From 904f0b628bfec910611d47245577807e01b07ba5 Mon Sep 17 00:00:00 2001
From: Michelle Tandya <michelletandya@google.com>
Date: Wed, 3 Feb 2021 00:00:04 +0000
Subject: [PATCH] Disable sample submission and MAPS Reporting from Windows
 Defender

Include logging when setting windows defender preferences

Log Window Defender preferences to show configuration changes

Move Defender configuration to be a part of Set-PrerequisiteOptions
---
 cluster/gce/windows/k8s-node-setup.psm1 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/cluster/gce/windows/k8s-node-setup.psm1 b/cluster/gce/windows/k8s-node-setup.psm1
index f19025682aa..2183db515b7 100644
--- a/cluster/gce/windows/k8s-node-setup.psm1
+++ b/cluster/gce/windows/k8s-node-setup.psm1
@@ -161,6 +161,20 @@ function Dump-DebugInfoToConsole {
   } Catch { }
 }
 
+# Configures Window Defender preferences
+function Configure-WindowsDefender {
+  if ((Get-WindowsFeature -Name 'Windows-Defender').Installed) {
+    Log-Output "Configuring Windows Defender preferences"
+    Set-MpPreference -SubmitSamplesConsent NeverSend
+    Log-Output "Disabling Windows Defender sample submission"
+    Set-MpPreference -MAPSReporting Disabled
+    Log-Output "Disabling Windows Defender Microsoft Active Protection Service Reporting"
+
+    Log-Output "Defender Preferences"
+    Get-MpPreference
+  }
+}
+
 # Converts the kube-env string in Yaml
 #
 # Returns: a PowerShell Hashtable object containing the key-value pairs from
@@ -307,6 +321,8 @@ function Set-PrerequisiteOptions {
   # Use TLS 1.2: needed for Invoke-WebRequest downloads from github.com.
   [Net.ServicePointManager]::SecurityProtocol = `
       [Net.SecurityProtocolType]::Tls12
+
+  Configure-WindowsDefender
 }
 
 # Creates directories where other functions in this module will read and write