Permalink
Browse files

Adding WDEG low security script. Moving errant file.

  • Loading branch information...
cryps1s committed May 17, 2018
1 parent 4b1b3b5 commit 4f06a3f12591d84e7f56db3d4e2fbed8a5484468
View
@@ -103,6 +103,7 @@
"./configuration/configuration-scripts/Set-PowerSettings.ps1",
"./configuration/configuration-scripts/Set-LowSecurityWindowsDefenderAntiVirusSettings.ps1",
"./configuration/configuration-scripts/Set-LowSecurityWindowsDefenderSmartScreenSettings.ps1",
"./configuration/configuration-scripts/Set-LowSecurityWindowsDefenderExploitGuardSettings.ps1",
"./configuration/configuration-scripts/Set-WindowsTelemetrySettings.ps1",
"./configuration/configuration-scripts/Remove-PreInstalledApps.ps1",
"./configuration/configuration-scripts/Install-Chocolatey.ps1",
@@ -0,0 +1,140 @@
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
<SystemConfig>
<DEP Enable="true" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="true" HighEntropy="true" />
<ControlFlowGuard Enable="true" SuppressExports="false" />
<SEHOP Enable="true" TelemetryOnly="false" />
<Heap TerminateOnError="true" />
</SystemConfig>
<AppConfig Executable="clview.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="cnfnot32.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="excel.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="excelcnv.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="ExtExport.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="graph.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="ie4uinit.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="ieinstal.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="ielowutil.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="ieUnatt.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="iexplore.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="lync.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="MiracastView.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="msaccess.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="mscorsvw.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="msfeedssync.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="mshta.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="msohtmed.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="msosrec.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="msosync.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="msoxmled.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="mspub.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="msqry32.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="ngen.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="ngentask.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="onenote.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="onenotem.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="orgchart.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="osfinstaller.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="outlook.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="powerpnt.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="PresentationHost.exe">
<DEP Enable="true" EmulateAtlThunks="false" />
<ASLR ForceRelocateImages="true" RequireInfo="false" BottomUp="true" HighEntropy="true" />
<SEHOP Enable="true" TelemetryOnly="false" />
<Heap TerminateOnError="true" />
</AppConfig>
<AppConfig Executable="PrintDialog.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="runtimebroker.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="scanost.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="scanpst.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="selfcert.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="setlang.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="svchost.exe">
<DynamicCode Audit="true" />
<SignedBinaries Audit="true" AuditStoreSigned="false" />
</AppConfig>
<AppConfig Executable="SystemSettings.exe">
<ExtensionPoints DisableExtensionPoints="true" />
</AppConfig>
<AppConfig Executable="winword.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
<AppConfig Executable="wordconv.exe">
<ASLR ForceRelocateImages="true" RequireInfo="false" />
</AppConfig>
</MitigationPolicy>
@@ -15,7 +15,7 @@
Set-StrictMode -Version Latest
$GitBinary = "$Env:SystemDrive\Program Files\Git\cmd\git.exe"
$ToolsFolder = "$Env:SystemDrive\Users\surgeon\tools"
$ToolsFolder = "$Env:SystemDrive\Users\darksurgeon\tools"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Try
@@ -0,0 +1,35 @@
<#
.SYNOPSIS
Configures Windows Defender Exploit Guard (WDEG) settings.
.DESCRIPTION
Author: Dane Stuckey (@cryps1s)
License: MIT
Configures Windows Defender Exploit Guard (WDEG) Settings.
.NOTES
#>
Try
{
# Copy the Exploit Guard Configuration File Locally
$ConfigFileLocation = "$Env:SystemRoot\System32\Exploit_Guard.xml"
Copy-Item -Path "$Env:SystemDrive\packer\Windows_Defender_Exploit_Guard_Low_Security_Settings.xml" -Destination $ConfigFileLocation -Force
$RegistryKeyPath = "HKLM:\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection"
If (-not(Test-Path -Path $RegistryKeyPath))
{
New-Item -Path $RegistryKeyPath -ItemType Directory -Force | Out-Null
}
# Add registry value
New-ItemProperty -Path $RegistryKeyPath -Name "ExploitProtectionSettings" -PropertyType String -Value "$ConfigFileLocation" -Force | Out-Null
}
Catch
{
Write-Error "Could not implement Windows Defender Exploit Guard configuration settings. Exiting."
Write-Host $_.Exception | format-list -force;
Exit 1
}

This file was deleted.

Oops, something went wrong.

0 comments on commit 4f06a3f

Please sign in to comment.