win: fix Defender remote configs PS value #477

This commit fixes `DisableCoreServiceECSIntegration` value to properly disable remote experimentation and configurations in Defender. The previous value (`$False`) was causing the opposite of indended behavior. The default value is also updated to match Microsoft's documentation and actual system behavior.
undergroundwires · Dec 21, 2024 · 560af95 · 560af95
1 parent e6c52db
commit 560af95
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/application/collections/windows.yaml b/src/application/collections/windows.yaml
@@ -15642,8 +15642,8 @@ actions:
                                         parameters:
                                             # 0 = 'Disabled' (default), 1 = 'Enabled', 2 = 'AuditMode'
                                             property: DisableCoreServiceECSIntegration  # Status:   Get-MpPreference | Select-Object -Property DisableCoreServiceECSIntegration
-                                            value: "$False"     # Set:      Set-MpPreference -Force -DisableCoreServiceECSIntegration $False
-                                            default: "$True"    # Default:  0 (Disabled) | Remove-MpPreference -Force -DisableCoreServiceECSIntegration | Set-MpPreference -DisableCoreServiceECSIntegration "$True"
+                                            value: "$True"     # Set:      Set-MpPreference -Force -DisableCoreServiceECSIntegration $True
+                                            default: "$False"    # Default:  0 (Disabled) | Remove-MpPreference -Force -DisableCoreServiceECSIntegration | Set-MpPreference -DisableCoreServiceECSIntegration "$False"
                                     -
                                         function: SetRegistryValue
                                         parameters: