Hardening

🗃️ Always display file type extension

By default, Windows hides standard file types. For example, SecureFile.exe will show as SecureFile in explorer or on your desktop, PersonalImage.png will show as PersonalImage, and so forth. If malware names itself PersonalImage.png.exe, what do you think will happen? Windows will only show you PersonalImage.png. But when you try to open this “image”, malware will start and run on your machine. Therefore, it would be best if you showed hidden file extensions to mitigate this potential problem.

See: https://support.microsoft.com/en-us/windows/common-file-name-extensions-in-windows-da4a4430-8e76-89c5-59f7-1cdbbc75cb01

🔒Enable Microsoft Defender Credential Guard

To check if Microsoft Defender Credential Guard is enabled run this Powershell command:

Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\\Microsoft\\Windows\\DeviceGuard

In the output, check for the SecurityServicesRunning property:

If the output contains 1, it means that Credential Guard is enabled and running.
If it's absent or the value is 0, Credential Guard is not enabled.

🎞️Enable Memory Integrity (HVCI)

To check if is enabled:

Win + R
Type msinfo32 and enter
In the System Summary section, scroll down to find Virtualization-based security
1. If HVCI is enabled, you’ll see the message "Hypervisor-Enforced Code Integrity enabled".
2. If HVCI is not active, this section may be blank or indicate that virtualization is not enabled.

Hardening

🗃️ Always display file type extension

🔒Enable Microsoft Defender Credential Guard

🎞️Enable Memory Integrity (HVCI)

👉🏻Direct Memory Access Protection Enabled