The final version of Microsoft’s security configuration baseline settings for Windows 11 is now available for download via the Microsoft Security Compliance Toolkit.
Microsoft security consultant Rick Munck said “Two new settings have been added for this release (which were also added to the Windows Server 2022 release), a new Microsoft Defender Antivirus setting, and a custom setting for printer driver installation restrictions,”
Default Ransomware Protection
When enabling the Microsoft Security Baseline for Windows 11, administrators should make sure that the tamper protection feature in Microsoft Defender for Endpoints is turned on, as it adds extra protection against human-operated ransomware attacks.
It accomplishes this by thwarting malware or threat actors’ attempts to disable security solutions and OS security features that allows them to gain easy access to sensitive data and deploy malware or malicious tools.
Tamper protection configures Microsoft Defender Antivirus to use secure default values and prevents tampering through the registry, PowerShell cmdlets, or group policies.
While tamper protection is enabled, ransomware operators will face a considerably more difficult task when attempting to:
• Disable virus and threat protection
• Disable real-time protection
• Turnoff behavior monitoring
• Disable antivirus (such as IOfficeAntivirus (IOAV))
• Disable cloud-delivered protection
• Remove security intelligence updates