Antivirus / EDR
Enumeration
Get-MpComputerStatusGet-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections$ExecutionContext.SessionState.LanguageModeFind-LAPSDelegatedGroupsChecks the rights on each computer with LAPS enabled for any groups with read access and users with "All Extended Rights." Users with "All Extended Rights" can read LAPS passwords and may be less protected than users in delegated groups, so this is worth checking for.
Find-AdmPwdExtendedRightsFind computers that have LAPS enabled when passwords expire.
Get-LAPSComputersnetsh advfirewall show allprofileswmic /namespace:\\root\securitycenter2 path antivirusproductGet-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProductFirewall
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled FalseGet-NetFirewallProfile | Format-Table Name, EnabledGet-MpThreatGet-NetFirewallRule | findstr "Rule-Name"Last updated