Pretend Windows-Defender is inactive if powershell may not be launched

Fixes #1884
eclipse-platform · Aug 17, 2024 · 6702a7c · 6702a7c
1 parent 3e5b047
commit 6702a7c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/....eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/WindowsDefenderConfigurator.java b/....eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/WindowsDefenderConfigurator.java
@@ -302,6 +302,12 @@ private static boolean isWindowsDefenderServiceRunning(IProgressMonitor monitor)
 			List<String> result = runPowershell(monitor, "-Command", "(Get-Service 'WinDefend').Status"); //$NON-NLS-1$ //$NON-NLS-2$
 			return result.size() == 1 && "Running".equalsIgnoreCase(result.get(0)); //$NON-NLS-1$
 		} catch (IOException e) {
+			if (e.getMessage().startsWith("Cannot run program \"" + POWERSHELL_EXE + "\": CreateProcess error=5")) { //$NON-NLS-1$//$NON-NLS-2$
+				// error code 5 means ERROR_ACCESS_DENIED:
+				// https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-
+				// Without permission to launch powershell we can't do anything and stay silent
+				return false;
+			}
 			ILog.get().error("Failed to obtain 'WinDefend' service state", e); //$NON-NLS-1$
 			return false;
 		}
@@ -364,8 +370,10 @@ private static void excludeDirectoryFromScanning(IProgressMonitor monitor) throw
 				"-ArgumentList", "'-EncodedCommand " + encodedCommand + "'"); //$NON-NLS-1$//$NON-NLS-2$//$NON-NLS-3$
 	}
 
+	private static final String POWERSHELL_EXE = "powershell.exe"; //$NON-NLS-1$
+
 	private static List<String> runPowershell(IProgressMonitor monitor, String... arguments) throws IOException {
-		return runProcess(Stream.concat(Stream.of("powershell.exe"), Arrays.stream(arguments)).toList(), monitor); //$NON-NLS-1$
+		return runProcess(Stream.concat(Stream.of(POWERSHELL_EXE), Arrays.stream(arguments)).toList(), monitor);
 	}
 
 	private static List<String> runProcess(List<String> command, IProgressMonitor monitor) throws IOException {

diff --git a/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/messages.properties b/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/internal/messages.properties
@@ -589,7 +589,7 @@ WindowsDefenderConfigurator_ignoreThisInstallationChoice=Keep {0} being scanned
 WindowsDefenderConfigurator_ignoreAllChoice=Skip exclusion check on startup for all new Eclipse-based installations
 WindowsDefenderConfigurator_detailsAndOptionsLinkText=See '<a>Startup and Shutdown</a>' preference for more details and configuration options.
 WindowsDefenderConfigurator_runExclusionFromPreferenceButtonLabel=Run exclusion check now
-WindowsDefenderConfigurator_statusInactive=Microsoft Defender is not active on this computer.
+WindowsDefenderConfigurator_statusInactive=Microsoft Defender is not active on this computer or its status could not be determined.
 WindowsDefenderConfigurator_statusCheckFailed=Failed to retrieve Microsoft Defender status.
 WindowsDefenderConfigurator_exclusionFailed=Failed to exclude {0} from being scanned by Microsoft Defender.
 WindowsDefenderConfigurator_exclusionFailed_Protected=Cannot exclude {0} from being scanned by Microsoft Defender.\nTamper protection for antivirus exclusions is enabled.