Windows 10 21H2 is more secure against malware: follow the steps of Windows 11 thanks to the Microsoft Security Compliance Toolkit
Table of contents:
Microsoft continues to bet on security on its Windows platform and its latest proposal is aimed at helping system administrators and that these determine if the configuration they have applied is the ideal one, taking as a reference those recommended by Microsoft.
This is made possible by the Microsoft Security Compliance Toolkit, a set of configuration options developed based on input from both the security engineering of the company but also by partners and customers.
Following the steps of Windows 11
This is a set of security options for Windows 10 21H2 created based on the work of the company's engineers but also of users and partners. Under the name of Microsoft Security Compliance Toolkit (available at this link) it seeks to improve security on computers.
With these options system administrators can compare if the settings they have applied are the same as those recommended by Microsoft These are a kind of databases that the administrator on duty can edit, adapt or save in GPO backup file format to later apply them through a domain controller.
After security settings are applied all inherited settings are removed and new settings are added to patch the remote execution vulnerability of code PrintNightmare
Also in this toolkit Edge Legacy configuration has also been removed in this new baseline, a printer driver installation restriction has been added and most importantly, protection against alterations as a setting to be enabled, by default which serves to protect computers against human-operated ransomware attacks
- Disable protection against viruses and threats
- Disable real-time protection
- Turn off behavior monitoring
- Disable antivirus (such as IOfficeAntivirus (IOAV))
- Disable protection provided by the cloud
- Remove Security Intelligence Updates
- Disable automatic actions on detected threats
This last system thus reaches Windows 10 in the update released in November after debuting in Windows 11. A system that allows you to block attack attempts by different types of malwarewhen they try to disable security features of the operating system by attacking Microsoft Defender Antivirus to better access sensitive data or to install more malware.
With this system any attempts to change these values are prevented by using the Windows Registry, PowerShell cmdlets, or command directives group and it is difficult for the malware in question to act freely and disable antivirus protection in real time or security updates.
These configurations are now available for download through the Microsoft Security Compliance Toolkit. A pack that includes security baselines through Group Policy Object (GPO) reporting and the scripts needed to apply settings to the local GPO.
Via | NeoWin