Merge pull request #81625 from pjh/reenable-windows-defender

Leave Windows Defender enabled for clusters on GCE
2025-07-25 04:33:26 +00:00 · 2019-08-20 02:00:32 -07:00 · 2019-08-20 02:00:32 -07:00 · 5e649417c6
commit 5e649417c6
parent cda22916c5 3ac5c1565a
2 changed files with 0 additions and 17 deletions
--- a/cluster/gce/windows/configure.ps1
+++ b/cluster/gce/windows/configure.ps1
@ -100,7 +100,6 @@ try {
  Dump-DebugInfoToConsole
  Set-PrerequisiteOptions
  $kube_env = Fetch-KubeEnv
-  Disable-WindowsDefender

  if (Test-IsTestCluster $kube_env) {
    Log-Output 'Test cluster detected, installing OpenSSH.'
--- a/cluster/gce/windows/k8s-node-setup.psm1
+++ b/cluster/gce/windows/k8s-node-setup.psm1
@ -244,22 +244,6 @@ function Set-PrerequisiteOptions {
  Install-Module -Name powershell-yaml -Force
 }

-# Disables Windows Defender realtime scanning.
-# TODO: remove this workaround once the fix is rolled out the Windows image
-# https://github.com/kubernetes/kubernetes/issues/75148
-function Disable-WindowsDefender {
-  # Windows Defender periodically consumes 100% of the CPU, so disable realtime
-  # scanning. Uninstalling the Windows Feature will prevent the service from
-  # starting after a reboot.
-  # TODO(pjh): move this step to image preparation, since we don't want to do a
-  # full reboot here.
-  if ((Get-WindowsFeature -Name 'Windows-Defender').Installed) {
-    Log-Output "Disabling Windows Defender service"
-    Set-MpPreference -DisableRealtimeMonitoring $true
-    Uninstall-WindowsFeature -Name 'Windows-Defender'
-  }
-}
-
 # Creates directories where other functions in this module will read and write
 # data.
 # Note: C:\tmp is required for running certain kubernetes tests.