Skip to content

Instantly share code, notes, and snippets.

@superswan

superswan/Windows Defender is enough, if you harden it.md

Last active April 5, 2024 19:23
Show Gist options
  • Save superswan/1d6ed59e75273f90a481428964be3ae5 to your computer and use it in GitHub Desktop.
Save superswan/1d6ed59e75273f90a481428964be3ae5 to your computer and use it in GitHub Desktop.
Download ZIP
Not your father's Window's Defender. Based on https://0ut3r.space/2022/03/06/windows-defender/
Raw
Windows Defender is enough, if you harden it.md

Windows Defender Configuration/Hardening

https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2022-ps&viewFallbackFrom=win10-ps

Get Current Config

Get-MpPreference

Configuring

Signature update

Set-MpPreference -SignatureUpdateInterval 1

Set-MpPreference -CheckForSignaturesBeforeRunningScan 1

Enable MAPS (Microsoft Active Protection Service)

Set-MpPreference -MAPSReporting 1

Set-MpPreference -SubmitSamplesConsent 3

Set-MpPreference -CloudBlockLevel ZeroTolerance

Set-MpPreference -CloudExtendedTimeout 50

PUA (Optional)

Set-MpPreference -PUAProtection 0

GUI Options

Ransomeware Protection

This can be enabled from GUI. Just type Windows Security in Menu Start, go to Virus & Threat protection and at the bottom of that screen select Ransomware protection and click on Manage ransomware protection and select enable on Controlled Folder access.

Review

  • App & browser control
  • Reputation-based protection
  • Isolated browsing (useful if you are using Edge)
  • Exploit Protection (See next section)

Going further

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment