Antivirus / EDR

Enumeration

Get-MpComputerStatus

Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

$ExecutionContext.SessionState.LanguageMode

Find-LAPSDelegatedGroups

Checks the rights on each computer with LAPS enabled for any groups with read access and users with "All Extended Rights." Users with "All Extended Rights" can read LAPS passwords and may be less protected than users in delegated groups, so this is worth checking for.

Find-AdmPwdExtendedRights

Find computers that have LAPS enabled when passwords expire.

Get-LAPSComputers

netsh advfirewall show allprofiles

wmic /namespace:\\root\securitycenter2 path antivirusproduct

Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct

Firewall

Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False

Get-NetFirewallProfile | Format-Table Name, Enabled

Get-MpThreat

Get-NetFirewallRule | findstr "Rule-Name"

PreviousSpray NextImpacket

Last updated 10 months ago