Advanced Security Stenographers Surface Laptop Go Security Config 2022

Last updated
Dec 11, 2022
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Enabled
Real-time security
Windows Defender connected to Microsoft 365 for alerting and logging
Firewall security
Microsoft Defender Firewall
About custom security
N/A
Periodic malware scanners
Yes
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
1Password, DuckDuckGo, CookieNinja, uBlockOrigin, PrivacyBadger, noscript
Secure DNS
Over Proton VPN
Desktop VPN
Proton VPN
Password manager
1Password
Maintenance tools
Built in Windows utilities
File and Photo backup
OneDrive, synced to backup server
System recovery
Rebuild from ISO with Ansible Playbook
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Coding and development
Computer specs
Microsoft Surface Laptop Go 8GB RAM 128GB NVME Intel Core i5-1035G1
What I'm looking for?

Looking for maximum feedback.

Stenographers

Level 2
Thread author
Nov 11, 2022
48
Got a barely used Surface Laptop Go and slapped Windows 11 Pro on it. Here is what I've got:

- Controlled folder access enabled
- OneDrive known folder redirection
- Tamper Protection Enabled
- Real-Time Protection Enabled
- Cloud Delivered Protection Enabled
- Automatic Sample Submission
- Defender connected to Microsoft 365 Security (Business Premium License tier)
- Logs going to Azure Sentinel, machine learning applied
- Windows Firewall default rules
- Proton VPN set to start at boot
- ASR Rules enabled with the following Powershell script:

Code:
#block executable content from email
Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled
#block abuse of exploitable signed drivers
Set-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled
#block office apps from creating child processes
Set-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled
#Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Set-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled
#Block executable content from email client and webmail   
Set-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions Enabled
#Block JavaScript or VBScript from launching downloaded executable content
Set-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled
#Block Office applications from creating executable content
Set-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions Enabled
#Block Office applications from injecting code into other processes
Set-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions Enabled
#Block Office communication application from creating child processes
Set-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions Enabled
#Block process creations originating from PSExec and WMI commands
Set-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled
#Use advanced protection against ransomware   
Set-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top