fix indents

This commit is contained in:
Joey Caparas
2016-08-01 22:58:10 +10:00
parent ed517f3216
commit 40db0ff1d5

View File

@ -173,11 +173,12 @@ First, you should check that the service is set to start automatically when Wind
sc qc diagtrack sc qc diagtrack
``` ```
If the service is enabled, then the result should look like the following screenshot: If the service is enabled, then the result should look like the following screenshot:
![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png) ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:** **Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:**
@ -227,15 +228,15 @@ If your endpoints are running a third-party antimalware client, the Windows Defe
a. Click **Start**, type **cmd**, and select **Command prompt**. a. Click **Start**, type **cmd**, and select **Command prompt**.
2. Enter the following command, and press Enter: 2. Enter the following command, and press Enter:
``` ```
sc qc WdBoot sc qc WdBoot
``` ```
If the ELAM driver is enabled, the output will be: If the ELAM driver is enabled, the output will be:
``` ```
[SC] QueryServiceConfig SUCCESS [SC] QueryServiceConfig SUCCESS
SERVICE_NAME: WdBoot SERVICE_NAME: WdBoot
TYPE : 1 KERNEL_DRIVER TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL ERROR_CONTROL : 1 NORMAL
@ -245,12 +246,12 @@ SERVICE_NAME: WdBoot
DISPLAY_NAME : Windows Defender Boot Driver DISPLAY_NAME : Windows Defender Boot Driver
DEPENDENCIES : DEPENDENCIES :
SERVICE_START_NAME : SERVICE_START_NAME :
``` ```
If the ELAM driver is disabled the output will be: If the ELAM driver is disabled the output will be:
``` ```
[SC] QueryServiceConfig SUCCESS [SC] QueryServiceConfig SUCCESS
SERVICE_NAME: WdBoot SERVICE_NAME: WdBoot
TYPE : 1 KERNEL_DRIVER TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 DEMAND_START START_TYPE : 0 DEMAND_START
ERROR_CONTROL : 1 NORMAL ERROR_CONTROL : 1 NORMAL
@ -260,7 +261,8 @@ SERVICE_NAME: WdBoot
DISPLAY_NAME : Windows Defender Boot Driver DISPLAY_NAME : Windows Defender Boot Driver
DEPENDENCIES : DEPENDENCIES :
SERVICE_START_NAME : SERVICE_START_NAME :
``` ```
### Enable the ELAM driver ### Enable the ELAM driver
1. Open an elevated PowerShell console on the endpoint: 1. Open an elevated PowerShell console on the endpoint:
@ -276,15 +278,15 @@ SERVICE_NAME: WdBoot
``` ```
3. Run the following PowerShell script: 3. Run the following PowerShell script:
```text ```text
Add-Type @' Add-Type @'
using System; using System;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles; using Microsoft.Win32.SafeHandles;
using System.ComponentModel; using System.ComponentModel;
public static class Elam{ public static class Elam{
[DllImport("Kernel32", CharSet=CharSet.Auto, SetLastError=true)] [DllImport("Kernel32", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool InstallELAMCertificateInfo(SafeFileHandle handle); public static extern bool InstallELAMCertificateInfo(SafeFileHandle handle);
@ -302,12 +304,12 @@ public static class Elam{
} }
Console.Out.WriteLine("Call successful."); Console.Out.WriteLine("Call successful.");
} }
} }
'@ '@
$driverPath = $env:SystemRoot + "\System32\Drivers\WdBoot.sys" $driverPath = $env:SystemRoot + "\System32\Drivers\WdBoot.sys"
[Elam]::InstallWdBoot($driverPath) [Elam]::InstallWdBoot($driverPath)
``` ```