1
0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-11-24 09:01:44 -05:00

Redo SmartScreen/MAPS setup

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-01-07 01:30:05 -07:00
parent 2f0ff65e76
commit 2427d00377
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
5 changed files with 56 additions and 38 deletions

View File

@ -1,15 +1,13 @@
# Microsoft Defender Antivirus # Microsoft Defender Antivirus
**MAPS and features dependent on it are not enabled using this policy. It just configures how aggressive MAPS should be. This is quite invasive so I will only enable it for certain OUs.** **MAPS and features dependent on it disabled using this policy. It is quite invasive so I will only enable it for certain OUs.**
`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus` `Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus`
## MAPS ## MAPS
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MAPS` `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MAPS`
- Join Microsoft MAPS -> Enabled -> Disabled
- Configure the 'Block at First Sight' feature -> Enabled
- Send file samples when further analysis is required -> Enabled -> Always Prompt (Send safe sample works better with 'Block at First Sight, but I really, really do not trust Microsoft on this one)
## Controlled Folder Access ## Controlled Folder Access
@ -17,28 +15,11 @@
- Configure Controlled folder access -> Enabled -> Block - Configure Controlled folder access -> Enabled -> Block
## Network Protection
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection`
Only relevant if SmartScreen is used.
Documentation:
- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide
- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide
This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server)
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
## MpEngine ## MpEngine
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine` `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine`
Only relevant if MAPS is used
- Enable file hash computation feature -> Enabled - Enable file hash computation feature -> Enabled
- Configure extended cloud check -> Specify the extended cloud check time in seconds -> 50
- Select cloud protection level -> Zero tolerance blocking level
## Quarantine ## Quarantine

View File

@ -1,8 +1,9 @@
# Microsoft Edge # Microsoft Edge
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge` `Computer Configuration\Policies\Administrative Templates\Microsoft Edge`
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge - Default Settings (users can override)`
You will need to download the Edge policies from https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ and install it. You will need to download the Edge policies from https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ and install it.
For the actual policies to set, you can follow my repo at https://github.com/TommyTran732/Microsoft-Edge-Policies at set the equivalent group policies of what is being set there. For the actual policies to set, you can follow my repo at https://github.com/TommyTran732/Microsoft-Edge-Policies at set the equivalent group policies of what is being set there.
SmartScreen and Typosquatting as recommeded settings doesn't seem to apply consistently, therefore I force them to be disabled in my Domain Default Policy.

View File

@ -1,6 +1,9 @@
# Windows Defender SmartScreen # Windows Defender SmartScreen
**SmartScreen and features dependent on it disabled using this policy. It is quite invasive so I will only enable it for certain OUs.**
`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen` `Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen`
- Enhanced Phishing Protection -> Service Enabled -> Disabled (**Does not show on Windows Server 2022 by default**) - Enhanced Phishing Protection -> Service Enabled -> Disabled
- Explorer -> Configure Windows Defender SmartScreen -> Disabled
- Microsoft Edge -> Configure Windows Defender SmartScreen -> Disabled - Microsoft Edge -> Configure Windows Defender SmartScreen -> Disabled

View File

@ -0,0 +1,47 @@
# Microsoft Edge
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge`
- SmartScreen settings -> Configure Microsoft Defender SmartScreen -> Enabled
- SmartScreen settings -> Configure Microsoft SmartScreen to block potentially unwanted apps -> Enabled
- TyposuqattingChecker settings -> Configure Edge TyposquattingChecker -> Enabled
# Microsoft Defender Antivirus
## MAPS
`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus`
- Join Microsoft MAPS -> Enabled -> Advanced Membership
- Configure the 'Block at First Sight' feature -> Enabled
- Send file samples when further analysis is required -> Enabled -> Always Prompt (Send safe sample works better with 'Block at First Sight, but I really, really do not trust Microsoft on this one)
## Network Protection
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection`
Only relevant if SmartScreen is used.
Documentation:
- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide
- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-worldwide
This settings controls whether Network protection is allowed to be configured into block or audit mode on Windows -> Enabled (Only relevant if running Windows Server)
Prevent users and apps from accessing dangerous websites -> Enabled -> Block
## MpEngine
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine`
Only relevant if MAPS is used
- Configure extended cloud check -> Specify the extended cloud check time in seconds -> 50
- Select cloud protection level -> Zero tolerance blocking level
# Windows Defender SmartScreen
`Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender SmartScreen`
- Explorer -> Configure Windows Defender SmartScreen -> Enabled -> Warn
- Microsoft Edge -> Configure Windows Defender SmartScreen -> Enabled

View File

@ -1,14 +0,0 @@
# Microsoft Edge
`Computer Configuration\Policies\Administrative Templates\Microsoft Edge`
- SmartScreen settings -> Configure Microsoft Defender SmartScreen -> Enabled
- SmartScreen settings -> Configure Microsoft SmartScreen to block potentially unwanted apps -> Enabled
- TyposuqattingChecker settings -> Configure Edge TyposquattingChecker -> Enabled
# Microsoft Defender Antivirus
`Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus`
- Join Microsoft MAPS -> Enabled -> Advanced Membership