Windows 10 21H2 Adds Ransomware Protection to Security Features

Microsoft has released version 21H2, the final version of the Windows 10 security configuration baseline settings from the Microsoft Security Compliance Toolkit.

There are few new policy settings in this Windows 10 feature update, and one setting for limiting printer driver installation has been added (this was also added in the Windows 11 release). Additionally, all legacy settings for Microsoft Edge have been removed.

Protecting against ransomware

The centerpiece of the new Windows 10 security baseline is the addition of tamper protection as a setting to be enabled by default

When installing the Microsoft Security Baseline for Windows 10 21H2, administrators are prompted to install Defender for Endpoint tamper protection to protect against ransomware attacks.

We’ve also added a new feature to the Security Baseline for Windows 10 21H2 to encourage administrators to install Defender for Endpoint tamper protection to protect against ransomware attacks.

This feature blocks ransomware operators and malware from attempting to disable OS security features and security solutions to gain access to sensitive data and deploy further malware and malicious tools.

Tamper protection automatically locks Microsoft Defender Antivirus using default safe values, preventing attempts to change values using the registry, PowerShell cmdlets, or Group Policy.

After enabling this, the ransomware group will have a harder time enforcing the following items.

  • Disabling virus and threat protection
  • Disable real-time protection function
  • Stop motion monitoring
  • Disable antivirus (e.g. IOfficeAntivirus (IOAV))
  • Disable cloud-based protection
  • Remove security intelligence updates
  • Disable automatic actions for detected threats

PrintNightmare and Edge legacy features

The Windows 10 21H2 security baseline removed all Microsoft Edge Legacy settings after support for the EdgeHTML-based web browser ended in March.

Microsoft has also added a new setting to the MS Security Guide Custom Administrative Templates designed to restrict printer driver installation to users with Administrator privileges.

This new recommendation follows the release of a security update from July 2021 to address remote code execution flaw CVE-2021-34527 PrintNightmare affecting the Windows Print Spooler service.

The Windows Security Baseline provides Microsoft recommended security settings that reduce the attack surface of Windows systems and improve the overall security posture of enterprise endpoints.

Security baselines are Microsoft’s recommended configuration settings and their security implications

These settings are based on feedback from Microsoft’s security engineering team, product groups, partners, and customers.

The Windows 10 21H2 Security Baseline is now available for download from the Microsoft Security Compliance Toolkit and includes Group Policy Object (GPO) backups and reports, scripts required to apply settings to local GPOs, and Policy Analyzer rules. It includes backups and reports of Group Policy Objects (GPOs), scripts needed to apply settings to local GPOs, and Policy Analyzer rules.

For more information on the changes in the new Windows 10 21H2 security baseline, please refer to the Microsoft Security Baselines blog.

Leave a Reply

Your email address will not be published.