Windows Defender attack surface reduction and exploit protection features
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker, purchase my 3D plans, or make a donation or subscribe on Ko-Fi. Thank you!
Hello,
A video on Windows Defender’s attack surface reduction and Exploit protection features
# List of rules and documentation on reducing the attack surface
https://learn.microsoft.com/fr-fr/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#asr-rule-to-guid-matrix
Exploit protection documentation
https://learn.microsoft.com/fr-fr/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide
Powershell code for attack surface reduction and and Exploit protection for Windows Defender
#Enable all attack surface reduction rules (list of rules).$rules = @("be9ba2d9-53ea-4cdc-84e5-9B1eeee46550" "d4f940ab-401b-4efc-aadc-ad5f3c50688a" "3b576869-a4eC-4529-8536-b80a7769e899" "75668c1f-73b5-4Cf0-bb93-3ecf5cb7cc84" "d3e037e1-3eb8-44C8-a917-57927947596d" "5beb7efe-fd9A-4556-801d-275e5ffc04cc" "92e97fa1-2edf-4476-bdd6-9dd0B4dddc7b" "01443614-cd74-433a-b99e-2ecdc07bfc25" "c1db55ab-c21a-4637-bb3f-a12568109d35" "9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2" "d1e49aac-8f56-4280-b9ba-993a6d77406c" "b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4" "26190899-1602-49e8-8b27-eb1d0a1ce869" "7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c" "e6db77e5-3df2-4cf1-b95a-636979351e5b" "56a863a9-875e-4185-98a7-b882c64b5ce5")Add-MpPreference -AttackSurfaceReductionRules_Ids $rules -AttackSurfaceReductionRules_Actions (0..($rules.Count -1) | % {"enabled"})
#DisableAdd-MpPreference -AttackSurfaceReductionRules_Ids $rules -AttackSurfaceReductionRules_Actions (0..($rules.Count -1) | % {"disabled"})
#Add an exclusion for attack surface reductionAdd-MpPreference -AttackSurfaceReductionOnlyExclusions "c:\vm"
#Display attack surface reduction parameters (1: Enabled, 0: Disabled)$FormatEnumerationLimit = 20Get-MpPreference | fl attack*
#Display list of rulesGet-MpPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules_Ids# Powershell command to test the rule Block process creation from PSExec and WMI defender commands ASR advanced optionsInvoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine='Notepad.exe'}Video : Windows Defender attack surface reduction and exploit protection features
Related links
Windows Defender attack surface reduction and exploit protection features
Windows Defender attack surface reduction and exploit protection featuresManaging NTFS file system and share security rights
Two videos on managing security rights for the NTFS file system and sharesHow to add and change languages in Windows 10 and Windows 11
How to add and change languages in Windows 10 and Windows 11Services and the services console on Windows
A video presenting services and the Windows services console (start-up mode, service properties and user services)The difference between a printer and a printing device
The difference between a printer and a printing deviceHow to delete personal metadata from Windows files
How to view and delete personal metadata contained in Windows files
Follow me on
Support me
E-shop
Last content
Powershell - Simply send objects to different variables
Portsmouth Vintage Travel poster - hueforge
Andalucia vintage poster - hueforge
Paris Travel poster - hueforge