If you find that your Windows security components are suddenly turned off, that might be the first sign of a ransomware attack. On the other hand, these components could simply have been turned off by a user who wanted to stop annoying updates or antivirus messages. Even that, however, opens a gate for a possible attack.
In any of those events, a system administrator or an MSP would want to know if any of the security systems is turned off. To help with that, we've created a PowerShell script that checks the status of the services listed below and sends an email alert if any of them is turned off:
- Windows Firewall
- Windows Defender
- Windows Update Service
- Any installed third-party antivirus
In the document you will also find a link to download a deployable file. It will ease the process of mass deploy of the script.