Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Configuration Help & Showcase
Thales' Config 2024
Message
<blockquote data-quote="Thales" data-source="post: 1019768" data-attributes="member: 67896"><p>I reworked the GPO rules from scratch. I made only crucial edits. I also enabled some new settings like "Interactive logon: Do not require CTRL+ALT+DEL <span style="color: rgb(226, 80, 65)">Disabled</span>"</p><p></p><p>[SPOILER="ASR rules"]</p><p>Block executable content from email client and webmail</p><p>BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550</p><p>Block all Office applications from creating child processes</p><p>D4F940AB-401B-4EFC-AADC-AD5F3C50688A</p><p>Block Office applications from creating executable content</p><p>3B576869-A4EC-4529-8536-B80A7769E899</p><p>Block Office applications from injecting code into other processes</p><p>75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84</p><p>Block JavaScript or VBScript from launching downloaded executable content</p><p>D3E037E1-3EB8-44C8-A917-57927947596D</p><p>Block execution of potentially obfuscated scripts</p><p>5BEB7EFE-FD9A-4556-801D-275E5FFC04CC</p><p>Block Win32 API calls from Office macro</p><p>92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B</p><p>Block executable files from running unless they meet a prevalence, age, or trusted list criterion</p><p>01443614-CD74-433A-B99E-2ECDC07BFC25</p><p>Use advanced protection against ransomware</p><p>C1DB55AB-C21A-4637-BB3F-A12568109D35</p><p>Block credential stealing from the Windows local security authority subsystem (lsass.exe)</p><p>9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2</p><p>Block process creations originating from PSExec and WMI commands</p><p>D1E49AAC-8F56-4280-B9BA-993A6D77406C</p><p>Block untrusted and unsigned processes that run from USB</p><p>B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4</p><p>Block Office communication application from creating child processes</p><p>26190899-1602-49E8-8B27-EB1D0A1CE869</p><p>Block Adobe Reader from creating child processes</p><p>7674BA52-37EB-4A4F-A9A1-F0F9A1619A2C</p><p>Block persistence through WMI event subscription</p><p>E6DB77E5-3DF2-4CF1-B95A-636979351E5B.</p><p>[/SPOILER]</p><p></p><p>[SPOILER="Credential entry"]</p><p>Do not display network selection UI <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Enumerate local users on domain-joined computers <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Enumerate administrator accounts on elevation <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Require trusted path for credential entry <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Prevent the use of security questions for local accounts <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Disable or enable software Secure Attention Sequence <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Sign-in last interactive user automatically after a system-initiated restart <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Interactive logon: Do not require CTRL+ALT+DEL <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>[/SPOILER]</p><p></p><p>[SPOILER="Early Malware"]</p><p>Boot-Start Driver Initialization Policy <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Choose the boot-start drivers that can be initialized: Good and unknown</p><p>[/SPOILER]</p><p></p><p>[SPOILER="Defender"]</p><p>Turn off Microsoft Defender Antivirus <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure detection for potentially unwanted applications <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Configure local setting override for reporting to Microsoft MAPS <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure the ‘Block at First Sight’ feature <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Join Microsoft MAPS <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Send file samples when further analysis is required <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Configure extended cloud check <span style="color: rgb(65, 168, 95)">Enabled</span></p><p> Specify the extended cloud check time in seconds: 50</p><p>Select cloud protection level <span style="color: rgb(65, 168, 95)">Enabled</span></p><p> Select cloud blocking level: High blocking level or Zero Tolerance</p><p></p><p>Turn off real-time protection <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Turn on behavior monitoring <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Scan all downloaded files and attachments <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Monitor file and program activity on your computer <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Turn on raw volume write notifications <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Turn on process scanning whenever real-time protection is enabled <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Define the maximum size of downloaded files and attachments to be scanned <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Configure local setting override for turn on behavior monitoring <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure local setting override for scanning all downloaded files and attachments <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure local setting override for monitoring file and program activity on your computer <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure local setting override to turn on real-time protection <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure local setting override for monitoring for incoming and outgoing file activity <span style="color: rgb(226, 80, 65)">Disabled</span></p><p>Configure monitoring for incoming and outgoing file and program activity <span style="color: rgb(65, 168, 95)">Enabled </span>(Both)</p><p></p><p>Check for the latest virus and spyware definitions before running a scheduled scan <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Scan archive files <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Scan packed executables <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Scan removable drives <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Turn on e-mail scanning <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Turn on heuristics <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Configure detection for potentially unwanted application <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>Configure Windows Defender smartscreen <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>[/SPOILER]</p><p></p><p>[SPOILER="Bitlocker"]</p><p><strong>BitLocker Drive Encryption</strong></p><p><strong>Choose drive encryption method and cipher strength</strong></p><p>Select the encryption method for operating system drives: XTS AES 256-bit</p><p>Select the encryption method for fixed data drives: XTS AES 256-bit</p><p>Select the encryption method for removable data drives: AES-CBC 256-bit</p><p><strong>Disable new DMA devices when this computer is locked Enabled</strong></p><p><strong>Prevent memory overwrite on restart Disabled</strong></p><p><strong></strong></p><p><strong>Fixed Data Drives</strong></p><p><strong>Choose how BitLocker-protected removable drives can be recovered Enabled</strong></p><p>Allow data recovery agent</p><p>Allow 48-digit recovery password</p><p>Allow 256-bit recovery key</p><p>Save BitLocker recovery information to AD DS for operating system drives</p><p>Backup recovery passwords and key packages</p><p><strong>Configure use of passwords for fixed data drives Enabled</strong></p><p>Allow password complexity</p><p>Minimum password length for fixed data drive: 14</p><p><strong>Operating System Drives</strong></p><p><strong>Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. Disabled</strong></p><p><strong>Allow Secure Boot for integrity validation Enabled</strong></p><p><strong>Choose how BitLocker-protected operating system drives can be recovered Enabled</strong></p><p>Allow data recovery agent</p><p>Allow 48-digit recovery password</p><p>Allow 256-bit recovery key</p><p>Save BitLocker recovery information to AD DS for operating system drives</p><p>Store recovery passwords and key packages</p><p><strong>Configure minimum PIN length for startup Enabled</strong></p><p>Minimum characters: 14</p><p><strong>Configure use of passwords for operating system drives Enabled</strong></p><p>Allow password complexity</p><p>Minimum password length for operating system drive: 14</p><p><strong>Disallow standard users from changing the PIN or password Enabled</strong></p><p><strong>Require additional authentication at startup Enabled</strong></p><p>UNCHECKED Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)</p><p>Allow TPM</p><p>Allow startup PIN with TPM</p><p>Allow startup key with TPM</p><p>Allow startup key and PIN with TPM</p><p><strong>Reset platform validation data after BitLocker recovery Enabled</strong></p><p><strong></strong></p><p><strong>Removable Data Drives</strong></p><p>Choose how BitLocker-protected removable drives can be recovered Enabled</p><p>Allow data recovery agent</p><p>Allow 48-digit recovery password</p><p>Allow 256-bit recovery key</p><p>Omit recovery options from the BitLocker setup wizard</p><p>Save BitLocker recovery information to AD DS for operating system drives</p><p>Backup recovery passwords and key packages</p><p>Do not enable BitLocker until recovery information is stored to AD DS for operating system drives</p><p><strong>Configure use of passwords for fixed data drives Enabled</strong></p><p>Allow password complexity</p><p>Minimum password length for fixed data drive: 14</p><p><strong>Control use of BitLocker on removable drives Enabled</strong></p><p>Allow users to apply BitLocker protection on removable data drives</p><p>Allow users to suspend and decrypt BitLocker on removable data drives</p><p>[/SPOILER]</p><p></p><p>[SPOILER="Other Things"]</p><p>Prevent access to 16-bit applications <span style="color: rgb(65, 168, 95)">Enabled</span></p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="Thales, post: 1019768, member: 67896"] I reworked the GPO rules from scratch. I made only crucial edits. I also enabled some new settings like "Interactive logon: Do not require CTRL+ALT+DEL [COLOR=rgb(226, 80, 65)]Disabled[/COLOR]" [SPOILER="ASR rules"] Block executable content from email client and webmail BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 Block all Office applications from creating child processes D4F940AB-401B-4EFC-AADC-AD5F3C50688A Block Office applications from creating executable content 3B576869-A4EC-4529-8536-B80A7769E899 Block Office applications from injecting code into other processes 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 Block JavaScript or VBScript from launching downloaded executable content D3E037E1-3EB8-44C8-A917-57927947596D Block execution of potentially obfuscated scripts 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC Block Win32 API calls from Office macro 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B Block executable files from running unless they meet a prevalence, age, or trusted list criterion 01443614-CD74-433A-B99E-2ECDC07BFC25 Use advanced protection against ransomware C1DB55AB-C21A-4637-BB3F-A12568109D35 Block credential stealing from the Windows local security authority subsystem (lsass.exe) 9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2 Block process creations originating from PSExec and WMI commands D1E49AAC-8F56-4280-B9BA-993A6D77406C Block untrusted and unsigned processes that run from USB B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4 Block Office communication application from creating child processes 26190899-1602-49E8-8B27-EB1D0A1CE869 Block Adobe Reader from creating child processes 7674BA52-37EB-4A4F-A9A1-F0F9A1619A2C Block persistence through WMI event subscription E6DB77E5-3DF2-4CF1-B95A-636979351E5B. [/SPOILER] [SPOILER="Credential entry"] Do not display network selection UI [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Enumerate local users on domain-joined computers [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Enumerate administrator accounts on elevation [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Require trusted path for credential entry [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Prevent the use of security questions for local accounts [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Disable or enable software Secure Attention Sequence [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Sign-in last interactive user automatically after a system-initiated restart [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Interactive logon: Do not require CTRL+ALT+DEL [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] [/SPOILER] [SPOILER="Early Malware"] Boot-Start Driver Initialization Policy [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Choose the boot-start drivers that can be initialized: Good and unknown [/SPOILER] [SPOILER="Defender"] Turn off Microsoft Defender Antivirus [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure detection for potentially unwanted applications [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Configure local setting override for reporting to Microsoft MAPS [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure the ‘Block at First Sight’ feature [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Join Microsoft MAPS [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Send file samples when further analysis is required [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Configure extended cloud check [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Specify the extended cloud check time in seconds: 50 Select cloud protection level [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Select cloud blocking level: High blocking level or Zero Tolerance Turn off real-time protection [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Turn on behavior monitoring [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Scan all downloaded files and attachments [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Monitor file and program activity on your computer [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Turn on raw volume write notifications [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Turn on process scanning whenever real-time protection is enabled [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Define the maximum size of downloaded files and attachments to be scanned [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Configure local setting override for turn on behavior monitoring [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure local setting override for scanning all downloaded files and attachments [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure local setting override for monitoring file and program activity on your computer [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure local setting override to turn on real-time protection [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure local setting override for monitoring for incoming and outgoing file activity [COLOR=rgb(226, 80, 65)]Disabled[/COLOR] Configure monitoring for incoming and outgoing file and program activity [COLOR=rgb(65, 168, 95)]Enabled [/COLOR](Both) Check for the latest virus and spyware definitions before running a scheduled scan [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Scan archive files [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Scan packed executables [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Scan removable drives [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Turn on e-mail scanning [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Turn on heuristics [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Configure detection for potentially unwanted application [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] Configure Windows Defender smartscreen [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] [/SPOILER] [SPOILER="Bitlocker"] [B]BitLocker Drive Encryption Choose drive encryption method and cipher strength[/B] Select the encryption method for operating system drives: XTS AES 256-bit Select the encryption method for fixed data drives: XTS AES 256-bit Select the encryption method for removable data drives: AES-CBC 256-bit [B]Disable new DMA devices when this computer is locked Enabled Prevent memory overwrite on restart Disabled Fixed Data Drives Choose how BitLocker-protected removable drives can be recovered Enabled[/B] Allow data recovery agent Allow 48-digit recovery password Allow 256-bit recovery key Save BitLocker recovery information to AD DS for operating system drives Backup recovery passwords and key packages [B]Configure use of passwords for fixed data drives Enabled[/B] Allow password complexity Minimum password length for fixed data drive: 14 [B]Operating System Drives Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. Disabled Allow Secure Boot for integrity validation Enabled Choose how BitLocker-protected operating system drives can be recovered Enabled[/B] Allow data recovery agent Allow 48-digit recovery password Allow 256-bit recovery key Save BitLocker recovery information to AD DS for operating system drives Store recovery passwords and key packages [B]Configure minimum PIN length for startup Enabled[/B] Minimum characters: 14 [B]Configure use of passwords for operating system drives Enabled[/B] Allow password complexity Minimum password length for operating system drive: 14 [B]Disallow standard users from changing the PIN or password Enabled Require additional authentication at startup Enabled[/B] UNCHECKED Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) Allow TPM Allow startup PIN with TPM Allow startup key with TPM Allow startup key and PIN with TPM [B]Reset platform validation data after BitLocker recovery Enabled Removable Data Drives[/B] Choose how BitLocker-protected removable drives can be recovered Enabled Allow data recovery agent Allow 48-digit recovery password Allow 256-bit recovery key Omit recovery options from the BitLocker setup wizard Save BitLocker recovery information to AD DS for operating system drives Backup recovery passwords and key packages Do not enable BitLocker until recovery information is stored to AD DS for operating system drives [B]Configure use of passwords for fixed data drives Enabled[/B] Allow password complexity Minimum password length for fixed data drive: 14 [B]Control use of BitLocker on removable drives Enabled[/B] Allow users to apply BitLocker protection on removable data drives Allow users to suspend and decrypt BitLocker on removable data drives [/SPOILER] [SPOILER="Other Things"] Prevent access to 16-bit applications [COLOR=rgb(65, 168, 95)]Enabled[/COLOR] [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
