What's Changed
New Microsoft Defender Features
-
Configures the Brute-Force Protection to use cloud aggregation to block IP addresses that are over 99% likely malicious CSP
- This setting has a higher level protection level that will be added in a next version after more testing.
-
Configures the Brute-Force Protection to detect and block attempts to forcibly sign in and initiate sessions CSP
-
Sets the internal feature logic to determine blocking time for the Brute-Force Protections CSP
-
Configures the Remote Encryption Protection to use cloud intel and context, and block when confidence level is above 90% CSP
-
Configures the Remote Encryption Protection to detect and block attempts to replace local files with encrypted versions from another device CSP
-
Sets the internal feature logic to determine blocking time for the Remote Encryption Protection CSP
Other Changes
-
To leverage the new features, the minimum required OS version has been increased from
22621.2428to22621.3155. It was released on February 13 2024 and is a non-preview, stable build of Windows 11. -
Added new parameter
-OnlyDownloadsDefenseMeasuresto Unprotect-WindowsSecurity cmdlet which allows you to only remove the Downloads Defense Measures without changing anything else. -
Removed certain built-in executables such as SystemSettings.exe, ngen.exe, LSASS.exe, RuntimeBroker.exe and ngentask.exe from the Unprotect-WindowsSecurity cmdlet because they have pre-existing mitigations applied to them and the cmdlet shouldn't remove them.
PR: #210