![]() New-CIPolicy -FilePath $CIPolicyfileXMLSupplemental -Rules $rules -UserPEs $rules = New-CIPolicyRule -FilePathRule "\\server1\installation\*" $rules = New-CIPolicyRule -FilePathRule "C:\Program files (x86)\*" $rules = New-CIPolicyRule -FilePathRule "C:\Program files\*" $CIPolicyfileXMLSupplemental = "C:\temp\Supplemental.xml" #Now create a supplemental policy with file path rules We will now merge the baselines from the two models (or more) and create one single baseline policy. Merge the baselines into one general baseline It will then also white list all executables that the 7-Zip installer puts on your system. Note: Enabling the Intelligent Security Graph option will white list the installer for 7-Zip for instance. Repeat the above process for at least two models, but preferably for each model you have in your environment (or at least the top five mot used models). Set-HVCIOptions -Enabled -FilePath $CIPolicyfileXML #Now activating Hardware Virtualized Code Integrity (HVCI) and set it to enabled Set-RuleOption -FilePath $CIPolicyfileXML -Option 17 #Set this policy to allow supplemental policies, otherwise we can't supplement this basepolicy Set-RuleOption -FilePath $CIPolicyfileXML -Option 16 #Set the following option to make sure the policy can be applied without reboot Set-RuleOption -FilePath $CIPolicyfileXML -Option 14 #Automatically trust what Microsoft has deemed trustworthy using the Intelligent Security Graph We will start with auditing, and eventually in the end of this guide switch to enforced mode. Let’s start with creating a baseline policy from two different machines, which will later be merged to one baseline policy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |