From 78ef6b3e761522f3ac89e37700030b65df068dde Mon Sep 17 00:00:00 2001
From: 2Shirt <2xShirt@gmail.com>
Date: Wed, 26 Oct 2022 18:35:51 -0700
Subject: [PATCH] Don't open Defender settings if it's disabled.

---
 scripts/wk/os/win.py      |  8 ++++++++
 scripts/wk/repairs/win.py | 10 +++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/scripts/wk/os/win.py b/scripts/wk/os/win.py
index 16658501..96028528 100644
--- a/scripts/wk/os/win.py
+++ b/scripts/wk/os/win.py
@@ -178,6 +178,14 @@ def check_4k_alignment(show_alert=False):
       raise GenericError('One or more partitions are not 4K aligned')
 
 
+def defender_is_disabled():
+  """Check if Windows Defender is enabled, returns bool."""
+  reg_key = r'Software\Microsoft\Windows Defender'
+  disabled = reg_read_value('HKLM', reg_key, 'DisableAntiSpyware')
+  disabled = disabled or reg_read_value('HKLM', reg_key, 'DisableAntiVirus')
+  return bool(disabled)
+
+
 def export_bitlocker_info():
   """Get Bitlocker info and save to the current directory."""
   commands = [
diff --git a/scripts/wk/repairs/win.py b/scripts/wk/repairs/win.py
index 0db4c157..2dd1101f 100644
--- a/scripts/wk/repairs/win.py
+++ b/scripts/wk/repairs/win.py
@@ -52,6 +52,7 @@ from wk.log           import (
 from wk.os.win        import (
   ARCH,
   OS_VERSION,
+  defender_is_disabled,
   show_alert_box,
   get_timezone,
   set_timezone,
@@ -1287,8 +1288,7 @@ def run_microsoft_defender(full=True):
   # Get MS Defender status
   ## NOTE: disabled may be set to an int instead of bool
   ##       This is fine because we're just checking if it's enabled.
-  disabled = bool(reg_read_value('HKLM', reg_key, 'DisableAntiSpyware'))
-  disabled = disabled or reg_read_value('HKLM', reg_key, 'DisableAntiVirus')
+  disabled = defender_is_disabled()
   try:
     passive_mode = reg_read_value('HKLM', reg_key, 'PassiveMode') == 2
   except FileNotFoundError:
@@ -1505,7 +1505,11 @@ def open_defender_settings(disable=False, enable=False):
   """Open Windows Defender Threat Settings."""
   enabled = None
 
-  # Check if Defender is active
+  # Check Registry if Defender is disabled
+  if defender_is_disabled():
+    raise GenericError('Defender is disabled.')
+
+  # Check WMIC if Defender is active
   cmd = [
     'WMIC', r'/namespace:\\root\SecurityCenter2',
     'path', 'AntivirusProduct',