Windows security | Microsoft Community Hub

Forum Widgets

Latest Discussions

Hardening Windows 10 on an IT Pro's laptop
Hi I have just bought a new Windows 10 Pro laptop for work as a freelance IT Consultant and I figured this would be good time adopt some of the latest best practices, pertinent to securing my machine. Given, this machine is also for personal use, so I am looking to balance convenience against security and privacy in the event of loss or theft. I have found some extensive posts on the subject including the one shown below: https://www.infoworld.com/article/3121994/security/lockdown-harden-windows-10-for-maximum-security.html I would however, like to hear any comments anyone has: from bitlocker and beyond....
Solved
Daniel Westerdale
Iron Contributor
Apr 08, 2018
security best practices
Window 10
153KViews
1like
32Comments
Get an app to open this 'windowsdefender' link
So i have just updated my pc from windows 10 to 11 and saw that the little windows security icon in the bottom right corner showed some recommendations. I tried opening up windows security but it wouldnt. So i navigated to it through the settings menu and then it told me this "Get an app to open this 'windowsdefender' link". I have tried nearly every guide on youtube but nothing has worked as of yet. i should also mention that i cant find the windows security app under the apps section in settings
Lasse_Hvilsted
Copper Contributor
Feb 20, 2023
33KViews
1like
27Comments
Limit Windows Defender CPU Usage
I have the problem that our Clients use too much CPU during a FullScan. Actually, the usage is limited to 20%, but the setting seems to have no effect. Whether I set it via Configuration Manager or GPO, the result is the same. Does anyone have a similar problem or even better... a solution?
philippwree
Copper Contributor
Jul 09, 2020
106KViews
1like
19Comments
Multiple devices unable to connect to Windows Update
I have now seen 8 devices that are unable to connect and download Windows Updates. They vary between Windows 10 and Windows 11 and all started in the past month. When trying to run updates I am given the error in the image attached. I have tried the following to solve the issue but have not had any luck. Restarted the Windows Update service from Services Run the Windows Update Troubleshooter Changed the DNS servers Delete the SolftwareDistribution folder (after using net stop wuauserv, cryptSvc, bits, msiserver, deleting SoftwareDistribution, then net start wuauserv, cryptSvc, bits, and msiserver) Run SFC Run DISM Uninstalled the three updates that were available to uninstall (thinking something in one of them failed and caused this) Reset Windows components (https://www.tenforums.com/tutorials/24742-reset-windows-update-windows-10-a.html) Disabled Proxy in Network and Internet Run Windows Store Reset (WSRESET.exe) None of the following has helped. Does anyone have any other ideas other than reimaging the device?
brianstoiber_lpi
Copper Contributor
Oct 03, 2023
updates
2.1KViews
0likes
18Comments
Disabling Windows Defender Security Center in Enterprise (1703)
Question around the Windows Defender Security Center in Enterprise (1703) We have Symantec Endpoint Protection (14 MP1) in our environment, and after upgrading to 1703 it seems the Security Center is starting and enabled (appears in system tray). I created a registry DWORD via GPO preferences to prevent it from starting up, and have also Disabled Defender via GPO. This seems to work nicely. We all know, that having multiple malware/anti-virus solutions running simultaneously is not a good thing. I would like to know what the implications of disabling Defender are, and also if my approach is best practice?
Solved
Dan Van Drunen
Brass Contributor
Jun 21, 2017
25KViews
3likes
17Comments
Welcome to the Windows 10 security AMA!
We will spend this hour discussing Windows 10 security technologies, best practices, tips, and tricks with the Windows product and engineering teams. To submit a question, click "Start a new conversation" in the Windows 10 security space--and do this for each new question. This will enable us to easily identify and answer your questions. If you are looking for help with a specific issue, please visit the Windows IT Pro forums on TechNet. After the event, we will make a summary of the AMA and post it to the group. To get started, please introduce yourself as a reply below!
Heather_Poulsen
Community Manager
Jun 21, 2017
17KViews
4likes
17Comments
Reset My Computer And Lost Access to Windows
So i recently pulled my old computer out of storage. It hadn't been used since 2017. I decided to do a hard reset, and fully wipe the thing to be able to get a fresh start now that i'm older. (And it ran really slow) I did have issues, I ran into the 'Insert Media' thing, and had to install windows to my usb to fix the problem. I was able to fix it and reset the computer properly. Now comes the newest problem. Now it's telling me I need to activate Windows. I don't have a product key anymore apparently and i'm not sure what to do. I signed in to microsoft using the same email that i originally used, and windows was working this morning before the reset. It has 8.1 installed on it currently. I could really use some help, as I can't really afford to buy a new product key right now. (And I don't really think I should have to?)
KryptRaven
Copper Contributor
Sep 15, 2023
activate windows
KEY
product key
1.8KViews
0likes
16Comments
Exploit Guard - Network Protection
We've begun pushing the Windows 10 Fall Creator's Update in our business environment. We have configured many of the new security features through GPO including Exploit Guard - Attack Surface Reduction Rules and Exploit Guard - Network Protection. When we were originally testing and evaluating 1709 (a few months ago) the Network Protection feature worked as expected, and Windows would notify us if a site was blocked due to the setting being enabled. For example, the https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protectionpage recommends that we visit: https://smartscreentestratings2.net/ That should trigger the Network Protection notification in Windows and prevent us from getting to the page, however; that does not seem to work anymore. The page renders without issue, and I never receive a notification that it was blocked. This is making me question whether or not the feature is working at all anymore. A few things that I've checked: The GPO setting "Prevent Users and Apps from Accessing Dangerous Websites" is set to enabled for all computers. Ran an RSOP on multiple computers to ensure that settings is being properly applied. It is. In PowerShell, ran Get-MpPreference to make sure that EnableNetworkProtection has a value = 1. It does. Anyone else having the same experience or any idea why the MS test site doesn't evaluate correctly anymore?
Riley Hale
Brass Contributor
Feb 20, 2018
9KViews
2likes
16Comments
Hardening Windows 10
I am locking down my new laptop, which is something I haven't had to do in quite a few years (since Vista). In versions past (e.g., Win2k, XP, Vista), one of the hardening steps I employed (that was nearly always prescribed) was to protect special binaries (e.g., regedt32.exe, ftp.exe, mmc.exe, cscript.exe, and many other system32 command-line utilities) by removing LocalSystem and Administrators from the ACL and adding Read and Execute permissions to a special group (e.g., Sys32Admins). From my install doc (paraphrased from a source no longer known): "Protecting Special Binaries Many exploits leverage the fact that the LocalSystem account and Local Administrators group have access to basic system utilities. To help reduce the likelihood of a successful exploit, you should create a separate admin group, say Sys32Admins. Then place the users that you want to use the tools in that group. Change the ACLs on the following tools to remove LocalSystem and the Administrators group, and give Sys32Admins ownership and the ability to Read and Execute. Do this for the following command-line utilities: . . ." In searching for hardening docs for Windows 10, all of my past resources no longer existed or did not have a Win 10 doc. None of the resources I read (> 150, so far) prescribed this locking of special files. Is this somehow now redundant? I.e., with UAC (or other), are these files inherently protected? I log in as a standard user and I still can run regedt32 (w/ changes), ping, tracert, ftp, and a lot of other commands that used to be considered sensitive/hazardous. I assume that if a rogue process in Win 10 were to run these, there would be no required permission elevation to do so. Granted, I like to lock my systems down to a once-called "paranoid" level (ref: Linux); so this is mostly for my edification. However, I still would like to know if there is any longer a need to lock these or, more importantly, would there be adverse affects to the OS by doing so. In the past, for Win2k, XP, and Vista, I never had any issues with doing so. Since the advent of Win7/8/10, I haven't tried it. Thank you in advance for your response. I am running Windows 10 Home Version 1903 (OS Build 18362.267)
Solved
Ivan_Ho
Copper Contributor
Aug 01, 2019
9KViews
0likes
13Comments
Risk of system getting hacked through the internet or Wi-fi?
Dear everyone I am not a high profile person or anything like that. I just dislike the idea, that someone with bad intentions could access my personal files, documents, photos etc. (personal diary, baby pictures of my children etc.) I am not worried about anyone getting a look at my internet traffic / man-in-the-middle attack etc. I am only concerned about, that someone with bad intentions being able to access my personal files. I assume, that it is not impossible to “hack” my system and get access to my files, but “how hard” would it be for someone commited to the task? Is the only way to access my files, if they planted malware on my system? Or if they accessed screen share? My questions concerns both: If the person accessed / hacked my wi-fi / home network Or Only through the internet Settings: Microsoft Windows 10 Home Windows login password protected Windows Defender firewall No file or folder sharing enabled Network discovery is turned off File and printer sharing is turned off AVG registers threats in real-time All software drivers etc. fully updated Wi-fi is password protected Network / Wi-fi profile: Private Router security WPA2-Personal I become uneasy, when I read posts like this, which makes it sound “easy”: https://www.quora.com/Can-a-hacker-control-my-computer-through-Wi-Fi-connection-only/answer/Aaron-Shbeeb https://www.quora.com/How-do-I-hack-a-computer-on-same-network/answer/Har**bleep**-Dangwal Please let me know, if I shall add more info concerning the above. Thanks in advance for replying Best regards
Ysera_Dreamer
Brass Contributor
Mar 31, 2021
5.7KViews
1like
13Comments

Resources

Tags

security10 Topics
windows 109 Topics
BitLocker9 Topics
Windows Defender6 Topics
defender6 Topics
wdac6 Topics
edge4 Topics
Intune4 Topics
Windows Security4 Topics
Application Guard3 Topics