Tomster/Windows-Setup
1
0
Fork 0
mirror of https://github.com/TommyTran732/Windows-Setup.git synced 2024-10-17 23:45:24 -04:00
Code

Add ASR rules

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-04-26 00:06:19 -07:00
parent c76835ff6a
commit ddefee6de0
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Group Policies Objects/Default Domain Policy/Microsoft Defender Antivirus.md
View File

@ -15,6 +15,14 @@
- Configure Controlled folder access -> Enabled -> Block - Configure Controlled folder access -> Enabled -> Block
## Attack Surface Reduction
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack surface reduction`
- Configure Attack Surface Reduction rules -> Add all rules from the [GUID Matrix](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rule-to-guid-matrix) except `01443614-cd74-433a-b99e-2ecdc07bfc25`. Set their value to 1.
Rationale: `01443614-cd74-433a-b99e-2ecdc07bfc25` depends on Microsoft Cloud Protection (MAPS). The only place where I use MAPS is my gaming machine, and it needs to be able to run not-so-reputable programs anyways.
## MpEngine ## MpEngine
`Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine` `Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\MpEngine`