Windows Defender attack surface reduction and exploit protection features
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!
Hello,
A video on Windows Defender’s attack surface reduction and Exploit protection features
# List of rules and documentation on reducing the attack surface
https://learn.microsoft.com/fr-fr/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rule-to-guid-matrix
Exploit protection documentation
https://learn.microsoft.com/fr-fr/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide
Powershell code for attack surface reduction and and Exploit protection for Windows Defender
#Enable all attack surface reduction rules (list of rules).$rules = @("be9ba2d9-53ea-4cdc-84e5-9B1eeee46550" "d4f940ab-401b-4efc-aadc-ad5f3c50688a" "3b576869-a4eC-4529-8536-b80a7769e899" "75668c1f-73b5-4Cf0-bb93-3ecf5cb7cc84" "d3e037e1-3eb8-44C8-a917-57927947596d" "5beb7efe-fd9A-4556-801d-275e5ffc04cc" "92e97fa1-2edf-4476-bdd6-9dd0B4dddc7b" "01443614-cd74-433a-b99e-2ecdc07bfc25" "c1db55ab-c21a-4637-bb3f-a12568109d35" "9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2" "d1e49aac-8f56-4280-b9ba-993a6d77406c" "b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4" "26190899-1602-49e8-8b27-eb1d0a1ce869" "7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c" "e6db77e5-3df2-4cf1-b95a-636979351e5b" "56a863a9-875e-4185-98a7-b882c64b5ce5")Add-MpPreference -AttackSurfaceReductionRules_Ids $rules -AttackSurfaceReductionRules_Actions (0..($rules.Count -1) | % {"enabled"})
#DisableAdd-MpPreference -AttackSurfaceReductionRules_Ids $rules -AttackSurfaceReductionRules_Actions (0..($rules.Count -1) | % {"disabled"})
#Add an exclusion for attack surface reductionAdd-MpPreference -AttackSurfaceReductionOnlyExclusions "c:\vm"
#Display attack surface reduction parameters (1: Enabled, 0: Disabled)$FormatEnumerationLimit = 20Get-MpPreference | fl attack*
#Display list of rulesGet-MpPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules_Ids# Powershell command to test the rule Block process creation from PSExec and WMI defender commands ASR advanced optionsInvoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine='Notepad.exe'}Video : Windows Defender attack surface reduction and exploit protection features
Related links
Windows Defender attack surface reduction and exploit protection features
Windows Defender attack surface reduction and exploit protection featuresManaging NTFS file system and share security rights
Two videos on managing security rights for the NTFS file system and sharesHow to add and change languages in Windows 10 and Windows 11
How to add and change languages in Windows 10 and Windows 11Services and the services console on Windows
A video presenting services and the Windows services console (start-up mode, service properties and user services)The difference between a printer and a printing device
The difference between a printer and a printing deviceHow to delete personal metadata from Windows files
How to view and delete personal metadata contained in Windows files
Follow me on
Support me
Last content
Powershell - Export-Csv versus Export-Clixml
Powershell - Overview of Where-Object basic syntax and its limitations
Powershell - Hyper-V - Give a custom name to a virtual network adapter
Powershell - How to add and view a GPO description
Powershell - Displaying and changing the power mode in Windows
Powershell - Adding a line to a file from a specific line
Windows 11 - how to organise your Start menu
Overview of the different types of application in Windows
Windows - Get remote help easily with Quick Assist
How to add and change languages in Windows 10 and Windows 11