Powershell.exe Add-MpPreference -AttackSurfaceReductionRules_Ids 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B -AttackSurfaceReductionRules_Actions Enabled
Powershell.exe Add-MpPreference -AttackSurfaceReductionRules_Ids 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 -AttackSurfaceReductionRules_Actions Enabled Powershell.exe Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EFC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled :: Note these only work when Defender is your primary AV :: Blocks Office childprocs, Office proc injection, Office win32 api calls & executable content creation :: Enable ASR rules in Win10 1903 ExploitGuard to mitigate Office malspam Reg add "HKCU\SYSTEM\CurrentControlSet\Policies\EarlyLaunch" /v DriverLoadPolicy /t REG_DWORD /d 3 /f Recommend trying 1 for 'good and unknown' or 8 which is 'good only' :: 3 is the default which allows good, unknown and 'bad but critical'. :: Enable early launch antimalware driver for scan of boot-start drivers Powershell.exe Set-MpPreference -SubmitSamplesConsent Always Powershell.exe Set-MpPreference -MAPSReporting Advanced :: Enable Cloud functionality of Windows Defender Reg add "HKCU\SOFTWARE\Microsoft\Windows Defender" /v PassiveMode /t REG_DWORD /d 2 /f Powershell.exe Set-MpPreference -PUAProtection enable :: Enable Defender signatures for Potentially Unwanted Applications (PUA) "%ProgramFiles%"\"Windows Defender"\MpCmdRun.exe -SignatureUpdate
::"%programfiles%"\"Windows Defender"\MpCmdRun.exe -RestoreDefaults Commented out but available for reference :: Enable and configure Windows Defender and advanced settings :: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :)įtype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"įtype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1"įtype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" bat, you will now need to execute them manually from cmd or powershell :: Note that if you legitimately use these extensions, like. :: Change file associations to protect against common ransomware attacks Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. References for virtually all settings can be found at the bottom. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. :: This is based mostly on my own personal research and testing. :: Windows 10 Hardening Script - DISCLAIMER: - USE IT AT YOUR OWN RISK
0 kommentar(er)
