Windows Defender attack surface reduction and exploit protection features
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!
Hello,
A video on Windows Defender’s attack surface reduction and Exploit protection features
# List of rules and documentation on reducing the attack surface
https://learn.microsoft.com/fr-fr/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rule-to-guid-matrix
Exploit protection documentation
https://learn.microsoft.com/fr-fr/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide
Powershell code for attack surface reduction and and Exploit protection for Windows Defender
#Enable all attack surface reduction rules (list of rules).$rules = @("be9ba2d9-53ea-4cdc-84e5-9B1eeee46550" "d4f940ab-401b-4efc-aadc-ad5f3c50688a" "3b576869-a4eC-4529-8536-b80a7769e899" "75668c1f-73b5-4Cf0-bb93-3ecf5cb7cc84" "d3e037e1-3eb8-44C8-a917-57927947596d" "5beb7efe-fd9A-4556-801d-275e5ffc04cc" "92e97fa1-2edf-4476-bdd6-9dd0B4dddc7b" "01443614-cd74-433a-b99e-2ecdc07bfc25" "c1db55ab-c21a-4637-bb3f-a12568109d35" "9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2" "d1e49aac-8f56-4280-b9ba-993a6d77406c" "b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4" "26190899-1602-49e8-8b27-eb1d0a1ce869" "7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c" "e6db77e5-3df2-4cf1-b95a-636979351e5b" "56a863a9-875e-4185-98a7-b882c64b5ce5")Add-MpPreference -AttackSurfaceReductionRules_Ids $rules -AttackSurfaceReductionRules_Actions (0..($rules.Count -1) | % {"enabled"})
#DisableAdd-MpPreference -AttackSurfaceReductionRules_Ids $rules -AttackSurfaceReductionRules_Actions (0..($rules.Count -1) | % {"disabled"})
#Add an exclusion for attack surface reductionAdd-MpPreference -AttackSurfaceReductionOnlyExclusions "c:\vm"
#Display attack surface reduction parameters (1: Enabled, 0: Disabled)$FormatEnumerationLimit = 20Get-MpPreference | fl attack*
#Display list of rulesGet-MpPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules_Ids# Powershell command to test the rule Block process creation from PSExec and WMI defender commands ASR advanced optionsInvoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine='Notepad.exe'}Video : Windows Defender attack surface reduction and exploit protection features
Related links
Windows Defender attack surface reduction and exploit protection features
Windows Defender attack surface reduction and exploit protection featuresManaging NTFS file system and share security rights
Two videos on managing security rights for the NTFS file system and sharesHow to add and change languages in Windows 10 and Windows 11
How to add and change languages in Windows 10 and Windows 11Services and the services console on Windows
A video presenting services and the Windows services console (start-up mode, service properties and user services)The difference between a printer and a printing device
The difference between a printer and a printing deviceHow to delete personal metadata from Windows files
How to view and delete personal metadata contained in Windows files
Follow me on
Support me
Last content
Powershell and the Left Hand Side
Powershell - Managing disks, partitions and volumes
Powershell - Managing System Restore Points in Windows
Powershell - Playing with the Windows clipboard
Powershell - Changing the state of a computer (sleep, hibernate, shutdown, restart)
Powershell - Compress-Archive and Expand-Archive to create and extract ZIP archives
Powershell - Export-Csv versus Export-Clixml
Powershell - Overview of Where-Object basic syntax and its limitations
Powershell - Hyper-V - Give a custom name to a virtual network adapter