-
Notifications
You must be signed in to change notification settings - Fork 0
/
ACSC Windows Hardening Guidelines-Attack Surface Reduction.json
142 lines (142 loc) · 9.65 KB
/
ACSC Windows Hardening Guidelines-Attack Surface Reduction.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
{
"displayName": "ACSC Windows Hardening Guidelines-Attack Surface Reduction",
"description": "",
"roleScopeTagIds": [
"0"
],
"TemplateDisplayName": "Attack surface reduction rules",
"TemplateId": "0e237410-1367-4844-bd7f-15fb0f08943b",
"versionInfo": "2009",
"settingsDelta": [
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "301c7eff-0c5d-474d-bf78-84a70cda1a8d",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderBlockPersistenceThroughWmiType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "6aeb1768-6c8f-45b8-a17b-754b795c2bad",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderPreventCredentialStealingType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "dedb0479-7f97-4eb4-b8da-f8865e2fb003",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdobeReaderLaunchChildProcess",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "382f2b7e-4a53-44bb-9f7d-a51cfd56a81e",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsOtherProcessInjectionType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "80bf282a-0ae4-43cf-845e-9490ab2f33fb",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsExecutableContentCreationOrLaunchType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "006fb2ee-6b61-430b-9558-7d6b1c6b08db",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsLaunchChildProcessType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "7de295d1-54c7-4196-80a1-929c1e519d39",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeMacroCodeAllowWin32ImportsType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "54b48835-2641-4445-b667-a1469c431415",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeCommunicationAppsLaunchChildProcess",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "647f30db-8485-4635-bf86-daeabeca74f3",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderScriptObfuscatedMacroCodeType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "606bbbfc-cba4-4388-9a46-79f6c60e7e2b",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderScriptDownloadedPayloadExecutionType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "8d0e7c72-9326-4ef5-847f-ad9b73351abf",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderProcessCreationType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "bf961b3c-6902-4dd1-9600-8b9e24194cf7",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderUntrustedUSBProcessType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "2e0ba4a7-c990-4965-b473-9cd9f2bc3b68",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderUntrustedExecutableType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "c740557b-3661-4db3-97c2-be337257abcf",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderEmailContentExecutionType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "0de20ab1-f497-452c-b5c9-2ec0a1c6626d",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdvancedRansomewareProtectionType",
"valueJson": "\"auditMode\"",
"value": "auditMode"
},
{
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"id": "efce9d50-22f7-4dc2-945f-197bdef148e2",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderGuardMyFoldersType",
"valueJson": "null",
"value": null
},
{
"@odata.type": "#microsoft.graph.deviceManagementCollectionSettingInstance",
"id": "53353faf-d097-45ab-8eeb-44a97861b482",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdditionalGuardedFolders",
"valueJson": "null"
},
{
"@odata.type": "#microsoft.graph.deviceManagementCollectionSettingInstance",
"id": "7f0c879d-582b-4680-b1f9-7f21b0b10b97",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderGuardedFoldersAllowedAppPaths",
"valueJson": "null"
},
{
"@odata.type": "#microsoft.graph.deviceManagementCollectionSettingInstance",
"id": "786439bc-88c4-4ad4-86d6-a0e62845b645",
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAttackSurfaceReductionExcludedPaths",
"valueJson": "null"
}
]
}