🎨 Support one-click addition of Microsoft Defender exclusions #13650

88250 · 88250 · commit e6ecfc5cbb9a · 2024-12-28T23:36:56.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 # Binaries for programs and plugins
 *.exe
+!app/elevator/elevator-*.exe
 *.dll
 *.so
 *.dylib
diff --git a/app/electron-builder-arm64.yml b/app/electron-builder-arm64.yml
@@ -69,4 +69,6 @@ extraResources:
     filter: "!**/{.DS_Store,custom.css}"
   - from: "src/assets/fonts"
     to: "appearance/fonts"
-    filter: "!**/{.DS_Store}"
+    filter: "!**/{.DS_Store}"
+  - from: "elevator/elevator-arm64.exe"
+    to: "elevator.exe"
diff --git a/app/electron-builder.yml b/app/electron-builder.yml
@@ -71,3 +71,5 @@ extraResources:
     filter: "!**/{.DS_Store}"
   - from: "pandoc/pandoc-windows-amd64.zip"
     to: "pandoc.zip"
+  - from: "elevator/elevator-amd64.exe"
+    to: "elevator.exe"
diff --git a/app/elevator/README b/app/elevator/README
@@ -0,0 +1 @@
+https://github.com/siyuan-note/elevator
diff --git a/app/elevator/elevator-amd64.exe b/app/elevator/elevator-amd64.exe
diff --git a/app/elevator/elevator-arm64.exe b/app/elevator/elevator-arm64.exe
diff --git a/kernel/conf/system.go b/kernel/conf/system.go
@@ -45,6 +45,8 @@ type System struct {
 	LockScreenMode         int  `json:"lockScreenMode"` // 0：手动，1：手动+跟随系统 https://github.com/siyuan-note/siyuan/issues/9087
 
 	DisabledFeatures []string `json:"disabledFeatures"`
+
+	MicrosoftDefenderExcluded bool `json:"microsoftDefenderExcluded"` // 是否已加入 Microsoft Defender 排除项 https://github.com/siyuan-note/siyuan/issues/13650
 }
 
 func NewSystem() *System {
diff --git a/kernel/model/elevator.go b/kernel/model/elevator.go
@@ -0,0 +1,94 @@
+// SiYuan - Refactor your thinking
+// Copyright (c) 2020-present, b3log.org
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package model
+
+import (
+	"github.com/siyuan-note/logging"
+	"github.com/siyuan-note/siyuan/kernel/util"
+	"golang.org/x/sys/windows"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"syscall"
+
+	"github.com/88250/gulu"
+)
+
+func processMicrosoftDefender() {
+	if !gulu.OS.IsWindows() || Conf.System.MicrosoftDefenderExcluded {
+		return
+	}
+
+	elevator := filepath.Join(util.WorkingDir, "elevator.exe")
+	if "dev" == util.Mode || !gulu.File.IsExist(elevator) {
+		elevator = filepath.Join(util.WorkingDir, "elevator", "elevator-"+runtime.GOARCH+".exe")
+	}
+
+	if !gulu.File.IsExist(elevator) {
+		logging.LogWarnf("not found elevator [%s]", elevator)
+		return
+	}
+
+	if !isUsingMicrosoftDefender() {
+		return
+	}
+
+	installPath := filepath.Dir(util.WorkingDir)
+
+	if isAdmin() {
+		cmd := exec.Command("powershell", "-Command", "Add-MpPreference", "-ExclusionPath", installPath, ",", util.WorkspaceDir)
+		gulu.CmdAttr(cmd)
+		output, err := cmd.CombinedOutput()
+		if nil != err {
+			logging.LogErrorf("add Windows Defender exclusion path [%s] failed: %s, %s", installPath, err, string(output))
+			return
+		}
+		return
+	}
+
+	cwd, _ := os.Getwd()
+	args := strings.Join([]string{"powershell", "-Command", "Add-MpPreference", "-ExclusionPath", installPath, ",", util.WorkspaceDir}, " ")
+	verbPtr, _ := syscall.UTF16PtrFromString("runas")
+	exePtr, _ := syscall.UTF16PtrFromString(elevator)
+	cwdPtr, _ := syscall.UTF16PtrFromString(cwd)
+	argPtr, _ := syscall.UTF16PtrFromString(args)
+	err := windows.ShellExecute(0, verbPtr, exePtr, argPtr, cwdPtr, 1)
+	if err != nil {
+		logging.LogErrorf("add Windows Defender exclusion path [%s] failed: %s", installPath, err)
+		return
+	}
+
+	// TODO Conf.System.MicrosoftDefenderExcluded = true
+	Conf.Save()
+}
+
+func isUsingMicrosoftDefender() bool {
+	if !gulu.OS.IsWindows() {
+		return false
+	}
+
+	cmd := exec.Command("powershell", "-Command", "Get-MpPreference")
+	gulu.CmdAttr(cmd)
+	return cmd.Run() == nil
+}
+
+func isAdmin() bool {
+	_, err := os.Open("\\\\.\\PHYSICALDRIVE0")
+	return err == nil
+}

-Original file line number
+Diff line change
@@ @@ -1,5 +1,6 @@ @@
 # Binaries for programs and plugins
 *.exe
 +!app/elevator/elevator-*.exe
 *.dll
 *.so
 *.dylib
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+https://github.com/siyuan-note/elevator`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,8 @@ type System struct {`
`45`	`45`	LockScreenMode int `json:"lockScreenMode"` // 0：手动，1：手动+跟随系统 https://github.com/siyuan-note/siyuan/issues/9087
`46`	`46`
`47`	`47`	DisabledFeatures []string `json:"disabledFeatures"`
	`48`	`+`
	`49`	+ MicrosoftDefenderExcluded bool `json:"microsoftDefenderExcluded"` // 是否已加入 Microsoft Defender 排除项 https://github.com/siyuan-note/siyuan/issues/13650
`48`	`50`	`}`
`49`	`51`
`50`	`52`	`func NewSystem() *System {`