ASR Rules – anno 2023

Introduction In my client management journey, Attack Surface Reduction (ASR) rules have become pivotal. These rules, central to Microsoft Defender, are designed to minimize the ‘opportunities’ for attackers to exploit our systems. Microsoft Defender for Endpoint further leverages these rules, providing enhanced alerting, reporting, and threat context, simplifying […]

Proactive Remediations – MS Defender

Microsoft Defender on each client is a high important tool as it both are an Antivirus tool – but also deliver info to Defender for Endpoint as a sensor. Microsoft developed Tamper Protection that should make sure evil software/process not should be able to disable Microsoft Defender. But […]

Use MDfE to hunt for PrintNightmare

We have the last week tried to patch endpoints for the PrintNightmare Vulnerability(CVE-2021-34527) – and Microsoft still have an open gab for this. But to follow the patching – here Microsoft Defender for Endpoint gets handy. Specially with the Advanced Hunting. Query to search for Windows 10 devices […]