Microsoft continues to bet on security on its Windows platform and its latest proposal is intended to help system administrators and that they determine if the configuration they have applied is the ideal one, taking as a reference those recommended by Microsoft.
This is possible thanks to the Microsoft Security Compliance Toolkit, a set of configuration options developed based on the contributions of both the company’s engineering teams but also by partners and customers.
Following the steps of Windows 11
It is a set of security options for Windows 10 21H2 created based on the work of the company’s engineers but also users and partners. With the name of Microsoft Security Compliance Toolkit (available at this link) it seeks to improve security on computers.
With these options system administrators can compare if the configuration they have applied is the same as the one recommended by Microsoft. These are a kind of bases that the administrator on duty can edit, adapt or save in GPO backup file format and then apply them through a domain controller.
Once the security settings are applied all inherited settings are removed and new configurations are incorporated to patch the PrintNightmare remote code execution vulnerability
In addition, in this set of tools the Edge Legacy configuration has also been eliminated in this new baseline, a printer driver installation restriction has been added and most importantly, protection against alterations is added as a configuration to enable, from default that serves to protect computers against human-operated ransomware attacks.
Disable protection against viruses and threats
Disable real-time protection
Disable behavior monitoring
Disable antivirus (such as IOfficeAntivirus (IOAV))
Disable protection provided by the cloud
Remove security intelligence updates
Disable automatic actions on detected threats
This last system thus reaches Windows 10 in the update launched in November after debuting in Windows 11. A system that allows to block attack attempts by different types of malware when they try to disable the security features of the operating system by attacking Microsoft Defender Antivirus to better access confidential data or to install more malicious software.
With this system any attempt to change these values is prevented resorting to the Windows Registry, PowerShell cmdlets or group policies and it becomes difficult for the malware of the moment to act at ease and disable real-time virus protection or security updates.
These settings are now available for download through the Microsoft Security Compliance Toolkit. A pack that includes security baselines through Group Policy Objects (GPO) reports and the scripts required to apply the settings to the local GPO.
Via | NeoWin