Global Configuration Presets
Selecting "Force ALL Security Features ON/OFF" will adjust the individual toggles below and prepare a script to enforce that state.
Selecting "Restore Windows Defaults" will prepare a special script to remove previous policy enforcements, returning control to Windows default behavior.
Loading security features...
Windows Defender & Antivirus
Windows Defender: Real-Time Protection
Continuously monitors files and processes for malicious activity. Disabling this significantly lowers your security posture.
Windows Defender: Cloud-Delivered Protection
Sends suspicious samples to Microsoft's cloud for real-time analysis and blocking of new threats.
Windows Defender: PUA Protection
Detects and blocks Potentially Unwanted Applications (PUAs) like adware and bloatware.
Windows Defender: Tamper Protection
Prevents unauthorized changes to Microsoft Defender security settings and its essential files/processes.
Windows Defender: Automatic Sample Submission
Controls whether suspicious files are automatically sent to Microsoft for analysis. Disabling this reduces cloud-based threat intelligence.
Windows Defender: Cloud Block At First Seen
Blocks suspicious files immediately upon first encounter based on cloud analysis, before full definition updates.
Windows Defender: MAPS Reporting
Controls participation in Microsoft Active Protection Service (MAPS) for cloud-based threat intelligence.
Windows Defender: Automatic Sample Submission (Consent Level)
Controls the level of consent for sending suspicious samples to Microsoft. This is managed via PowerShell cmdlet.
Windows Defender: Scan downloaded files and attachments
Controls whether Microsoft Defender Antivirus scans files and attachments that have been downloaded.
App & Browser Control (SmartScreen)
SmartScreen: For Apps & Files
Protects against untrusted or malicious executables downloaded from the internet and launched outside a browser.
SmartScreen: For Microsoft Edge
Provides phishing and malware protection within the Microsoft Edge browser.
SmartScreen: Phishing Protection (Network Protection)
Protects against phishing sites and malicious downloads at the network level, part of Exploit Guard.
SmartScreen: Warn about password reuse (Edge)
Warns users if they are reusing passwords detected in a data breach within Microsoft Edge.
SmartScreen: Warn about unsafe password storage (Edge)
Warns users if they are storing passwords in an insecure manner in Microsoft Edge.
SmartScreen: For Microsoft Store apps
Protects against malicious apps downloaded from the Microsoft Store or other sources.
File & Download Security
Attachment Manager: Do not preserve zone information (Disables Mark-of-the-Web)
Prevents Windows from adding the 'Mark-of-the-Web' to files downloaded from the Internet zone, reducing triggers for security checks on these files.
Device Security & Core Isolation
User Account Control (UAC)
Requires explicit consent for administrative actions, preventing unauthorized system changes.
Virtualization-Based Security (VBS)
Uses hardware virtualization to isolate critical system components and secrets (e.g., LSA credentials, kernel).
HVCI (Memory Integrity)
Verifies all kernel-mode drivers and system files before they are loaded, ensuring they are properly signed and untampered.
Credential Guard
Isolates LSA secrets (passwords, hashes) in a virtualized environment, protecting against theft.
LSA Protection (RunAsPPL)
Protects the Local Security Authority process (lsass.exe) from being injected into or tampered with.
Microsoft Vulnerable Driver Blocklist
Prevents known insecure drivers from loading, which could otherwise be exploited for kernel-level compromise.