From 1010b9fce76a6f3d794be03d0bb1332db1bdfd5d Mon Sep 17 00:00:00 2001 From: rbalsleyMSFT <53497092+rbalsleyMSFT@users.noreply.github.com> Date: Tue, 26 Aug 2025 17:11:57 -0700 Subject: [PATCH] Adds cleanup for disabled update artifacts Introduces a new function to remove residual artifacts for updates that are disabled via script flags. If updates for Defender, MSRT, OneDrive, or Edge are turned off, this change ensures that any related files are deleted from the build environment. This prevents unnecessary files from being included in the final image. --- FFUDevelopment/BuildFFUVM.ps1 | 69 +++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/FFUDevelopment/BuildFFUVM.ps1 b/FFUDevelopment/BuildFFUVM.ps1 index d93bcc0..830652c 100644 --- a/FFUDevelopment/BuildFFUVM.ps1 +++ b/FFUDevelopment/BuildFFUVM.ps1 @@ -3597,6 +3597,71 @@ function Remove-FFU { Remove-Item -Path $FFUCaptureLocation\*.ffu -Force WriteLog "Removal complete" } +Function Remove-DisabledUpdates { + # Remove Defender artifacts if Defender update is disabled + if (-not $UpdateLatestDefender) { + $removed = $false + if (Test-Path -Path $installDefenderPath) { + WriteLog "Update Defender disabled - removing $installDefenderPath" + Remove-Item -Path $installDefenderPath -Force -ErrorAction SilentlyContinue + $removed = $true + } + if (Test-Path -Path $DefenderPath) { + WriteLog "Update Defender disabled - removing $DefenderPath" + Remove-Item -Path $DefenderPath -Recurse -Force -ErrorAction SilentlyContinue + $removed = $true + } + if ($removed) { WriteLog 'Removal complete' } + } + + # Remove MSRT artifacts if MSRT update is disabled + if (-not $UpdateLatestMSRT) { + $removed = $false + if (Test-Path -Path $installMSRTPath) { + WriteLog "Update MSRT disabled - removing $installMSRTPath" + Remove-Item -Path $installMSRTPath -Force -ErrorAction SilentlyContinue + $removed = $true + } + if (Test-Path -Path $MSRTPath) { + WriteLog "Update MSRT disabled - removing $MSRTPath" + Remove-Item -Path $MSRTPath -Recurse -Force -ErrorAction SilentlyContinue + $removed = $true + } + if ($removed) { WriteLog 'Removal complete' } + } + + # Remove OneDrive artifacts if OneDrive update is disabled + if (-not $UpdateOneDrive) { + $removed = $false + if (Test-Path -Path $installODPath) { + WriteLog "Update OneDrive disabled - removing $installODPath" + Remove-Item -Path $installODPath -Force -ErrorAction SilentlyContinue + $removed = $true + } + if (Test-Path -Path $OneDrivePath) { + WriteLog "Update OneDrive disabled - removing $OneDrivePath" + Remove-Item -Path $OneDrivePath -Recurse -Force -ErrorAction SilentlyContinue + $removed = $true + } + if ($removed) { WriteLog 'Removal complete' } + } + + # Remove Edge artifacts if Edge update is disabled + if (-not $UpdateEdge) { + $removed = $false + if (Test-Path -Path $installEdgePath) { + WriteLog "Update Edge disabled - removing $installEdgePath" + Remove-Item -Path $installEdgePath -Force -ErrorAction SilentlyContinue + $removed = $true + } + if (Test-Path -Path $EdgePath) { + WriteLog "Update Edge disabled - removing $EdgePath" + Remove-Item -Path $EdgePath -Recurse -Force -ErrorAction SilentlyContinue + $removed = $true + } + if ($removed) { WriteLog 'Removal complete' } + } +} Function Remove-Updates { if ($UpdateLatestDefender) { @@ -4887,6 +4952,10 @@ if ($InstallApps) { } + + # Remove residual update artifacts for any updates disabled via flags + Remove-DisabledUpdates + #Update Latest Defender Platform and Definitions - these can't be serviced into the VHDX, will be saved to AppsPath if ($UpdateLatestDefender) { # Check if Defender has already been downloaded, if so, skip download