From f709d6a566ed7846b677b383863deda9680a2a9c Mon Sep 17 00:00:00 2001
From: undergroundwires <undergroundwires@users.noreply.github.com>
Date: Tue, 1 Sep 2020 20:06:44 +0100
Subject: [PATCH] fix "Configure Defender" being in wrong category #28

---
 src/application/application.yaml | 74 ++++++++++++++++----------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/src/application/application.yaml b/src/application/application.yaml
index b693aec3..3c1243ab 100644
--- a/src/application/application.yaml
+++ b/src/application/application.yaml
@@ -977,48 +977,48 @@ actions:
                             sc stop "VSStandardCollectorService150" 
                             net stop VSStandardCollectorService150 2>nul
                             sc config "VSStandardCollectorService150" start=disabled
-                    - 
-                        category: Configure Windows Defender
+            - 
+                category: Configure Windows Defender
+                children:
+                    -
+                        name: Do not send Watson events 
+                        recommend: true
+                        docs: https://getadmx.com/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::reporting_disablegenericreports
+                        code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericReports" /t REG_DWORD /d 1 /f
+                        revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericReports" /t REG_DWORD /d 0 /f
+                    -
+                        category: Disable Microsoft SpyNet (Windows Defender cloud export for analysis)
                         children:
                             -
-                                name: Do not send Watson events 
+                                name: Disable local setting override for reporting to Microsoft MAPS
                                 recommend: true
-                                docs: https://getadmx.com/?Category=SystemCenterEndpointProtection&Policy=Microsoft.Policies.Antimalware::reporting_disablegenericreports
-                                code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericReports" /t REG_DWORD /d 1 /f
-                                revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting" /v "DisableGenericReports" /t REG_DWORD /d 0 /f
+                                docs:
+                                    - https://www.stigviewer.com/stig/windows_defender_antivirus/2017-12-27/finding/V-75161
+                                    - https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Spynet_LocalSettingOverrideSpynetReporting
+                                code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f
+                                revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 1 /f
                             -
-                                category: Disable Microsoft SpyNet (Windows Defender cloud export for analysis)
-                                children:
-                                    -
-                                        name: Disable local setting override for reporting to Microsoft MAPS
-                                        recommend: true
-                                        docs:
-                                            - https://www.stigviewer.com/stig/windows_defender_antivirus/2017-12-27/finding/V-75161
-                                            - https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Spynet_LocalSettingOverrideSpynetReporting
-                                        code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 0 /f
-                                        revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "LocalSettingOverrideSpynetReporting" /t REG_DWORD /d 1 /f
-                                    -
-                                        name: Turn off Windows Defender SpyNet reporting    
-                                        recommend: true
-                                        docs:
-                                            - https://www.stigviewer.com/stig/windows_7/2012-07-02/finding/V-15713
-                                            - https://getadmx.com/?Category=Windows_7_2008R2&Policy=Microsoft.Policies.WindowsDefender::SpyNetReporting
-                                            - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection
-                                        code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d 0 /f
-                                        revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d 1 /f
-                                    -    
-                                        name: Do not send file samples for further analysis
-                                        recommend: true
-                                        docc:
-                                            - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent
-                                        code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f
-                                        revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 1 /f
-                            - 
-                                name: Disable Malicious Software Reporting tool diagnostic data
+                                name: Turn off Windows Defender SpyNet reporting    
                                 recommend: true
-                                docs: https://getadmx.com/?Category=Windows10_Telemetry&Policy=Microsoft.Policies.Win10Privacy::DontReportInfection
-                                code: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
-                                revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 0 /f
+                                docs:
+                                    - https://www.stigviewer.com/stig/windows_7/2012-07-02/finding/V-15713
+                                    - https://getadmx.com/?Category=Windows_7_2008R2&Policy=Microsoft.Policies.WindowsDefender::SpyNetReporting
+                                    - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection
+                                code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d 0 /f
+                                revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpynetReporting" /t REG_DWORD /d 1 /f
+                            -    
+                                name: Do not send file samples for further analysis
+                                recommend: true
+                                docc:
+                                    - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent
+                                code: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 2 /f
+                                revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d 1 /f
+                    - 
+                        name: Disable Malicious Software Reporting tool diagnostic data
+                        recommend: true
+                        docs: https://getadmx.com/?Category=Windows10_Telemetry&Policy=Microsoft.Policies.Win10Privacy::DontReportInfection
+                        code: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
+                        revertCode: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 0 /f
             -
                 name: Disable NET Core CLI telemetry
                 recommend: true