Additional Control of Defender Features
complete
A
Alex Payne
It would be great if Huntress looks to add control for the following items:
-tamper protection
-controlled folder access
-join Microsoft MAPS > Advanced MAPS (GPO or local)
-Block at first sight (GPO or local)
-Configure extended cloud check > 20 seconds (GPO or local)
-Cloud protection level > High+ blocking level (GPO or local)
T
Taylor Bryant
complete
This feature is now available and requires the Huntress Agent version 0.13.52 or greater.
Added additional Windows Defender settings that can be managed through Huntress.
- Cloud-Delivered Protection
- Automatic Sample Submission
- SmartScreen for Apps and Files
- SmartScreen for Microsoft Store
- Potentially Unwanted App (PUA) Blocking
Added the ability to view endpoint Windows Tamper Protection status on the agent detail page.
- This setting can only be managed by Windows so within Huntress it is view-only.
A
Andy P.
Taylor Bryant: Please add Tamper Protection Status to the MAV table view, MAV Dashboard and CSV export. When managing devices at scale it would make it easier to see which devices have Tamper Protection disabled with the above suggested features added.
B
Burton'la Barton'la
We want to see the ability to see and control policy around App and Browser Control as well as Device Security.
T
Taylor Bryant
in progress
We're working on getting a sub-set of these settings managed through Huntress! It's planned to include the following settings:
- Cloud-delivered protection
- Automatic sample submission
- Smartscreen for apps/files and Microsoft Store
- Potentially Unwanted App (PUA) blocking
- Tamper Protection (VIEW ONLY as it is locked down by Microsoft)
ASR rules and CFA can be upvoted here separately: https://feedback.huntress.com/feature-requests/p/control-attack-surface-reduction-asr-rules
T
Taylor Bryant
Merged in a post:
Windows Defender configuration settings
M
Mark Leinhos
Since Huntress can configure scans and exclusions and such, it would be very beneficial if it went the extra mile to allow more granular configuration of Windows Defender. There is an open source tool at https://github.com/AndyFul/ConfigureDefender that does an EXCELLENT job of improving Defender's ability to block threats. If similar functionality were built into Huntress it would save a lot of scripting.
T
Taylor Bryant
Merged in a post:
Implement DoD STIG for Defender
D
Dustin Collett
Windows Defender Antivirus Security Technical Implementation Guide: https://www.stigviewer.com/stig/windows_defender_antivirus/
Implementation of these in the policy back end would be great. Defender is awesome and with the surface level settings it's leaving a lot on the table.
T
Taylor Bryant
Merged in a post:
Manage Windows Defender Advanced Settings
A
Andy Porter
I'd like to see Huntress Managed Anti Virus policy allow us to manage Windows Defender Advanced features please including:
Core Isolation
Exploit Protection
Protected Folders
Ransomware Protection
Reputation based protection
This would allow us via Huntress policy to ensure all out endpoints are configured to the same standard settings, rather than currently having to configure each of these per endpoint before enforcing Huntress policy. In its currently form this makes it difficult to manage the above settings at scale.
Thanks
Andy
Mason Schmitt
We left RocketCyber to come over to Huntress. One of the features that we miss is the ability to configure
ALL
Defender settings. I've upvoted a separate feature request for Defender ASR management. I'm upvoting this one to hopefully cover the rest of the Defender feature set :)L
Lee Gribbin
Dave, thanks for the feed back we are currently testing a few systems with the above turned on with the following script I will advise when we get some feedback since this does add some performance hit.
###below script is currently only for use in testing environments and should be reviewed before use in any production environment###
Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent AlwaysPrompt
Set-MpPreference -DisableBlockAtFirstSeen $False
Set-MpPreference -CloudExtendedTimeout 20
Set-MpPreference -PUAProtection 1
reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\MpEngine" /v MpCloudBlockLevel /t REG_DWORD /d 4 /f
Dave Kleinatland
Dave from the R&D team here. Good news! We're currently shaping some of the next things for MAV and a chunk of it encircles these extended settings around Defender. We'll likely hit some quick wins first and iterate the more complex ones. Stay tuned! :)
R
Rick Kosick
Agreed. Most of the value of Huntress to us is the Defender integration so hoping for more in that area.
Load More
→