Check if MS Defender is enabled before prompting

scripts/wk/repairs/win.py

@@ -102,6 +102,7 @@ MBAM_UNINSTALL_KEY = (
   r'Software\Microsoft\Windows\CurrentVersion\Uninstall'
   r'\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1'
   )
+MS_ANTIVIRUS_ENABLED = 0x1000
 SYSTEMDRIVE = os.environ.get('SYSTEMDRIVE', 'C:')
 EMSISOFT_INSTALL_PATH = get_path_obj(f'{SYSTEMDRIVE}/EmsisoftCmd')
 WHITELIST = '\n'.join((
@@ -1437,15 +1438,39 @@ def kill_explorer():
 
 def open_defender_settings(disable=False, enable=False):
   """Open Windows Defender Threat Settings."""
-  cmd = ['start', '', 'windowsdefender://threatsettings']
+  enabled = None
+
+  # Check if Defender is active
+  cmd = [
+    'WMIC', r'/namespace:\\root\SecurityCenter2',
+    'path', 'AntivirusProduct',
+    'where', 'displayName="Windows Defender"',
+    'get', 'productState', '/value',
+    ]
+  try:
+    proc = run_program(cmd)
+    status = proc.stdout.split('=')[1]
+    enabled = bool(int(status) & MS_ANTIVIRUS_ENABLED)
+  except Exception: # pylint: disable=broad-except
+    # Unknown result, just show the prompt
+    pass
+
+  # Set prompt message
   message = 'Please adjust Windows Defender settings as appropriate.'
   if disable:
+    if enabled is False:
+      # Already disabled, just bail
+      return
     message = 'Please disable realtime Windows Defender scanning.'
   elif enable:
+    if enabled:
+      # Already enabled, just bail
+      return
     message = 'Please enable realtime Windows Defender scanning.'
   message += '\nPress OK to continue repairs.'
 
   # Check Kill Explorer setting
+  cmd = ['start', '', 'windowsdefender://threatsettings']
   kill_explorer_proc = False
   try:
     kill_explorer_proc = reg_read_value(