Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Configuration Help & Showcase
Stenographers Surface Laptop Go Security Config 2022
Message
<blockquote data-quote="Stenographers" data-source="post: 1014452" data-attributes="member: 97396"><p>Got a barely used Surface Laptop Go and slapped Windows 11 Pro on it. Here is what I've got:</p><p></p><p>- Controlled folder access enabled</p><p>- OneDrive known folder redirection</p><p>- Tamper Protection Enabled</p><p>- Real-Time Protection Enabled</p><p>- Cloud Delivered Protection Enabled</p><p>- Automatic Sample Submission</p><p>- Defender connected to Microsoft 365 Security (Business Premium License tier)</p><p>- Logs going to Azure Sentinel, machine learning applied</p><p>- Windows Firewall default rules</p><p>- Proton VPN set to start at boot</p><p>- ASR Rules enabled with the following Powershell script:</p><p></p><p>[CODE]#block executable content from email</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled</p><p>#block abuse of exploitable signed drivers</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled</p><p>#block office apps from creating child processes</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block credential stealing from the Windows local security authority subsystem (lsass.exe)</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block executable content from email client and webmail </p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block JavaScript or VBScript from launching downloaded executable content</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block Office applications from creating executable content</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block Office applications from injecting code into other processes</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block Office communication application from creating child processes</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions Enabled</p><p>#Block process creations originating from PSExec and WMI commands</p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled</p><p>#Use advanced protection against ransomware </p><p>Set-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled[/CODE]</p></blockquote><p></p>
[QUOTE="Stenographers, post: 1014452, member: 97396"] Got a barely used Surface Laptop Go and slapped Windows 11 Pro on it. Here is what I've got: - Controlled folder access enabled - OneDrive known folder redirection - Tamper Protection Enabled - Real-Time Protection Enabled - Cloud Delivered Protection Enabled - Automatic Sample Submission - Defender connected to Microsoft 365 Security (Business Premium License tier) - Logs going to Azure Sentinel, machine learning applied - Windows Firewall default rules - Proton VPN set to start at boot - ASR Rules enabled with the following Powershell script: [CODE]#block executable content from email Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled #block abuse of exploitable signed drivers Set-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled #block office apps from creating child processes Set-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled #Block credential stealing from the Windows local security authority subsystem (lsass.exe) Set-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled #Block executable content from email client and webmail Set-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions Enabled #Block JavaScript or VBScript from launching downloaded executable content Set-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled #Block Office applications from creating executable content Set-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions Enabled #Block Office applications from injecting code into other processes Set-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions Enabled #Block Office communication application from creating child processes Set-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions Enabled #Block process creations originating from PSExec and WMI commands Set-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled #Use advanced protection against ransomware Set-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled[/CODE] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
