Disable Windows Defender properly (!5279) · Merge requests · GitLab.org / gitlab-runner

What does this MR do?

In some jobs such as https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/8669253934, we are seeing:

$ Set-MpPreference -DisableRealtimeMonitoring $true
Set-MpPreference : Operation failed with the following error: 0x800106ba. Operation: Set-MpPreference. Target:
DisableRealtimeMonitoring.
At line:434 char:1
+ Set-MpPreference -DisableRealtimeMonitoring $true
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference

Let's just drop this line since it is leading to flaky tests. It's possible Windows Defender isn't on in the first place on these machines.

Why was this MR needed?

See https://github.com/actions/runner-images/pull/5969.

Looks like Windows Defender will detect a script executing this as a potential trojan/virus using heuristics. So we're either getting this now because Defender rules were updated, or our script before managed to by-pass it before through sheer luck.

What's the best way to test this MR?

What are the relevant issue numbers?

Edited Jan 18, 2025 by Arran Walker

Disable Windows Defender properly

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports