• Hallo Gast, du kaufst gerne günstig ein und erfährst oft vor deinen Freunden von interessanten Angeboten? Dann kannst du dein Talent als Schnäppchenjäger jetzt zu Geld machen und anderen PCGH-Lesern beim Sparen helfen! Schau einfach mal rein - beim Test der Community Deals!

Windows Defender Tweaks

Striker434

Komplett-PC-Aufrüster(in)
Hallo zusammen,

ich möchte mit euch mal meine Windows Defender Tweaks für Windows 10 (ab Build 1709) teilen. Mit den folgenden Einstellungen erhöht ihr die Sicherheit eures Systems im Zusammenspiel mit dem Windows Defender.
Die Einstellungen sind auf eigene Gefahr und ich übernehme keine Haftung :) Läuft bei mir wunderbar. Für Anregungen und Fragen bin ich offen.
Powershell als Administrator starten den folgenden Code reinkopieren oder die anghängte .ps1 Datei mit Powershell ausführen!

Code:
# Author: Striker434 @ pcgh.de
# Version: 1.0
# Date: 18.09.2018

### Check Admin rights ###

If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
    Write-Warning "Please run this script as an Administrator!"
    read-host "Please press enter to exit..."
    Break
}
else
{
    # https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=win10-ps
    # https://www.powershellgallery.com/packages/WindowsDefender_InternalEvaluationSettings/1.2/Content/WindowsDefender_InternalEvaluationSettings.ps1
    
    Write-Host "Enable PUA Protection..."
    Set-MpPreference -PUAProtection Enabled
    
    Write-Host "Set SignatureUpdateInterval to every one hour..."
    Set-MpPreference -SignatureUpdateInterval 1
    
    Write-Host "Enable NetworkProtection..."
    Set-MpPreference -EnableNetworkProtection Enabled
    
    Write-Host "Set CloudBlockLevel to 'ZeroTolerance' (highest level)..."
    Set-MpPreference -CloudBlockLevel ZeroTolerance
    
    Write-Host "Set cloud block timeout to 1 minute"
    Set-MpPreference -CloudExtendedTimeout 50
    
    Write-Host "Enable checking signatures before scanning"
    Set-MpPreference -CheckForSignaturesBeforeRunningScan 1
    
    ### Enabling Exploit Guard ASR rules and setting to block mode ###
    # https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
    
    Write-Host "Enabling Exploit Guard ASR rules and setting to block mode"
    
    Write-host "Block executable content from email client and webmail"
    Add-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled
    
    Write-host "Block Office applications from creating child processes"
    Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EfC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block Office applications from creating executable content"
    Add-MpPreference -AttackSurfaceReductionRules_Ids 3B576869-A4EC-4529-8536-B80A7769E899 -AttackSurfaceReductionRules_Actions Enabled
    
    Write-host "Block Office applications from injecting code into other processes"
    Add-MpPreference -AttackSurfaceReductionRules_Ids 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block JavaScript or VBScript from launching downloaded executable content"
    Add-MpPreference -AttackSurfaceReductionRules_Ids D3E037E1-3EB8-44C8-A917-57927947596D -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block execution of potentially obfuscated scripts"
    Add-MpPreference -AttackSurfaceReductionRules_Ids 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block Win32 API calls from Office macro"
    Add-MpPreference -AttackSurfaceReductionRules_Ids 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block executable files from running unless they meet a prevalence, age, or trusted list criteria"
    Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-cd74-433a-b99e-2ecdc07bfc25 -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Use advanced protection against ransomware"
    Add-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block credential stealing from the Windows local security authority subsystem (lsass.exe)"
    Add-MpPreference -AttackSurfaceReductionRules_Ids 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block process creations originating from PSExec and WMI commands"
    Add-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled
    
    Write-Host "Block untrusted and unsigned processes that run from USB"
    Add-MpPreference -AttackSurfaceReductionRules_Ids b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -AttackSurfaceReductionRules_Actions Enabled
}

Powershell-Script Download:
Anhang anzeigen Windows-Defender-Tweaks.zip
 
Oben Unten