CHEF- RESOURCES -windows_defender Resource

Windows Defender

Windows Defender is a software program that protects a system from malware. It was created to prevent unauthorized access and shield Windows systems from malicious malware. It is an anti-spyware tool. It was first added to the Windows Vista installation pack and is currently a component of Microsoft Security Essentials. It can be downloaded for free.

windows_defender Resource

In Chef Desktop, we can use the windows_defender resource to enable or disable the service known as the Microsoft Windows Defender service.

It is a newly added feature of Chef Desktop 1.0.

Syntax

There are many properties that are available to the windows_defender resource. Following is the complete syntax for all these properties:

windows_defender 'name' do
  intrusion_protection_system      true, false # default value: true
  lock_ui                          true, false # default value: false
  realtime_protection              true, false # default value: true
  scan_archives                    true, false # default value: true
  scan_email                       true, false # default value: false
  scan_mapped_drives               true, false # default value: true
  scan_network_files               true, false # default value: false
  scan_removable_drives            true, false # default value: false
  scan_scripts                     true, false # default value: false
  action                           Symbol # defaults to :enable if not specified
end

In the above syntax, 

• The resource name is windows_defender.
   
• The name of the resource block is given using the name.
   
• The steps taken by Chef Infra Client to bring the node into the required state are identified by action.
   
• intrusion_protection_system, scan_archives, lock_ui, realtime_protection, scan_email, scan_mapped_drives, scan_removable_drives, and scan_network_files are the properties that are available to the resource.

Actions of windows_defender Resource

Following are the actions that the windows_defender resource has:

• :disable: It is used to disable the Windows Defender.
   
• :enable: It is used to enable the Windows Defender.
   
• :nothing: This resource block will not act unless it is notified by any other resource to take action. Once it has been notified, this resource block will either run immediately or will be queued up to run at the end of a Chef Infra Client run.

Properties of windows_defender Resource

Following are the properties that windows_defender resource has:

• intrusion_protection_system: It enables network protection against any exploitation of vulnerabilities that are already known. Ruby Type is true, false.
   
• scan_archives: It scans file archives such as .zip, .rar or .gz archives. Ruby Type is true, false.
   
• lock_ui: It locks the User Interface to prevent users from changing the settings of Windows Defender. Ruby Type is true, false
  .
• realtime_protection: It enables the real-time scanning of downloaded files as well as attachments. Ruby Type is true, false.
   
• scan_email: It scans emails for malware. Ruby Type is true, false.
   
• scan_mapped_drives: It scans the files on network drives that are mapped. Ruby Type is true, false.
   
• scan_removable_drives: It scans the content of all removable drives. Ruby Type is true, false.
   
• scan_network_files: It scans the files on a network. Ruby Type is true, false. 

Common Resource Functionality

Chef resources also include some common properties, notifications, and resource guards.
 

Common Properties

Following are the properties that are common to every resource:

• compile_time: It controls the phase during which the resource is run on the node. We can set it to “true” to run while the resource collection is being created (the compile phase). We can set it to “false” to run while Chef Infra Client is working on the node configuration (the converge phase).
   
• ignore_failure: It helps in running a recipe even if a resource has failed for any reason. :quiet will not show the full stack trace. As a result, the recipe will continue to run even if a resource fails.
   
• retries: It is the number of attempts to catch an exception and retry the resource.
   
• retry_delay: It is the delay in seconds between the retry attempts.
   
• sensitive: It ensures that sensitive resource data is not logged by Chef Infra Client.
   

Notifications

• notifies: When one resource's state changes, it may notify another resource to take appropriate action. A resource can notify multiple resources. It uses a “notifies” statement for each resource that has to be notified.
   
• subscribes: If the status of the resource being listened to changes, the resource that is listening may take action after doing so.
   

A timer is used to specify the point during a Chef Infra Client run at which a notification will run. The following timers are available:

• :before: It specifies that the action on a notified resource must run before processing the resource block in which the notification is present.
   
• :delayed: It specifies that a notification should be queued up and then executed at the end of a Chef Infra Client run.
   
• :immediate, :immediately: It specifies that a notification should run immediately for each resource that has been notified.
   

Guards

When a Chef Infra Client run is executed, a node's state can be assessed using a guard property. Depending on these results, a guard property is then used to inform the Chef Infra Client whether it should carry out a resource's execution further. A Ruby block value or a string value can be used to specify a guard property:

Properties:

• not_if: It prevents a resource from executing when the condition returns true.
   
• only_if: It allows a resource to execute only if the condition returns true.
   

Examples

The following examples demonstrate various approaches for using the windows_defender resource in recipes:

Configure Windows Defender AV Settings

windows_defender 'Configure Defender' do
  realtime_protection true
  intrusion_protection_system true
  lock_ui true
  scan_archives true
  scan_scripts true
  scan_email true
  scan_removable_drives true
  scan_network_files false
  scan_mapped_drives false
  action :enable
end

Disable Windows Defender AV

windows_defender 'Disable Defender' do
  action :disable
end

Frequently Asked Questions

Does Chef have a Graphical User Interface?

Chef is actually written in Ruby and Erlang, and it uses a pure-Ruby DSL in the Knife CLI. It also includes a nice GUI for easy management.

What do you understand about a node in Chef?

A node can be understood as any machine that is currently being managed by the Chef server. It can be attached to any network that can send and receive information.

What do you mean by an attribute in Chef?

An attribute is a piece of basic information about a specific node. It basically shows the state of the node.

What are the three main components of chef?

Workstations, servers, and the nodes are the three main components of chef.

What do mean by a client in chef?

On each node that Chef is responsible for managing, an agent called a chef-client runs locally.

Conclusion

In this article, we have studied about one of the Chef Resources which is known as windows_defender Resource in detail. 

We hope that this article has provided you with the help to enhance your knowledge regarding the windows_defender Resource and if you would like to learn more, check out our articles on Chef migration and Chef Desktop.

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enroll in our courses and refer to the mock test and problems available; take a look at the interview experiences and interview bundle for placement preparations.

Do upvote our blog to help other ninjas grow.

Merry Learning!