinitionUpdateFileSharesSources')) { [object]$__cmdletization_value = ${SignatureDefinitionUpdateFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDisableUpdateOnStartupWithoutEngine')) { [object]$__cmdletization_value = ${SignatureDisableUpdateOnStartupWithoutEngine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFallbackOrder')) { [object]$__cmdletization_value = ${SignatureFallbackOrder} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SharedSignaturesPath')) { [object]$__cmdletization_value = ${SharedSignaturesPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleDay')) { [object]$__cmdletization_value = ${SignatureScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleTime')) { [object]$__cmdletization_value = ${SignatureScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateCatchupInterval')) { [object]$__cmdletization_value = ${SignatureUpdateCatchupInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateInterval')) { [object]$__cmdletization_value = ${SignatureUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobUpdateInterval')) { [object]$__cmdletization_value = ${SignatureBlobUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobFileSharesSources')) { [object]$__cmdletization_value = ${SignatureBlobFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MeteredConnectionUpdates')) { [object]$__cmdletization_value = ${MeteredConnectionUpdates} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization. ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93114 Keywords=None Message=Creating Scriptblock text (2 of 15): t0')] [Alias('dhttpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableHttpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('ddnsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDnsParsing}, [Parameter(ParameterSetName='Set0')] [Alias('ddnstcpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDnsOverTcpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dsshp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableSshParsing}, [Parameter(ParameterSetName='Set0')] [Alias('puc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Beta','Preview','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${PlatformUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('euc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Beta','Preview','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${EngineUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('duc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${DefinitionUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('dgr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableGradualRelease}, [Parameter(ParameterSetName='Set0')] [Alias('anpdl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowNetworkProtectionDownLevel}, [Parameter(ParameterSetName='Set0')] [Alias('adpows')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowDatagramProcessingOnWinServer}, [Parameter(ParameterSetName='Set0')] [Alias('ednss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableDnsSinkhole}, [Parameter(ParameterSetName='Set0')] [Alias('dicf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableInboundConnectionFiltering}, [Parameter(ParameterSetName='Set0')] [Alias('drdpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRdpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dnppt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableNetworkProtectionPerfTelemetry}, [Parameter(ParameterSetName='Set0')] [Alias('tlps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${TrustLabelProtectionStatus}, [Parameter(ParameterSetName='Set0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RealTimeScanDirection')) { [object]$__cmdletization_value = ${RealTimeScanDirection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuarantinePurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${QuarantinePurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleDay')) { [object]$__cmdletization_value = ${RemediationScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleTime')) { [object]$__cmdletization_value = ${RemediationScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingAdditionalActionTimeOut')) { [object]$__cmdletization_value = ${ReportingAdditionalActionTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingCriticalFailureTimeOut')) { [object]$__cmdletization_value = ${ReportingCriticalFailureTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingNonCriticalTimeOut')) { [object]$__cmdletization_value = ${ReportingNonCriticalTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanAvgCPULoadFactor')) { [object]$__cmdletization_value = ${ScanAvgCPULoadFactor} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CheckForSignaturesBeforeRunningScan')) { [object]$__cmdletization_value = ${CheckForSignaturesBeforeRunningScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${ScanPurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_def ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93113 Keywords=None Message=Creating Scriptblock text (1 of 15): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root\Microsoft\Windows\Defender\MSFT_MpPreference' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Set-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Set0')] [Alias('rtsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Both','Incoming','Outcoming')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection] ${RealTimeScanDirection}, [Parameter(ParameterSetName='Set0')] [Alias('qpiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${QuarantinePurgeItemsAfterDelay}, [Parameter(ParameterSetName='Set0')] [Alias('rsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${RemediationScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('rst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${RemediationScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('raat')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingAdditionalActionTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('rcto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingCriticalFailureTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('rncto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingNonCriticalTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('saclf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${ScanAvgCPULoadFactor}, [Parameter(ParameterSetName='Set0')] [Alias('csbr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${CheckForSignaturesBeforeRunningScan}, [Parameter(ParameterSetName='Set0')] [Alias('spiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ScanPurgeItemsAfterDelay}, [Parameter(ParameterSetName='Set0')] [Alias('soiie')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ScanOnlyIfIdleEnabled}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('QuickScan','FullScan')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType] ${ScanParameters}, [Parameter(ParameterSetName='Set0')] [Alias('scsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${ScanScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('scsqst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${ScanScheduleQuickScanTime}, [Parameter(ParameterSetName='Set0')] [Alias('scst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${ScanScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('tfsso')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ThrottleForScheduledScanOnly}, [Parameter(ParameterSetName='Set0')] [Alias('sigfagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureFirstAuGracePeriod}, [Parameter(ParameterSetName='Set0')] [Alias('sigagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureAuGracePeriod}, [Parameter(ParameterSetName='Set0')] [Alias('sigdufss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureDefinitionUpdateFileSharesSources}, [Parameter(ParameterSetName='Set0')] [Alias('sigduoswo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${SignatureDisableUpdateOnStartupWithoutEngine}, [Parameter(ParameterSetName='Set0')] [Alias('sfo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureFallbackOrder}, [Parameter(ParameterSetName='Set0')] [Alias('ssp','SecurityIntelligenceLocation','ssl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SharedSignaturesPath}, [Parameter(ParameterSetName='Set0')] [Alias('sigsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${SignatureScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('sigst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${SignatureScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('siguci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureUpdateCatchupInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureUpdateInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigbui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureBlobUpdateInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigbfs')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureBlobFileSharesSources}, [Parameter(ParameterSetName='Set0')] [Alias('mcupd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${MeteredConnectionUpdates}, [Parameter(ParameterSetName='Set0')] [Alias('anpws')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowNetworkProtectionOnWinServer}, [Parameter(ParameterSetName='Set0')] [Alias('ddtgp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDatagramProcessing}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCpuThrottleOnIdleScans}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Basic','Advanced')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType] ${MAPSReporting}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('AlwaysPrompt','SendSafeSamples','NeverSend','SendAllSamples')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType] ${SubmitSamplesConsent}, [Parameter(ParameterSetName='Set0')] [Alias('dae')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableAutoExclusions}, [Parameter(ParameterSetName='Set0')] [Alias('dpm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisablePrivacyMode}, [Parameter(ParameterSetName='Set0')] [Alias('rstt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${RandomizeScheduleTaskTimes}, [Parameter(ParameterSetName='Set0')] [Alias('srt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SchedulerRandomizationTime}, [Parameter(ParameterSetName='Set0')] [Alias('dbm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableBehaviorMonitoring}, [Parameter(ParameterSetName='Set0')] [Alias('dips')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableIntrusionPreventionSystem}, [Parameter(ParameterSetName='Set0')] [Alias('dioavp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableIOAVProtection}, [Parameter(ParameterSetName='Set0')] [Alias('drtm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRealtimeMonitoring}, [Parameter(ParameterSetName='Set0')] [Alias('dscrptsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScriptScanning}, [Parameter(ParameterSetName='Set0')] [Alias('darchsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableArchiveScanning}, [Parameter(ParameterSetName='Set0')] [Alias('dcfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCatchupFullScan}, [Parameter(ParameterSetName='Set0')] [Alias('dcqsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCatchupQuickScan}, [Parameter(ParameterSetName='Set0')] [Alias('demsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableEmailScanning}, [Parameter(ParameterSetName='Set0')] [Alias('drdsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRemovableDriveScanning}, [Parameter(ParameterSetName='Set0')] [Alias('drp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRestorePoint}, [Parameter(ParameterSetName='Set0')] [Alias('dsmndfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScanningMappedNetworkDrivesForFullScan}, [Parameter(ParameterSetName='Set0')] [Alias('dsnf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScanningNetworkFiles}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${UILockdown}, [Parameter(ParameterSetName='Set0')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Set0')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Set0')] [Alias('unktdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${UnknownThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('ltdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${LowThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('mtdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${ModerateThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('htdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${HighThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('stdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${SevereThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [switch] ${Force}, [Parameter(ParameterSetName='Set0')] [Alias('dbaf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableBlockAtFirstSeen}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType] ${PUAProtection}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Default','Moderate','High','HighPlus','ZeroTolerance')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType] ${CloudBlockLevel}, [Parameter(ParameterSetName='Set0')] [Alias('cloudextimeout')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${CloudExtendedTimeout}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType] ${EnableNetworkProtection}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode','BlockDiskModificationOnly','AuditDiskModificationOnly')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType] ${EnableControlledFolderAccess}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Set0')] [Alias('elcp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableLowCpuPriority}, [Parameter(ParameterSetName='Set0')] [Alias('efhc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableFileHashComputation}, [Parameter(ParameterSetName='Set0')] [Alias('efsobp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableFullScanOnBatteryPower}, [Parameter(ParameterSetName='Set0')] [Alias('ppurl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ProxyPacUrl}, [Parameter(ParameterSetName='Set0')] [Alias('proxsrv')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ProxyServer}, [Parameter(ParameterSetName='Set0')] [Alias('proxbps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ProxyBypass}, [Parameter(ParameterSetName='Set0')] [Alias('fupo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ForceUseProxyOnly}, [Parameter(ParameterSetName='Set0')] [Alias('dtlsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableTlsParsing}, [Parameter(ParameterSetName='Se ScriptBlock ID: 0925383a-d0d0-4d6e-bcd2-7524d645a118 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93112 Keywords=None Message=Completed invocation of ScriptBlock ID: 92c6ff01-a1ef-4375-b40e-bdf1c53012f7 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93111 Keywords=None Message=Started invocation of ScriptBlock ID: 92c6ff01-a1ef-4375-b40e-bdf1c53012f7 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93110 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus' $script:ClassVersion = '' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpComputerStatus { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpComputerStatus.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpComputerStatus' -Alias '*' ScriptBlock ID: 92c6ff01-a1ef-4375-b40e-bdf1c53012f7 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93109 Keywords=None Message=Completed invocation of ScriptBlock ID: 947fe5e1-edf1-4f44-92f6-88d35b703f1f Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93108 Keywords=None Message=Started invocation of ScriptBlock ID: 947fe5e1-edf1-4f44-92f6-88d35b703f1f Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93107 Keywords=None Message=Started invocation of ScriptBlock ID: ee5c9a67-4c7c-45c0-b368-acaf13cfd383 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93106 Keywords=None Message=Creating Scriptblock text (1 of 1): Set-MpPreference -ExclusionPath 'C:\' ScriptBlock ID: ee5c9a67-4c7c-45c0-b368-acaf13cfd383 Path: 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40962 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Stop RecordNumber=93105 Keywords=None Message=PowerShell console is ready for user input 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=53504 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Named Pipe IPC OpCode=Open (async) RecordNumber=93104 Keywords=None Message=Windows PowerShell has started an IPC listening thread on process: 1920 in AppDomain: DefaultAppDomain. 01/20/2022 01:59:09 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40961 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Start RecordNumber=93103 Keywords=None Message=PowerShell console is starting up 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93174 Keywords=None Message=Completed invocation of ScriptBlock ID: db7fd1f2-c21d-4606-86de-5ce8397e6d9f Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93173 Keywords=None Message=Started invocation of ScriptBlock ID: db7fd1f2-c21d-4606-86de-5ce8397e6d9f Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93172 Keywords=None Message=Creating Scriptblock text (1 of 1): $global:? ScriptBlock ID: db7fd1f2-c21d-4606-86de-5ce8397e6d9f Path: 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93171 Keywords=None Message=Completed invocation of ScriptBlock ID: ee5c9a67-4c7c-45c0-b368-acaf13cfd383 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93170 Keywords=None Message=Completed invocation of ScriptBlock ID: f1b611c8-fd91-4a2d-9b84-df9d78dd3ed2 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93169 Keywords=None Message=Completed invocation of ScriptBlock ID: 4093c25a-739a-4f2a-a1da-abf3e4d2c113 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93168 Keywords=None Message=Started invocation of ScriptBlock ID: 4093c25a-739a-4f2a-a1da-abf3e4d2c113 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93167 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.OriginInfo } ScriptBlock ID: 4093c25a-739a-4f2a-a1da-abf3e4d2c113 Path: 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93166 Keywords=None Message=Completed invocation of ScriptBlock ID: 7bb45dcf-6576-4f2d-894e-9b212d7f1903 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93165 Keywords=None Message=Started invocation of ScriptBlock ID: 7bb45dcf-6576-4f2d-894e-9b212d7f1903 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93164 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.ErrorCategory_Message } ScriptBlock ID: 7bb45dcf-6576-4f2d-894e-9b212d7f1903 Path: 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93163 Keywords=None Message=Completed invocation of ScriptBlock ID: 3f54a5ea-45db-4f05-8388-e1e969e50869 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93162 Keywords=None Message=Completed invocation of ScriptBlock ID: 80199f0f-ebb3-45e9-8270-46f520c92b02 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93161 Keywords=None Message=Completed invocation of ScriptBlock ID: abc03bf8-2f2d-47cc-bda5-31959053443d Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93160 Keywords=None Message=Started invocation of ScriptBlock ID: abc03bf8-2f2d-47cc-bda5-31959053443d Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93159 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails } ScriptBlock ID: abc03bf8-2f2d-47cc-bda5-31959053443d Path: 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93158 Keywords=None Message=Started invocation of ScriptBlock ID: 80199f0f-ebb3-45e9-8270-46f520c92b02 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93157 Keywords=None Message=Started invocation of ScriptBlock ID: 3f54a5ea-45db-4f05-8388-e1e969e50869 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93156 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.PSMessageDetails } ScriptBlock ID: 3f54a5ea-45db-4f05-8388-e1e969e50869 Path: 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93155 Keywords=None Message=Started invocation of ScriptBlock ID: f1b611c8-fd91-4a2d-9b84-df9d78dd3ed2 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93154 Keywords=None Message=Completed invocation of ScriptBlock ID: 8eec40e3-0fa7-445e-a051-e0b13d043893 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93153 Keywords=None Message=Started invocation of ScriptBlock ID: 8eec40e3-0fa7-445e-a051-e0b13d043893 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93152 Keywords=None Message=Completed invocation of ScriptBlock ID: f5f89272-ca60-4438-b2d9-65afe2963f6f Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93151 Keywords=None Message=Started invocation of ScriptBlock ID: f5f89272-ca60-4438-b2d9-65afe2963f6f Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93150 Keywords=None Message=Creating Scriptblock text (1 of 1): function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: f5f89272-ca60-4438-b2d9-65afe2963f6f Path: 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93149 Keywords=None Message=Completed invocation of ScriptBlock ID: 852b6bd2-a431-4cda-8cb6-062261cc3e35 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:10 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93148 Keywords=None Message=Started invocation of ScriptBlock ID: 852b6bd2-a431-4cda-8cb6-062261cc3e35 Runspace ID: e8b43c7f-9d9f-4d29-9480-5aaa0f1ad67e 01/20/2022 01:59:28 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93179 Keywords=None Message=Started invocation of ScriptBlock ID: 724222f0-a0cb-4097-8f7f-9917f7b87ac5 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:28 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93178 Keywords=None Message=Creating Scriptblock text (1 of 1): Set-MpPreference -ExclusionPath 'C:\' ScriptBlock ID: 724222f0-a0cb-4097-8f7f-9917f7b87ac5 Path: 01/20/2022 01:59:28 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40962 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Stop RecordNumber=93177 Keywords=None Message=PowerShell console is ready for user input 01/20/2022 01:59:28 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=53504 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Named Pipe IPC OpCode=Open (async) RecordNumber=93176 Keywords=None Message=Windows PowerShell has started an IPC listening thread on process: 4772 in AppDomain: DefaultAppDomain. 01/20/2022 01:59:28 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40961 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Start RecordNumber=93175 Keywords=None Message=PowerShell console is starting up 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93248 Keywords=None Message=Completed invocation of ScriptBlock ID: bb426342-dfb7-4b6b-94b3-30d361572d8e Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93247 Keywords=None Message=Started invocation of ScriptBlock ID: bb426342-dfb7-4b6b-94b3-30d361572d8e Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93246 Keywords=None Message=Creating Scriptblock text (1 of 1): $global:? ScriptBlock ID: bb426342-dfb7-4b6b-94b3-30d361572d8e Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93245 Keywords=None Message=Completed invocation of ScriptBlock ID: 724222f0-a0cb-4097-8f7f-9917f7b87ac5 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93244 Keywords=None Message=Completed invocation of ScriptBlock ID: 03a7505b-e6c7-420f-b016-2d92591b9011 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93243 Keywords=None Message=Completed invocation of ScriptBlock ID: 9da755e1-407c-4f7f-947d-4ac674749279 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93242 Keywords=None Message=Started invocation of ScriptBlock ID: 9da755e1-407c-4f7f-947d-4ac674749279 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93241 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.OriginInfo } ScriptBlock ID: 9da755e1-407c-4f7f-947d-4ac674749279 Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93240 Keywords=None Message=Completed invocation of ScriptBlock ID: 7fd4e811-6ca4-4c89-b6fd-0d117b6546f7 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93239 Keywords=None Message=Started invocation of ScriptBlock ID: 7fd4e811-6ca4-4c89-b6fd-0d117b6546f7 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93238 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.ErrorCategory_Message } ScriptBlock ID: 7fd4e811-6ca4-4c89-b6fd-0d117b6546f7 Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93237 Keywords=None Message=Completed invocation of ScriptBlock ID: 2115f8cc-2b7e-44d5-87fb-8186fade3cbf Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93236 Keywords=None Message=Completed invocation of ScriptBlock ID: 58e954e6-9157-4e98-9ac0-2374544912dc Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93235 Keywords=None Message=Completed invocation of ScriptBlock ID: fa3ffe99-514f-47e6-a00b-3b062b22317c Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93234 Keywords=None Message=Started invocation of ScriptBlock ID: fa3ffe99-514f-47e6-a00b-3b062b22317c Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93233 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails } ScriptBlock ID: fa3ffe99-514f-47e6-a00b-3b062b22317c Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93232 Keywords=None Message=Started invocation of ScriptBlock ID: 58e954e6-9157-4e98-9ac0-2374544912dc Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93231 Keywords=None Message=Started invocation of ScriptBlock ID: 2115f8cc-2b7e-44d5-87fb-8186fade3cbf Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93230 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.PSMessageDetails } ScriptBlock ID: 2115f8cc-2b7e-44d5-87fb-8186fade3cbf Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93229 Keywords=None Message=Started invocation of ScriptBlock ID: 03a7505b-e6c7-420f-b016-2d92591b9011 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93228 Keywords=None Message=Completed invocation of ScriptBlock ID: 1d15fe9f-268c-4936-8949-fec0cd570f9d Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93227 Keywords=None Message=Started invocation of ScriptBlock ID: 1d15fe9f-268c-4936-8949-fec0cd570f9d Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93226 Keywords=None Message=Completed invocation of ScriptBlock ID: e41bbec3-66f0-49f5-b881-f60c19d056bd Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93225 Keywords=None Message=Started invocation of ScriptBlock ID: e41bbec3-66f0-49f5-b881-f60c19d056bd Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93224 Keywords=None Message=Creating Scriptblock text (1 of 1): function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: e41bbec3-66f0-49f5-b881-f60c19d056bd Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93223 Keywords=None Message=Completed invocation of ScriptBlock ID: c0c54aa8-48b5-4981-8a19-b77e9a8bf8be Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93222 Keywords=None Message=Started invocation of ScriptBlock ID: c0c54aa8-48b5-4981-8a19-b77e9a8bf8be Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93221 Keywords=None Message=Completed invocation of ScriptBlock ID: 572c3d09-7b44-4752-9a15-acba706648f3 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93220 Keywords=None Message=Started invocation of ScriptBlock ID: 572c3d09-7b44-4752-9a15-acba706648f3 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93219 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpWDOScan' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Start-MpWDOScan { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Start0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Start0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Start0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Start', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpWDOScan.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Start-MpWDOScan' -Alias '*' ScriptBlock ID: 572c3d09-7b44-4752-9a15-acba706648f3 Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93218 Keywords=None Message=Completed invocation of ScriptBlock ID: c2797b51-255c-4e38-9646-ec093ad13454 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93217 Keywords=None Message=Started invocation of ScriptBlock ID: c2797b51-255c-4e38-9646-ec093ad13454 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93216 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpSignature' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Update-MpSignature { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Update0')] [AllowEmptyString()] [AllowNull()] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('InternalDefinitionUpdateServer','MicrosoftUpdateServer','MMPC','FileShares')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource] ${UpdateSource}, [Parameter(ParameterSetName='Update0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Update0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Update0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UpdateSource')) { [object]$__cmdletization_value = ${UpdateSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UpdateSource'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UpdateSource'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpSignature.UpdateSource'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Update', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpSignature.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Update-MpSignature' -Alias '*' ScriptBlock ID: c2797b51-255c-4e38-9646-ec093ad13454 Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93215 Keywords=None Message=Completed invocation of ScriptBlock ID: deb29f03-db9a-4ec6-8d27-93a14c76a79c Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93214 Keywords=None Message=Started invocation of ScriptBlock ID: deb29f03-db9a-4ec6-8d27-93a14c76a79c Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93213 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpScan' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Start-MpScan { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Start0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ScanPath}, [Parameter(ParameterSetName='Start0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('FullScan','QuickScan','CustomScan')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType] ${ScanType}, [Parameter(ParameterSetName='Start0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Start0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Start0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPath')) { [object]$__cmdletization_value = ${ScanPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanType')) { [object]$__cmdletization_value = ${ScanType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpScan.ScanType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Start', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpScan.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Start-MpScan' -Alias '*' ScriptBlock ID: deb29f03-db9a-4ec6-8d27-93a14c76a79c Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93212 Keywords=None Message=Completed invocation of ScriptBlock ID: 8849e1dd-6c07-4c1e-a7d1-1476a4d5c742 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93211 Keywords=None Message=Started invocation of ScriptBlock ID: 8849e1dd-6c07-4c1e-a7d1-1476a4d5c742 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93210 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreatDetection' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpThreatDetection { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreatDetection')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreatDetection.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreatDetection' -Alias '*' ScriptBlock ID: 8849e1dd-6c07-4c1e-a7d1-1476a4d5c742 Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93209 Keywords=None Message=Completed invocation of ScriptBlock ID: 6e21683b-691b-4a89-b680-bede0dd3d3de Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93208 Keywords=None Message=Started invocation of ScriptBlock ID: 6e21683b-691b-4a89-b680-bede0dd3d3de Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93207 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreatCatalog' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpThreatCatalog { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreatCatalog')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreatCatalog.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreatCatalog' -Alias '*' ScriptBlock ID: 6e21683b-691b-4a89-b680-bede0dd3d3de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93206 Keywords=None Message=Completed invocation of ScriptBlock ID: b68a71d0-7e07-4ec6-b4eb-a9e7488886de Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93205 Keywords=None Message=Started invocation of ScriptBlock ID: b68a71d0-7e07-4ec6-b4eb-a9e7488886de Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93204 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpThreat' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Remove-MpThreat { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Remove0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreat.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-MpThreat' -Alias '*' function Get-MpThreat { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpThreat')] param( [Parameter(ParameterSetName='ById')] [Alias('ID')] [ValidateNotNull()] [long[]] ${ThreatID}, [Parameter(ParameterSetName='ById')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ById')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ById')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ThreatID') -and (@('ById') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ThreatID}) $__cmdletization_queryBuilder.FilterByProperty('ThreatID', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpThreat.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpThreat' -Alias '*' ScriptBlock ID: b68a71d0-7e07-4ec6-b4eb-a9e7488886de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93203 Keywords=None Message=Completed invocation of ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93202 Keywords=None Message=Started invocation of ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93201 Keywords=None Message=Creating Scriptblock text (17 of 17): ${AllowDatagramProcessingOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDnsSinkhole')) { [object]$__cmdletization_value = ${EnableDnsSinkhole} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableInboundConnectionFiltering')) { [object]$__cmdletization_value = ${DisableInboundConnectionFiltering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRdpParsing')) { [object]$__cmdletization_value = ${DisableRdpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableNetworkProtectionPerfTelemetry')) { [object]$__cmdletization_value = ${DisableNetworkProtectionPerfTelemetry} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TrustLabelProtectionStatus')) { [object]$__cmdletization_value = ${TrustLabelProtectionStatus} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-MpPreference' -Alias '*' function Get-MpPreference { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root\Microsoft\Windows\Defender\MSFT_MpPreference')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpPreference' -Alias '*' ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93200 Keywords=None Message=Creating Scriptblock text (16 of 17): n_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFullScanOnBatteryPower')) { [object]$__cmdletization_value = ${EnableFullScanOnBatteryPower} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyPacUrl')) { [object]$__cmdletization_value = ${ProxyPacUrl} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyServer')) { [object]$__cmdletization_value = ${ProxyServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyBypass')) { [object]$__cmdletization_value = ${ProxyBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceUseProxyOnly')) { [object]$__cmdletization_value = ${ForceUseProxyOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableTlsParsing')) { [object]$__cmdletization_value = ${DisableTlsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableHttpParsing')) { [object]$__cmdletization_value = ${DisableHttpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsParsing')) { [object]$__cmdletization_value = ${DisableDnsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsOverTcpParsing')) { [object]$__cmdletization_value = ${DisableDnsOverTcpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableSshParsing')) { [object]$__cmdletization_value = ${DisableSshParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PlatformUpdatesChannel')) { [object]$__cmdletization_value = ${PlatformUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EngineUpdatesChannel')) { [object]$__cmdletization_value = ${EngineUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefinitionUpdatesChannel')) { [object]$__cmdletization_value = ${DefinitionUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableGradualRelease')) { [object]$__cmdletization_value = ${DisableGradualRelease} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionDownLevel')) { [object]$__cmdletization_value = ${AllowNetworkProtectionDownLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowDatagramProcessingOnWinServer')) { [object]$__cmdletization_value = ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93199 Keywords=None Message=Creating Scriptblock text (15 of 17): lue = ${ModerateThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('HighThreatDefaultAction')) { [object]$__cmdletization_value = ${HighThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SevereThreatDefaultAction')) { [object]$__cmdletization_value = ${SevereThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBlockAtFirstSeen')) { [object]$__cmdletization_value = ${DisableBlockAtFirstSeen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PUAProtection')) { [object]$__cmdletization_value = ${PUAProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudBlockLevel')) { [object]$__cmdletization_value = ${CloudBlockLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudExtendedTimeout')) { [object]$__cmdletization_value = ${CloudExtendedTimeout} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableNetworkProtection')) { [object]$__cmdletization_value = ${EnableNetworkProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableControlledFolderAccess')) { [object]$__cmdletization_value = ${EnableControlledFolderAccess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableLowCpuPriority')) { [object]$__cmdletization_value = ${EnableLowCpuPriority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFileHashComputation')) { [object]$__cmdletization_value = ${EnableFileHashComputation} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletizatio ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93198 Keywords=None Message=Creating Scriptblock text (14 of 17): $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRealtimeMonitoring')) { [object]$__cmdletization_value = ${DisableRealtimeMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScriptScanning')) { [object]$__cmdletization_value = ${DisableScriptScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableArchiveScanning')) { [object]$__cmdletization_value = ${DisableArchiveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupFullScan')) { [object]$__cmdletization_value = ${DisableCatchupFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupQuickScan')) { [object]$__cmdletization_value = ${DisableCatchupQuickScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableEmailScanning')) { [object]$__cmdletization_value = ${DisableEmailScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRemovableDriveScanning')) { [object]$__cmdletization_value = ${DisableRemovableDriveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRestorePoint')) { [object]$__cmdletization_value = ${DisableRestorePoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningMappedNetworkDrivesForFullScan')) { [object]$__cmdletization_value = ${DisableScanningMappedNetworkDrivesForFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningNetworkFiles')) { [object]$__cmdletization_value = ${DisableScanningNetworkFiles} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UILockdown')) { [object]$__cmdletization_value = ${UILockdown} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UnknownThreatDefaultAction')) { [object]$__cmdletization_value = ${UnknownThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LowThreatDefaultAction')) { [object]$__cmdletization_value = ${LowThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ModerateThreatDefaultAction')) { [object]$__cmdletization_va ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93197 Keywords=None Message=Creating Scriptblock text (13 of 17): mdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobUpdateInterval')) { [object]$__cmdletization_value = ${SignatureBlobUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobFileSharesSources')) { [object]$__cmdletization_value = ${SignatureBlobFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MeteredConnectionUpdates')) { [object]$__cmdletization_value = ${MeteredConnectionUpdates} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionOnWinServer')) { [object]$__cmdletization_value = ${AllowNetworkProtectionOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDatagramProcessing')) { [object]$__cmdletization_value = ${DisableDatagramProcessing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCpuThrottleOnIdleScans')) { [object]$__cmdletization_value = ${DisableCpuThrottleOnIdleScans} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MAPSReporting')) { [object]$__cmdletization_value = ${MAPSReporting} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SubmitSamplesConsent')) { [object]$__cmdletization_value = ${SubmitSamplesConsent} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableAutoExclusions')) { [object]$__cmdletization_value = ${DisableAutoExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisablePrivacyMode')) { [object]$__cmdletization_value = ${DisablePrivacyMode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeScheduleTaskTimes')) { [object]$__cmdletization_value = ${RandomizeScheduleTaskTimes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SchedulerRandomizationTime')) { [object]$__cmdletization_value = ${SchedulerRandomizationTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBehaviorMonitoring')) { [object]$__cmdletization_value = ${DisableBehaviorMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIntrusionPreventionSystem')) { [object]$__cmdletization_value = ${DisableIntrusionPreventionSystem} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIOAVProtection')) { [object]$__cmdletization_value = ${DisableIOAVProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93196 Keywords=None Message=Creating Scriptblock text (12 of 17): eEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanParameters')) { [object]$__cmdletization_value = ${ScanParameters} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleDay')) { [object]$__cmdletization_value = ${ScanScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleQuickScanTime')) { [object]$__cmdletization_value = ${ScanScheduleQuickScanTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleTime')) { [object]$__cmdletization_value = ${ScanScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThrottleForScheduledScanOnly')) { [object]$__cmdletization_value = ${ThrottleForScheduledScanOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFirstAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureFirstAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDefinitionUpdateFileSharesSources')) { [object]$__cmdletization_value = ${SignatureDefinitionUpdateFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDisableUpdateOnStartupWithoutEngine')) { [object]$__cmdletization_value = ${SignatureDisableUpdateOnStartupWithoutEngine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFallbackOrder')) { [object]$__cmdletization_value = ${SignatureFallbackOrder} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SharedSignaturesPath')) { [object]$__cmdletization_value = ${SharedSignaturesPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleDay')) { [object]$__cmdletization_value = ${SignatureScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleTime')) { [object]$__cmdletization_value = ${SignatureScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateCatchupInterval')) { [object]$__cmdletization_value = ${SignatureUpdateCatchupInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateInterval')) { [object]$__cmdletization_value = ${SignatureUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__c ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93195 Keywords=None Message=Creating Scriptblock text (11 of 17): odelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RealTimeScanDirection')) { [object]$__cmdletization_value = ${RealTimeScanDirection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuarantinePurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${QuarantinePurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleDay')) { [object]$__cmdletization_value = ${RemediationScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleTime')) { [object]$__cmdletization_value = ${RemediationScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingAdditionalActionTimeOut')) { [object]$__cmdletization_value = ${ReportingAdditionalActionTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingCriticalFailureTimeOut')) { [object]$__cmdletization_value = ${ReportingCriticalFailureTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingNonCriticalTimeOut')) { [object]$__cmdletization_value = ${ReportingNonCriticalTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanAvgCPULoadFactor')) { [object]$__cmdletization_value = ${ScanAvgCPULoadFactor} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CheckForSignaturesBeforeRunningScan')) { [object]$__cmdletization_value = ${CheckForSignaturesBeforeRunningScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${ScanPurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanOnlyIfIdleEnabled')) { [object]$__cmdletization_value = ${ScanOnlyIfIdl ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93194 Keywords=None Message=Creating Scriptblock text (10 of 17): lOrEmpty()] [switch] ${ScanOnlyIfIdleEnabled}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanParameters}, [Parameter(ParameterSetName='Remove2')] [Alias('scsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('scsqst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleQuickScanTime}, [Parameter(ParameterSetName='Remove2')] [Alias('scst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('tfsso')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ThrottleForScheduledScanOnly}, [Parameter(ParameterSetName='Remove2')] [Alias('sigfagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureFirstAuGracePeriod}, [Parameter(ParameterSetName='Remove2')] [Alias('sigagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureAuGracePeriod}, [Parameter(ParameterSetName='Remove2')] [Alias('sigdufss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureDefinitionUpdateFileSharesSources}, [Parameter(ParameterSetName='Remove2')] [Alias('sigduoswo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureDisableUpdateOnStartupWithoutEngine}, [Parameter(ParameterSetName='Remove2')] [Alias('sfo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureFallbackOrder}, [Parameter(ParameterSetName='Remove2')] [Alias('ssp','SecurityIntelligenceLocation','ssl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SharedSignaturesPath}, [Parameter(ParameterSetName='Remove2')] [Alias('sigsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('sigst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('siguci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureUpdateCatchupInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureUpdateInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigbui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureBlobUpdateInterval}, [Parameter(ParameterSetName='Remove2')] [Alias('sigbfs')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SignatureBlobFileSharesSources}, [Parameter(ParameterSetName='Remove2')] [Alias('mcupd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${MeteredConnectionUpdates}, [Parameter(ParameterSetName='Remove2')] [Alias('anpws')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowNetworkProtectionOnWinServer}, [Parameter(ParameterSetName='Remove2')] [Alias('ddtgp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDatagramProcessing}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCpuThrottleOnIdleScans}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${MAPSReporting}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SubmitSamplesConsent}, [Parameter(ParameterSetName='Remove2')] [Alias('dae')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableAutoExclusions}, [Parameter(ParameterSetName='Remove2')] [Alias('dpm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisablePrivacyMode}, [Parameter(ParameterSetName='Remove2')] [Alias('rstt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RandomizeScheduleTaskTimes}, [Parameter(ParameterSetName='Remove2')] [Alias('srt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SchedulerRandomizationTime}, [Parameter(ParameterSetName='Remove2')] [Alias('dbm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableBehaviorMonitoring}, [Parameter(ParameterSetName='Remove2')] [Alias('dips')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableIntrusionPreventionSystem}, [Parameter(ParameterSetName='Remove2')] [Alias('dioavp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableIOAVProtection}, [Parameter(ParameterSetName='Remove2')] [Alias('drtm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRealtimeMonitoring}, [Parameter(ParameterSetName='Remove2')] [Alias('dscrptsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScriptScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('darchsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableArchiveScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('dcfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCatchupFullScan}, [Parameter(ParameterSetName='Remove2')] [Alias('dcqsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableCatchupQuickScan}, [Parameter(ParameterSetName='Remove2')] [Alias('demsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableEmailScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('drdsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRemovableDriveScanning}, [Parameter(ParameterSetName='Remove2')] [Alias('drp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRestorePoint}, [Parameter(ParameterSetName='Remove2')] [Alias('dsmndfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScanningMappedNetworkDrivesForFullScan}, [Parameter(ParameterSetName='Remove2')] [Alias('dsnf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableScanningNetworkFiles}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UILockdown}, [Parameter(ParameterSetName='Remove2')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Remove2')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Remove2')] [Alias('unktdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UnknownThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('ltdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${LowThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('mtdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ModerateThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('htdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${HighThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('stdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${SevereThreatDefaultAction}, [Parameter(ParameterSetName='Remove2')] [Alias('dbaf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableBlockAtFirstSeen}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PUAProtection}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CloudBlockLevel}, [Parameter(ParameterSetName='Remove2')] [Alias('cloudextimeout')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CloudExtendedTimeout}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableNetworkProtection}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableControlledFolderAccess}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Remove2')] [Alias('elcp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableLowCpuPriority}, [Parameter(ParameterSetName='Remove2')] [Alias('efhc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableFileHashComputation}, [Parameter(ParameterSetName='Remove2')] [Alias('efsobp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableFullScanOnBatteryPower}, [Parameter(ParameterSetName='Remove2')] [Alias('ppurl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyPacUrl}, [Parameter(ParameterSetName='Remove2')] [Alias('proxsrv')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyServer}, [Parameter(ParameterSetName='Remove2')] [Alias('proxbps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ProxyBypass}, [Parameter(ParameterSetName='Remove2')] [Alias('fupo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ForceUseProxyOnly}, [Parameter(ParameterSetName='Remove2')] [Alias('dtlsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableTlsParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dhttpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableHttpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('ddnsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDnsParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('ddnstcpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableDnsOverTcpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dsshp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableSshParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('puc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PlatformUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('euc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EngineUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('duc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DefinitionUpdatesChannel}, [Parameter(ParameterSetName='Remove2')] [Alias('dgr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableGradualRelease}, [Parameter(ParameterSetName='Remove2')] [Alias('anpdl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowNetworkProtectionDownLevel}, [Parameter(ParameterSetName='Remove2')] [Alias('adpows')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${AllowDatagramProcessingOnWinServer}, [Parameter(ParameterSetName='Remove2')] [Alias('ednss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${EnableDnsSinkhole}, [Parameter(ParameterSetName='Remove2')] [Alias('dicf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableInboundConnectionFiltering}, [Parameter(ParameterSetName='Remove2')] [Alias('drdpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableRdpParsing}, [Parameter(ParameterSetName='Remove2')] [Alias('dnppt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${DisableNetworkProtectionPerfTelemetry}, [Parameter(ParameterSetName='Remove2')] [Alias('tlps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TrustLabelProtectionStatus}, [Parameter(ParameterSetName='Remove2')] [switch] ${Force}, [Parameter(ParameterSetName='Remove2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectM ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93193 Keywords=None Message=Creating Scriptblock text (9 of 17): PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Add', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Add-MpPreference' -Alias '*' function Remove-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Remove2')] [Alias('rtsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RealTimeScanDirection}, [Parameter(ParameterSetName='Remove2')] [Alias('qpiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${QuarantinePurgeItemsAfterDelay}, [Parameter(ParameterSetName='Remove2')] [Alias('rsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RemediationScheduleDay}, [Parameter(ParameterSetName='Remove2')] [Alias('rst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${RemediationScheduleTime}, [Parameter(ParameterSetName='Remove2')] [Alias('raat')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingAdditionalActionTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('rcto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingCriticalFailureTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('rncto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ReportingNonCriticalTimeOut}, [Parameter(ParameterSetName='Remove2')] [Alias('saclf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanAvgCPULoadFactor}, [Parameter(ParameterSetName='Remove2')] [Alias('csbr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${CheckForSignaturesBeforeRunningScan}, [Parameter(ParameterSetName='Remove2')] [Alias('spiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${ScanPurgeItemsAfterDelay}, [Parameter(ParameterSetName='Remove2')] [Alias('soiie')] [ValidateNotNull()] [ValidateNotNul ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93192 Keywords=None Message=Creating Scriptblock text (8 of 17): ion.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EngineUpdatesChannel')) { [object]$__cmdletization_value = ${EngineUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EngineUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefinitionUpdatesChannel')) { [object]$__cmdletization_value = ${DefinitionUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefinitionUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableGradualRelease')) { [object]$__cmdletization_value = ${DisableGradualRelease} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableGradualRelease'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionDownLevel')) { [object]$__cmdletization_value = ${AllowNetworkProtectionDownLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionDownLevel'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowDatagramProcessingOnWinServer')) { [object]$__cmdletization_value = ${AllowDatagramProcessingOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowDatagramProcessingOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDnsSinkhole')) { [object]$__cmdletization_value = ${EnableDnsSinkhole} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDnsSinkhole'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableInboundConnectionFiltering')) { [object]$__cmdletization_value = ${DisableInboundConnectionFiltering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableInboundConnectionFiltering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRdpParsing')) { [object]$__cmdletization_value = ${DisableRdpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRdpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableNetworkProtectionPerfTelemetry')) { [object]$__cmdletization_value = ${DisableNetworkProtectionPerfTelemetry} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableNetworkProtectionPerfTelemetry'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TrustLabelProtectionStatus')) { [object]$__cmdletization_value = ${TrustLabelProtectionStatus} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TrustLabelProtectionStatus'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpPreference.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-MpPreference' -Alias '*' function Add-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Add1')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Add1')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Add1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Add1')] [switch] ${Force}, [Parameter(ParameterSetName='Add1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Add1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Add1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($ ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93191 Keywords=None Message=Creating Scriptblock text (7 of 17): dletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessAllowedApplications'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessProtectedFolders')) { [object]$__cmdletization_value = ${ControlledFolderAccessProtectedFolders} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ControlledFolderAccessProtectedFolders'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Ids')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Ids'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionRules_Actions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionRules_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionRules_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableLowCpuPriority')) { [object]$__cmdletization_value = ${EnableLowCpuPriority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableLowCpuPriority'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFileHashComputation')) { [object]$__cmdletization_value = ${EnableFileHashComputation} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFileHashComputation'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableFullScanOnBatteryPower')) { [object]$__cmdletization_value = ${EnableFullScanOnBatteryPower} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableFullScanOnBatteryPower'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyPacUrl')) { [object]$__cmdletization_value = ${ProxyPacUrl} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyPacUrl'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyServer')) { [object]$__cmdletization_value = ${ProxyServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyServer'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ProxyBypass')) { [object]$__cmdletization_value = ${ProxyBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ProxyBypass'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceUseProxyOnly')) { [object]$__cmdletization_value = ${ForceUseProxyOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceUseProxyOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableTlsParsing')) { [object]$__cmdletization_value = ${DisableTlsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableTlsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableHttpParsing')) { [object]$__cmdletization_value = ${DisableHttpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableHttpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsParsing')) { [object]$__cmdletization_value = ${DisableDnsParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDnsOverTcpParsing')) { [object]$__cmdletization_value = ${DisableDnsOverTcpParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDnsOverTcpParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableSshParsing')) { [object]$__cmdletization_value = ${DisableSshParsing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableSshParsing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PlatformUpdatesChannel')) { [object]$__cmdletization_value = ${PlatformUpdatesChannel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PlatformUpdatesChannel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletizat ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93190 Keywords=None Message=Creating Scriptblock text (6 of 17): t64[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.Int64[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Actions')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Actions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Actions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UnknownThreatDefaultAction')) { [object]$__cmdletization_value = ${UnknownThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UnknownThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LowThreatDefaultAction')) { [object]$__cmdletization_value = ${LowThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LowThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ModerateThreatDefaultAction')) { [object]$__cmdletization_value = ${ModerateThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ModerateThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('HighThreatDefaultAction')) { [object]$__cmdletization_value = ${HighThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'HighThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SevereThreatDefaultAction')) { [object]$__cmdletization_value = ${SevereThreatDefaultAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SevereThreatDefaultAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:operationOption:Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBlockAtFirstSeen')) { [object]$__cmdletization_value = ${DisableBlockAtFirstSeen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBlockAtFirstSeen'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PUAProtection')) { [object]$__cmdletization_value = ${PUAProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PUAProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudBlockLevel')) { [object]$__cmdletization_value = ${CloudBlockLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudBlockLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CloudExtendedTimeout')) { [object]$__cmdletization_value = ${CloudExtendedTimeout} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CloudExtendedTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableNetworkProtection')) { [object]$__cmdletization_value = ${EnableNetworkProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableNetworkProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableControlledFolderAccess')) { [object]$__cmdletization_value = ${EnableControlledFolderAccess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableControlledFolderAccess'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AttackSurfaceReductionOnlyExclusions')) { [object]$__cmdletization_value = ${AttackSurfaceReductionOnlyExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AttackSurfaceReductionOnlyExclusions'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ControlledFolderAccessAllowedApplications')) { [object]$__cmdletization_value = ${ControlledFolderAccessAllowedApplications} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cm ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93189 Keywords=None Message=Creating Scriptblock text (5 of 17): if ($PSBoundParameters.ContainsKey('RandomizeScheduleTaskTimes')) { [object]$__cmdletization_value = ${RandomizeScheduleTaskTimes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeScheduleTaskTimes'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SchedulerRandomizationTime')) { [object]$__cmdletization_value = ${SchedulerRandomizationTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SchedulerRandomizationTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableBehaviorMonitoring')) { [object]$__cmdletization_value = ${DisableBehaviorMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableBehaviorMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIntrusionPreventionSystem')) { [object]$__cmdletization_value = ${DisableIntrusionPreventionSystem} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIntrusionPreventionSystem'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableIOAVProtection')) { [object]$__cmdletization_value = ${DisableIOAVProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableIOAVProtection'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRealtimeMonitoring')) { [object]$__cmdletization_value = ${DisableRealtimeMonitoring} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRealtimeMonitoring'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScriptScanning')) { [object]$__cmdletization_value = ${DisableScriptScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScriptScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableArchiveScanning')) { [object]$__cmdletization_value = ${DisableArchiveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableArchiveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupFullScan')) { [object]$__cmdletization_value = ${DisableCatchupFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCatchupQuickScan')) { [object]$__cmdletization_value = ${DisableCatchupQuickScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCatchupQuickScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableEmailScanning')) { [object]$__cmdletization_value = ${DisableEmailScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableEmailScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRemovableDriveScanning')) { [object]$__cmdletization_value = ${DisableRemovableDriveScanning} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRemovableDriveScanning'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableRestorePoint')) { [object]$__cmdletization_value = ${DisableRestorePoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableRestorePoint'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningMappedNetworkDrivesForFullScan')) { [object]$__cmdletization_value = ${DisableScanningMappedNetworkDrivesForFullScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningMappedNetworkDrivesForFullScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableScanningNetworkFiles')) { [object]$__cmdletization_value = ${DisableScanningNetworkFiles} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableScanningNetworkFiles'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UILockdown')) { [object]$__cmdletization_value = ${UILockdown} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UILockdown'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThreatIDDefaultAction_Ids')) { [object]$__cmdletization_value = ${ThreatIDDefaultAction_Ids} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThreatIDDefaultAction_Ids'; ParameterType = 'System.In ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93188 Keywords=None Message=Creating Scriptblock text (4 of 17): if ($PSBoundParameters.ContainsKey('SignatureFallbackOrder')) { [object]$__cmdletization_value = ${SignatureFallbackOrder} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFallbackOrder'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SharedSignaturesPath')) { [object]$__cmdletization_value = ${SharedSignaturesPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SharedSignaturesPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleDay')) { [object]$__cmdletization_value = ${SignatureScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureScheduleTime')) { [object]$__cmdletization_value = ${SignatureScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateCatchupInterval')) { [object]$__cmdletization_value = ${SignatureUpdateCatchupInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateCatchupInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureUpdateInterval')) { [object]$__cmdletization_value = ${SignatureUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobUpdateInterval')) { [object]$__cmdletization_value = ${SignatureBlobUpdateInterval} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobUpdateInterval'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureBlobFileSharesSources')) { [object]$__cmdletization_value = ${SignatureBlobFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureBlobFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MeteredConnectionUpdates')) { [object]$__cmdletization_value = ${MeteredConnectionUpdates} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MeteredConnectionUpdates'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowNetworkProtectionOnWinServer')) { [object]$__cmdletization_value = ${AllowNetworkProtectionOnWinServer} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowNetworkProtectionOnWinServer'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableDatagramProcessing')) { [object]$__cmdletization_value = ${DisableDatagramProcessing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableDatagramProcessing'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableCpuThrottleOnIdleScans')) { [object]$__cmdletization_value = ${DisableCpuThrottleOnIdleScans} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableCpuThrottleOnIdleScans'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MAPSReporting')) { [object]$__cmdletization_value = ${MAPSReporting} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MAPSReporting'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SubmitSamplesConsent')) { [object]$__cmdletization_value = ${SubmitSamplesConsent} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SubmitSamplesConsent'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisableAutoExclusions')) { [object]$__cmdletization_value = ${DisableAutoExclusions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisableAutoExclusions'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisablePrivacyMode')) { [object]$__cmdletization_value = ${DisablePrivacyMode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisablePrivacyMode'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93187 Keywords=None Message=Creating Scriptblock text (3 of 17): PSBoundParameters.ContainsKey('ReportingAdditionalActionTimeOut')) { [object]$__cmdletization_value = ${ReportingAdditionalActionTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingAdditionalActionTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingCriticalFailureTimeOut')) { [object]$__cmdletization_value = ${ReportingCriticalFailureTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingCriticalFailureTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReportingNonCriticalTimeOut')) { [object]$__cmdletization_value = ${ReportingNonCriticalTimeOut} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReportingNonCriticalTimeOut'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanAvgCPULoadFactor')) { [object]$__cmdletization_value = ${ScanAvgCPULoadFactor} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanAvgCPULoadFactor'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CheckForSignaturesBeforeRunningScan')) { [object]$__cmdletization_value = ${CheckForSignaturesBeforeRunningScan} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CheckForSignaturesBeforeRunningScan'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanPurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${ScanPurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanPurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanOnlyIfIdleEnabled')) { [object]$__cmdletization_value = ${ScanOnlyIfIdleEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanOnlyIfIdleEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanParameters')) { [object]$__cmdletization_value = ${ScanParameters} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanParameters'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleDay')) { [object]$__cmdletization_value = ${ScanScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleQuickScanTime')) { [object]$__cmdletization_value = ${ScanScheduleQuickScanTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleQuickScanTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScanScheduleTime')) { [object]$__cmdletization_value = ${ScanScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScanScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ThrottleForScheduledScanOnly')) { [object]$__cmdletization_value = ${ThrottleForScheduledScanOnly} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ThrottleForScheduledScanOnly'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureFirstAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureFirstAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureFirstAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureAuGracePeriod')) { [object]$__cmdletization_value = ${SignatureAuGracePeriod} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureAuGracePeriod'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDefinitionUpdateFileSharesSources')) { [object]$__cmdletization_value = ${SignatureDefinitionUpdateFileSharesSources} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDefinitionUpdateFileSharesSources'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SignatureDisableUpdateOnStartupWithoutEngine')) { [object]$__cmdletization_value = ${SignatureDisableUpdateOnStartupWithoutEngine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SignatureDisableUpdateOnStartupWithoutEngine'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93186 Keywords=None Message=Creating Scriptblock text (2 of 17): eNetworkProtection}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode','BlockDiskModificationOnly','AuditDiskModificationOnly')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ControlledFolderAccessType] ${EnableControlledFolderAccess}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionOnlyExclusions}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessAllowedApplications}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ControlledFolderAccessProtectedFolders}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${AttackSurfaceReductionRules_Ids}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType[]] ${AttackSurfaceReductionRules_Actions}, [Parameter(ParameterSetName='Set0')] [Alias('elcp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableLowCpuPriority}, [Parameter(ParameterSetName='Set0')] [Alias('efhc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableFileHashComputation}, [Parameter(ParameterSetName='Set0')] [Alias('efsobp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableFullScanOnBatteryPower}, [Parameter(ParameterSetName='Set0')] [Alias('ppurl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ProxyPacUrl}, [Parameter(ParameterSetName='Set0')] [Alias('proxsrv')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${ProxyServer}, [Parameter(ParameterSetName='Set0')] [Alias('proxbps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ProxyBypass}, [Parameter(ParameterSetName='Set0')] [Alias('fupo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ForceUseProxyOnly}, [Parameter(ParameterSetName='Set0')] [Alias('dtlsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableTlsParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dhttpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableHttpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('ddnsp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDnsParsing}, [Parameter(ParameterSetName='Set0')] [Alias('ddnstcpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDnsOverTcpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dsshp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableSshParsing}, [Parameter(ParameterSetName='Set0')] [Alias('puc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Beta','Preview','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${PlatformUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('euc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Beta','Preview','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${EngineUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('duc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('NotConfigured','Staged','Broad','Delayed')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.UpdatesChannelType] ${DefinitionUpdatesChannel}, [Parameter(ParameterSetName='Set0')] [Alias('dgr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableGradualRelease}, [Parameter(ParameterSetName='Set0')] [Alias('anpdl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowNetworkProtectionDownLevel}, [Parameter(ParameterSetName='Set0')] [Alias('adpows')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowDatagramProcessingOnWinServer}, [Parameter(ParameterSetName='Set0')] [Alias('ednss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${EnableDnsSinkhole}, [Parameter(ParameterSetName='Set0')] [Alias('dicf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableInboundConnectionFiltering}, [Parameter(ParameterSetName='Set0')] [Alias('drdpp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRdpParsing}, [Parameter(ParameterSetName='Set0')] [Alias('dnppt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableNetworkProtectionPerfTelemetry}, [Parameter(ParameterSetName='Set0')] [Alias('tlps')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${TrustLabelProtectionStatus}, [Parameter(ParameterSetName='Set0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionPath')) { [object]$__cmdletization_value = ${ExclusionPath} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionPath'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionExtension')) { [object]$__cmdletization_value = ${ExclusionExtension} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionExtension'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionProcess')) { [object]$__cmdletization_value = ${ExclusionProcess} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionProcess'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ExclusionIpAddress')) { [object]$__cmdletization_value = ${ExclusionIpAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ExclusionIpAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RealTimeScanDirection')) { [object]$__cmdletization_value = ${RealTimeScanDirection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RealTimeScanDirection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuarantinePurgeItemsAfterDelay')) { [object]$__cmdletization_value = ${QuarantinePurgeItemsAfterDelay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuarantinePurgeItemsAfterDelay'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleDay')) { [object]$__cmdletization_value = ${RemediationScheduleDay} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleDay'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemediationScheduleTime')) { [object]$__cmdletization_value = ${RemediationScheduleTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemediationScheduleTime'; ParameterType = 'System.DateTime'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($ ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93185 Keywords=None Message=Creating Scriptblock text (1 of 17): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root\Microsoft\Windows\Defender\MSFT_MpPreference' $script:ClassVersion = '1.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Set-MpPreference { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionPath}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionExtension}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionProcess}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${ExclusionIpAddress}, [Parameter(ParameterSetName='Set0')] [Alias('rtsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Both','Incoming','Outcoming')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanDirection] ${RealTimeScanDirection}, [Parameter(ParameterSetName='Set0')] [Alias('qpiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${QuarantinePurgeItemsAfterDelay}, [Parameter(ParameterSetName='Set0')] [Alias('rsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${RemediationScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('rst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${RemediationScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('raat')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingAdditionalActionTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('rcto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingCriticalFailureTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('rncto')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ReportingNonCriticalTimeOut}, [Parameter(ParameterSetName='Set0')] [Alias('saclf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${ScanAvgCPULoadFactor}, [Parameter(ParameterSetName='Set0')] [Alias('csbr')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${CheckForSignaturesBeforeRunningScan}, [Parameter(ParameterSetName='Set0')] [Alias('spiad')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${ScanPurgeItemsAfterDelay}, [Parameter(ParameterSetName='Set0')] [Alias('soiie')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ScanOnlyIfIdleEnabled}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('QuickScan','FullScan')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ScanType] ${ScanParameters}, [Parameter(ParameterSetName='Set0')] [Alias('scsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${ScanScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('scsqst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${ScanScheduleQuickScanTime}, [Parameter(ParameterSetName='Set0')] [Alias('scst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${ScanScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('tfsso')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${ThrottleForScheduledScanOnly}, [Parameter(ParameterSetName='Set0')] [Alias('sigfagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureFirstAuGracePeriod}, [Parameter(ParameterSetName='Set0')] [Alias('sigagp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureAuGracePeriod}, [Parameter(ParameterSetName='Set0')] [Alias('sigdufss')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureDefinitionUpdateFileSharesSources}, [Parameter(ParameterSetName='Set0')] [Alias('sigduoswo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${SignatureDisableUpdateOnStartupWithoutEngine}, [Parameter(ParameterSetName='Set0')] [Alias('sfo')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureFallbackOrder}, [Parameter(ParameterSetName='Set0')] [Alias('ssp','SecurityIntelligenceLocation','ssl')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SharedSignaturesPath}, [Parameter(ParameterSetName='Set0')] [Alias('sigsd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Everyday','Sunday','Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Never')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.Day] ${SignatureScheduleDay}, [Parameter(ParameterSetName='Set0')] [Alias('sigst')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [datetime] ${SignatureScheduleTime}, [Parameter(ParameterSetName='Set0')] [Alias('siguci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureUpdateCatchupInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureUpdateInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigbui')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SignatureBlobUpdateInterval}, [Parameter(ParameterSetName='Set0')] [Alias('sigbfs')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${SignatureBlobFileSharesSources}, [Parameter(ParameterSetName='Set0')] [Alias('mcupd')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${MeteredConnectionUpdates}, [Parameter(ParameterSetName='Set0')] [Alias('anpws')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${AllowNetworkProtectionOnWinServer}, [Parameter(ParameterSetName='Set0')] [Alias('ddtgp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableDatagramProcessing}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCpuThrottleOnIdleScans}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Basic','Advanced')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.MAPSReportingType] ${MAPSReporting}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('AlwaysPrompt','SendSafeSamples','NeverSend','SendAllSamples')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.SubmitSamplesConsentType] ${SubmitSamplesConsent}, [Parameter(ParameterSetName='Set0')] [Alias('dae')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableAutoExclusions}, [Parameter(ParameterSetName='Set0')] [Alias('dpm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisablePrivacyMode}, [Parameter(ParameterSetName='Set0')] [Alias('rstt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${RandomizeScheduleTaskTimes}, [Parameter(ParameterSetName='Set0')] [Alias('srt')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${SchedulerRandomizationTime}, [Parameter(ParameterSetName='Set0')] [Alias('dbm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableBehaviorMonitoring}, [Parameter(ParameterSetName='Set0')] [Alias('dips')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableIntrusionPreventionSystem}, [Parameter(ParameterSetName='Set0')] [Alias('dioavp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableIOAVProtection}, [Parameter(ParameterSetName='Set0')] [Alias('drtm')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRealtimeMonitoring}, [Parameter(ParameterSetName='Set0')] [Alias('dscrptsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScriptScanning}, [Parameter(ParameterSetName='Set0')] [Alias('darchsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableArchiveScanning}, [Parameter(ParameterSetName='Set0')] [Alias('dcfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCatchupFullScan}, [Parameter(ParameterSetName='Set0')] [Alias('dcqsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableCatchupQuickScan}, [Parameter(ParameterSetName='Set0')] [Alias('demsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableEmailScanning}, [Parameter(ParameterSetName='Set0')] [Alias('drdsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRemovableDriveScanning}, [Parameter(ParameterSetName='Set0')] [Alias('drp')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableRestorePoint}, [Parameter(ParameterSetName='Set0')] [Alias('dsmndfsc')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScanningMappedNetworkDrivesForFullScan}, [Parameter(ParameterSetName='Set0')] [Alias('dsnf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableScanningNetworkFiles}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${UILockdown}, [Parameter(ParameterSetName='Set0')] [Alias('tiddefaci')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [long[]] ${ThreatIDDefaultAction_Ids}, [Parameter(ParameterSetName='Set0')] [Alias('tiddefaca')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction[]] ${ThreatIDDefaultAction_Actions}, [Parameter(ParameterSetName='Set0')] [Alias('unktdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${UnknownThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('ltdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${LowThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('mtdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${ModerateThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('htdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${HighThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [Alias('stdefac')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ThreatAction] ${SevereThreatDefaultAction}, [Parameter(ParameterSetName='Set0')] [switch] ${Force}, [Parameter(ParameterSetName='Set0')] [Alias('dbaf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DisableBlockAtFirstSeen}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.PUAProtectionType] ${PUAProtection}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Default','Moderate','High','HighPlus','ZeroTolerance')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.CloudBlockLevelType] ${CloudBlockLevel}, [Parameter(ParameterSetName='Set0')] [Alias('cloudextimeout')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${CloudExtendedTimeout}, [Parameter(ParameterSetName='Set0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disabled','Enabled','AuditMode')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.MpPreference.ASRRuleActionType] ${Enabl ScriptBlock ID: bd25156a-396d-41b0-867d-640954a9f7de Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93184 Keywords=None Message=Completed invocation of ScriptBlock ID: 10504acf-b0d4-4bb9-b65f-b97148368712 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93183 Keywords=None Message=Started invocation of ScriptBlock ID: 10504acf-b0d4-4bb9-b65f-b97148368712 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=3 Type=Warning ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93182 Keywords=None Message=Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus' $script:ClassVersion = '' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-MpComputerStatus { [CmdletBinding(DefaultParameterSetName='DefaultSet', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT\Microsoft\Windows\Defender\MSFT_MpComputerStatus')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_MpComputerStatus.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-MpComputerStatus' -Alias '*' ScriptBlock ID: 10504acf-b0d4-4bb9-b65f-b97148368712 Path: 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93181 Keywords=None Message=Completed invocation of ScriptBlock ID: 63d905e7-2d17-4b9f-a93f-21c72f011442 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 01:59:29 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-350690847-3823796120-3723020867-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93180 Keywords=None Message=Started invocation of ScriptBlock ID: 63d905e7-2d17-4b9f-a93f-21c72f011442 Runspace ID: 398d97f5-e221-4ed2-9fda-bcfdafd4cd98 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93255 Keywords=None Message=Completed invocation of ScriptBlock ID: badde076-68a0-4545-9d1a-4d60a47ceee6 Runspace ID: 82052e49-a168-4b37-9d77-1941a641072d 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93254 Keywords=None Message=Started invocation of ScriptBlock ID: badde076-68a0-4545-9d1a-4d60a47ceee6 Runspace ID: 82052e49-a168-4b37-9d77-1941a641072d 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93253 Keywords=None Message=Started invocation of ScriptBlock ID: 5cf9e8a4-bede-4e70-92d2-b1379c835abd Runspace ID: 82052e49-a168-4b37-9d77-1941a641072d 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93252 Keywords=None Message=Creating Scriptblock text (1 of 1): rmdir 'C:\ProgramData\Microsoft\Windows Defender' -Recurse ScriptBlock ID: 5cf9e8a4-bede-4e70-92d2-b1379c835abd Path: 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40962 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Stop RecordNumber=93251 Keywords=None Message=PowerShell console is ready for user input 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=53504 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=PowerShell Named Pipe IPC OpCode=Open (async) RecordNumber=93250 Keywords=None Message=Windows PowerShell has started an IPC listening thread on process: 5148 in AppDomain: DefaultAppDomain. 01/20/2022 02:01:40 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40961 EventType=4 Type=Information ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Start RecordNumber=93249 Keywords=None Message=PowerShell console is starting up 01/20/2022 02:02:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93259 Keywords=None Message=Completed invocation of ScriptBlock ID: b7d1cc71-0e16-4697-bbaf-5c3ece7d1e57 Runspace ID: 82052e49-a168-4b37-9d77-1941a641072d 01/20/2022 02:02:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=93258 Keywords=None Message=Started invocation of ScriptBlock ID: b7d1cc71-0e16-4697-bbaf-5c3ece7d1e57 Runspace ID: 82052e49-a168-4b37-9d77-1941a641072d 01/20/2022 02:02:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=93257 Keywords=None Message=Creating Scriptblock text (1 of 1): $global:? ScriptBlock ID: b7d1cc71-0e16-4697-bbaf-5c3ece7d1e57 Path: 01/20/2022 02:02:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-tcontreras-attack-range-957.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=93256 Keywords=None Message=Completed invocation of ScriptBlock ID: 5cf9e8a4-bede-4e70-92d2-b1379c835abd Runspace ID: 82052e49-a168-4b37-9d77-1941a641072d