Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="shmu26" data-source="post: 734779" data-attributes="member: 37647"><p>Yeah, the powershell commands work. I was kinda hoping for a tutorial that held my hand a little more tightly, but it does work.</p><p></p><p>1 You must be careful to use <strong><span style="color: rgb(184, 49, 47)">Add</span></strong>-MpPreference and not <strong><span style="color: rgb(184, 49, 47)">Set</span></strong>-MpPreference if you already have some ASR rules and you don't want to delete them</p><p></p><p>2 The command to use is Add-MpPreference -AttackSurfaceReductionRules_Ids <strong><span style="color: rgb(184, 49, 47)">put the rule ID here</span></strong> -AttackSurfaceReductionRules_Actions Enabled </p><p></p><p>The IDs for the rules are:</p><p></p><p>Block executable content from email client and webmail</p><p>BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550</p><p></p><p>Block Office applications from creating child processes</p><p>D4F940AB-401B-4EFC-AADC-AD5F3C50688A</p><p></p><p>Block Office applications from creating executable content</p><p>3B576869-A4EC-4529-8536-B80A7769E899</p><p></p><p>Block Office applications from injecting code into other processes</p><p>75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84</p><p></p><p>Block JavaScript or VBScript from launching downloaded executable content</p><p>D3E037E1-3EB8-44C8-A917-57927947596D</p><p></p><p>Block execution of potentially obfuscated scripts</p><p>5BEB7EFE-FD9A-4556-801D-275E5FFC04CC</p><p></p><p>Block Win32 API calls from Office macro</p><p>92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B</p><p></p><p>Block executable files from running unless they meet a prevalence, age, or trusted list criteria</p><p>01443614-cd74-433a-b99e-2ecdc07bfc25</p><p></p><p>Use advanced protection against ransomware</p><p>c1db55ab-c21a-4637-bb3f-a12568109d35</p><p></p><p>Block credential stealing from the Windows local security authority subsystem (lsass.exe)</p><p>9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2</p><p></p><p>Block process creations originating from PSExec and WMI commands</p><p>d1e49aac-8f56-4280-b9ba-993a6d77406c</p><p></p><p>Block untrusted and unsigned processes that run from USB</p><p>b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4</p></blockquote><p></p>
[QUOTE="shmu26, post: 734779, member: 37647"] Yeah, the powershell commands work. I was kinda hoping for a tutorial that held my hand a little more tightly, but it does work. 1 You must be careful to use [B][COLOR=rgb(184, 49, 47)]Add[/COLOR][/B]-MpPreference and not [B][COLOR=rgb(184, 49, 47)]Set[/COLOR][/B]-MpPreference if you already have some ASR rules and you don't want to delete them 2 The command to use is Add-MpPreference -AttackSurfaceReductionRules_Ids [B][COLOR=rgb(184, 49, 47)]put the rule ID here[/COLOR][/B] -AttackSurfaceReductionRules_Actions Enabled The IDs for the rules are: Block executable content from email client and webmail BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 Block Office applications from creating child processes D4F940AB-401B-4EFC-AADC-AD5F3C50688A Block Office applications from creating executable content 3B576869-A4EC-4529-8536-B80A7769E899 Block Office applications from injecting code into other processes 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 Block JavaScript or VBScript from launching downloaded executable content D3E037E1-3EB8-44C8-A917-57927947596D Block execution of potentially obfuscated scripts 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC Block Win32 API calls from Office macro 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B Block executable files from running unless they meet a prevalence, age, or trusted list criteria 01443614-cd74-433a-b99e-2ecdc07bfc25 Use advanced protection against ransomware c1db55ab-c21a-4637-bb3f-a12568109d35 Block credential stealing from the Windows local security authority subsystem (lsass.exe) 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 Block process creations originating from PSExec and WMI commands d1e49aac-8f56-4280-b9ba-993a6d77406c Block untrusted and unsigned processes that run from USB b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
