Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
CVE-2023-21809

It's enough to update your AV signatures to a version higher than 1.379.200.0

#MDAV #MDE

As of 07.03.2023 (Release of signature 1.383.1159.0) tamper protection is no longer enforcing "Allow Scanning Network Files".

If you still want this to be enabled, make sure your Intune or GPO configuration has this value set.

#MDAV #MDE #M365D #TamperProtection

Easy script to update AV exclusions on #Exchange 2019 #MDAV #MDE

https://github.com/0x3e4/PowerShell/blob/master/Exchange/Get-Exchange2019AVExclusions.ps1

Related: https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464?WT.mc_id=AZ-MVP-5004810

Update on the #Exchange Server Antivirus Exclusions

Microsoft finally removed the recommendation to exclude PowerShell.exe and w3wp.exe and two others from the official documentation

#MDAV #MDE

https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464?WT.mc_id=AZ-MVP-5004810

100% pure cloud based management of #MDE devices is coming closer.

See the latest Microsoft blog "Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices"

#ASR #MDAV

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/push-asr-rules-with-security-settings-management-on-microsoft/ba-p/3635129?WT.mc_id=AZ-MVP-5004810

Just published a small update to my "The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions" post, adding information on the new tamper protection capabilties for custom exclusions.

#MDAV #MDE #Exclusions #tamperprotection

https://cloudbrothers.info/en/guide-to-defender-exclusions/

Version 1.1 of the Microsoft LNK recovery script with added support to restore from the Volume Shadow Copy Service released

#ASRmagedon #MDE #MDAV

https://github.com/microsoft/MDE-PowerBI-Templates/blob/master/ASR_scripts/AddShortcuts.ps1

My blog post from July last year became more relevant since last Friday then I had hoped.

But now is a good time to think about using the gradual rollout process for Microsoft Defender updates.

#M365D #MDAV #MDE #ASRmagedon

https://cloudbrothers.info/en/gradual-rollout-process-microsoft-defender/

🤩 When you use #Intune to manage your clients, tamper protection now also prevents changes to local admin merge of exclusion, which results in tamper protected exclusions 🛡️

‼️#MDAV version 4.18.2111+ is required.

#MDE #Security

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/introducing-tamper-protection-for-exclusions/ba-p/3713761?WT.mc_id=AZ-MVP-5004810

🛡️ The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions

In this comprehensive guide I explain all available Defender for Endpoint exclusions, how they interact and which ones to use and which to avoid.

If you haven't already check it out, now is a great time.

#MDE #MDAV #Exclusion #Defender #DefenderForEndpoint #Security #AV

https://cloudbrothers.info/en/guide-to-defender-exclusions/

Did you like my blog post on #MDE exclusions?

So did Microsoft and they worked with me to update their official docs article on the topic.

Go check it out, I think it's really great.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?WT.mc_id=AZ-MVP-5004810

And if you haven't yet read my blog, you still should 😁

#MDE #Security #MDAV #Exclusion

https://cloudbrothers.info/guide-to-defender-exclusions/