At BRIGHT, we love to share our knowledge of helping business and technology leaders succeed in their digitalization, security, and analytics initiatives while making an impact. 

BRIGHT SecOps team is sharing some tips & tricks in favour of ones who want to implement Windows Defender.

During the implementation of Microsoft Intune at BRIGHT, we had to get intimately familiar with Windows Defender and its management instrumentation. Overall, we came out quite impressed with the capabilities of the Security stack.

This article, however, is not covering Intune.

While we looked at Windows Defender, the first thing that got our attention was that many settings were available via the cloud console but not via the endpoint Gui. While they could be managed via PowerShell cmdlet, it is a real pain to do so.

(References:  https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction and https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction)

The “attack surface reduction” rules make sense for anyone that has dealt with a malware-infested system. We went looking for a way for regular users to manage and experiment with them and came across this project – https://github.com/AndyFul/ConfigureDefender

You can grab the executable “ConfigureDefender” from the link above. Below, in the screenshots, is the recommended configuration we use in the office – you can apply it to your workstation.

That said, a HUGE disclaimer here – It might break your computer or network connectivity. Make sure you have a way out. A “system restore” point should suffice.