configuring-windows-defender-advanced-settings

Featured

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Configuring Windows Defender Advanced Settings ## When to Use Use this skill when: - Configuring Microsoft Defender for Endpoint (MDE) beyond default settings for enhanced protection - Implementing Attack Surface Reduction (ASR) rules to block common attack techniques - Enabling controlled folder access for ransomware protection - Configuring network protection and exploit protection features - Deploying Defender settings via Intune, SCCM, or Group Policy at enterprise scale **Do not use** this skill for third-party EDR deployment (CrowdStrike, SentinelOne) or for Microsoft Defender for Cloud (Azure workload protection). ## Prerequisites - Windows 10/11 Enterprise with Microsoft Defender Antivirus enabled - Microsoft 365 E5 or Microsoft Defender for Endpoint Plan 2 license (for full MDE features) - Microsoft Intune or SCCM for enterprise policy deployment - Microsoft 365 Defender portal access (security.microsoft.com) - Endpoints not running third-party AV in active mode (Defender enters passive mode) ## Workflow ### Step 1: Configure Attack Surface Reduction (ASR) Rules ASR rules block specific behaviors commonly used by malware and attackers: ```powershell # Enable ASR rules via PowerShell (or deploy via Intune/GPO) # Mode: 0=Disabled, 1=Block, 2=Audit, 6=Warn # Block executable content from email client and webmail Set-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 ` -AttackSurfaceReductionRules_Actions 1 # Block all Offic...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

securing-azure-with-microsoft-defender

This skill instructs security practitioners on deploying Microsoft Defender for Cloud as a cloud-native application protection platform for Azure, multi-cloud, and hybrid environments. It covers enabling Defender plans for servers, containers, storage, and databases, configuring security recommendations, managing Secure Score, and integrating with the unified Defender portal for centralized threat management.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-memory-protection-with-dep-aslr

Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.

12,642 Updated today
mukul975
AI & Automation Featured

detecting-fileless-attacks-on-endpoints

Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files to disk, evading traditional antivirus. Use when building detections for PowerShell-based attacks, reflective DLL injection, WMI persistence, and registry-resident malware. Activates for requests involving fileless malware detection, in-memory attacks, PowerShell exploitation, or living-off-the-land techniques.

12,642 Updated today
mukul975
DevOps & Infrastructure Featured

implementing-azure-defender-for-cloud

Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.

12,642 Updated today
mukul975
DevOps & Infrastructure Solid

azure-defender-for-cloud

Expert knowledge for Azure Defender For Cloud development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when securing VMs/servers, AKS/containers, SQL/Storage, CI/CD/DevOps, or multi‑cloud (AWS/GCP) with Defender for Cloud, and other Azure Defender For Cloud related development tasks. Not for Azure Defender For Iot (use azure-defender-for-iot), Azure DDos Protection (use azure-ddos-protection), Azure Firewall (use azure-firewall), Azure Security (use azure-security).

562 Updated today
MicrosoftDocs