What's changed
-
Added Restore point scanning to the Microsoft Defender category
-
Script now disables performance mode of Microsoft Defender that applies only to the Dev drive.
-
Added a new feature that blocks malicious connection using network protection instead of showing warnings only
-
The Microsoft Security baselines category now shows an additional option for applying it with the Optional Overrides. Previously they had their own category and the options are still the same. Now you just have better management over them and you can either choose to apply Microsoft Security Baseline only or Microsoft Security Baseline + Optional Overrides.
- If you're using this script on Azure VMs, you definitely want to choose the option that applies both Microsoft Security Baseline AND Optional Overrides, otherwise you will lose your RDP connection due to the hardened measures. Thanks to @QueenSquishy for helping.
-
Fixed this issue with using the script on non-English system localizations
-
Minor code improvements and visual upgrades. If you want to see them make sure you use PowerShell core.