Advanced Security Stenographers Surface Laptop Go Security Config 2022

Last updated
Dec 11, 2022
How it's used?
For home and private use
Operating system
macOS 15 Sequoia
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Enabled
Real-time security
Windows Defender connected to Microsoft 365 for alerting and logging
Firewall security
Microsoft Defender Firewall
About custom security
N/A
Periodic malware scanners
Yes
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
1Password, DuckDuckGo, CookieNinja, uBlockOrigin, PrivacyBadger, noscript
Secure DNS
Over Proton VPN
Desktop VPN
Proton VPN
Password manager
1Password
Maintenance tools
Built in Windows utilities
File and Photo backup
OneDrive, synced to backup server
System recovery
Rebuild from ISO with Ansible Playbook
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Coding and development
Computer specs
Microsoft Surface Laptop Go 8GB RAM 128GB NVME Intel Core i5-1035G1
What I'm looking for?

Looking for maximum feedback.

Stenographers

Stenographers

Level 2
Thread author
Nov 11, 2022
48
Got a barely used Surface Laptop Go and slapped Windows 11 Pro on it. Here is what I've got:

- Controlled folder access enabled
- OneDrive known folder redirection
- Tamper Protection Enabled
- Real-Time Protection Enabled
- Cloud Delivered Protection Enabled
- Automatic Sample Submission
- Defender connected to Microsoft 365 Security (Business Premium License tier)
- Logs going to Azure Sentinel, machine learning applied
- Windows Firewall default rules
- Proton VPN set to start at boot
- ASR Rules enabled with the following Powershell script:

Code: 
#block executable content from email
Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled
#block abuse of exploitable signed drivers
Set-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled
#block office apps from creating child processes
Set-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled
#Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Set-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled
#Block executable content from email client and webmail   
Set-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions Enabled
#Block JavaScript or VBScript from launching downloaded executable content
Set-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled
#Block Office applications from creating executable content
Set-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions Enabled
#Block Office applications from injecting code into other processes
Set-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions Enabled
#Block Office communication application from creating child processes
Set-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions Enabled
#Block process creations originating from PSExec and WMI commands
Set-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled
#Use advanced protection against ransomware   
Set-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled
 
  • Like
Reactions: Nevi, CyberTech, harlan4096 and 1 other person

Similar threads

Thales
    • Like
    • +Reputation
Advanced Security Thales' Config 2024
Replies
87
Views
12,440
PC Setup Configuration Help & Showcase
Thales
Thales
Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
Replies
0
Views
1,298
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
M
    • Like
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Replies
0
Views
684
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top