-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathharden_step2.ps1
27 lines (20 loc) · 1010 Bytes
/
harden_step2.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# Set Microsoft Defender Exploit Guard Attack Surface Reduction Rules to disabled
$ASR = Get-MpPreference | Select-Object -ExpandProperty AttackSurfaceReductionRules
$ASR.set_Item("ExcludeFilesAndProcessesFromASR", 0)
Set-MpPreference -AttackSurfaceReductionRules $ASR
# Set Exclusions Path to Disabled
$ExclusionsPath = Get-MpPreference | Select-Object -ExpandProperty Exclusions
$ExclusionsPath.set_Item("Paths", $null)
Set-MpPreference -Exclusions $ExclusionsPath
# Turn on script scanning
Set-MpPreference -ScanScriptsEnabled 1
# Scan removable drives
Set-MpPreference -ScanRemovableDrivesEnabled 1
# Enable sandboxing for Microsoft Defender Antivirus
Set-MpPreference -MapiScanningEnabled 1
# Set Network Protection to Block
Set-MpPreference -EnableNetworkProtection 1
# Enable Application Guard (For Enterprise)
Enable-WindowsOptionalFeature -Online -FeatureName Windows-Defender-ApplicationGuard
# Set Always install with elevated privileges to disabled
Set-MpPreference -AlwaysInstallElevated 0