Security on Anything About IT

Testing Windows Defender MAPS Connectivity with PowerShell

Mon, 08 Jul 2019 22:33:36 +0000

Whenever I work with customers on Windows Defender or Microsoft Defender Advanced Threat Protection, one of the first things I usually review are the current Windows Defender settings. Having Windows Defender properly configured is key, because otherwise you might not be able to make use of all the capabilities Defender and Defender ATP provides. One of them is MAPS (Microsoft Active Protection Service) or also known as Windows Defender Antivirus cloud-delivered protection service. Quite often I notice that clients have no connection to MAPS, this can be validated by running the following command from an elevated command prompt:

Data Collection Tier in Azure Security Center

Sun, 25 Feb 2018 17:22:05 +0000

Within the Azure Security Center, Security Policy node, you can select a workspace and there define the data collection configuration for security events.

All Events
Common
Minimal
None

More details about the Azure Data Collection and the data collection tier can be found here. The page also has a list of all the Event IDs that are being collected within each tier.

To better understand the exact meaning of each Event ID, I’ve created the below lists containing the Event ID, Description, Event Provider and Event Level information.

MBSA 2.3 Preview Release Available

Sun, 08 Sep 2013 13:05:08 +0000

Based on a statement made by Microsoft in the August 2012 security bulletin, I wrote a short blog post back in November 2012 that there would be no MBSA version available for Windows 8. But it looks like plans have changed as Microsoft has now released a preview version of MBSA 2.3 that does provide support for Windows 8, Windows 8.1 as well as the new server editions.

MBSA 2.3 release adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 2000 will no longer be supported with this release. The final release of MBSA 2.3 is expected to be available in Fall 2013. Due to the remaining short product cycle, we will be unable to implement any design change requested for this release.

All security updates on a DVD

Mon, 20 Oct 2008 19:31:19 +0000

I do periodically browse through the Microsoft Download Center (Beta) to see if there is anything new that is of interest to me. Today i came across Article 913086 which describes an alternative way of obtaining all Microsoft Security patches for all Operating systems and languages.

The ISO image files are intended for corporate administrators who:

Manage large multinational organizations.
Must download multiple individual language versions of each security update.
Do not use an automated solution such as Microsoft Windows Server Update Services (WSUS).

ToolTip - chml.exe manage Windows Integrity Levels

Mon, 20 Oct 2008 19:02:34 +0000

To be honest i haven’t gone into the details of the Windows Integrity Levels myself but wanted to mention the chml.exe tool that can be downloaded from Mark Minasi’s web site.

More details about the Windows Vista Integrity Mechanism can be found here: