![]() |
Hardening MS Windows - Printable Version +- AiOwares (https://www.aiowares.com) +-- Forum: Cyber & Forensics (https://www.aiowares.com/forumdisplay.php?fid=65) +--- Forum: Cyber Security (https://www.aiowares.com/forumdisplay.php?fid=66) +--- Thread: Hardening MS Windows (/showthread.php?tid=3254) |
Hardening MS Windows - anthax.acide - 02-05-2023 Attack Surface Reduction Attack Surface Reduction (ASR), a security feature of Microsoft Windows 10, forms part of Microsoft Defender Exploit Guard. It is designed to combat the threat of malware exploiting legitimate functionality in Microsoft Office applications. In order to use ASR, Microsoft Defender Antivirus must be configured as the primary real-time antivirus scanning engine on workstations. ASR offers a number of attack surface reduction rules, these include:
RE: Hardening MS Windows - anthax.acide - 02-05-2023 Early Launch Antimalware Another key security feature of Trusted Boot, supported by Microsoft Windows 10 and motherboards with an Unified Extensible Firmware Interface (UEFI), is Early Launch Antimalware (ELAM). Used in conjunction with Secure Boot, an ELAM driver can be registered as the first non-Microsoft driver that will be initialised on a workstation as part of the boot process, thus allowing it to verify all subsequent drivers before they are initialised. The ELAM driver is capable of allowing only known good drivers to initialise; known good and unknown drivers to initialise; known good, unknown and bad but critical drivers to initialise; or all drivers to initialise. To reduce the risk of malicious drivers, only known good and unknown drivers should be allowed to be initialised during the boot process. The following Group Policy setting can be implemented to ensure only known good and unknown drivers will be initialised at boot time. RE: Hardening MS Windows - gugtenterf - 03-06-2023 Can MS Defender Antivirus replace security bundles products like Norton 360? Or it just work as an antivirus? Does anybody knows if it can block cryptomining powershell scripts loaded in memory? RE: Hardening MS Windows - ibay770 - 11-21-2023 I don't think so. I've found a helpful tip, is to get a firewall like tinywall that blacks everything except for what you all, so even if you do get a coinminer, it won't be able to connect to the Internet. Also try this and this. You may have to do some tweaking to get the right abalnace of running your software and blocking the rest. Also you can adjust your software restriction policies with this to block coin miners running from specific folders. RE: Hardening MS Windows - wrex - 01-24-2024 I ever get ransomware, all my files on my laptop cannot open |