-
-
Notifications
You must be signed in to change notification settings - Fork 521
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'dev' into defender-toggle
- Loading branch information
Showing
13 changed files
with
56 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"yaml.customTags": [ | ||
"!run: mapping", | ||
"!registryKey: mapping", | ||
"!registryValue: mapping", | ||
"!appx: mapping", | ||
"!file: mapping", | ||
"!service: mapping", | ||
"!scheduledTask: mapping", | ||
"!taskKill: mapping", | ||
"!systemPackage: mapping", | ||
"!cmd: mapping", | ||
"!powerShell: mapping", | ||
"!writeStatus: mapping" | ||
], | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
src/playbook/Configuration/tweaks/performance/disable-fth.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
title: Disable Fault Tolerant Heap (FTH) | ||
description: FTH is a feature in Windows 7+ that applies mitigations (non-CPU related) to applications that repeatedly crash to prevent further crashes, but when the FTH is active for a certain application, there's a performance hit. | ||
privilege: TrustedInstaller | ||
actions: | ||
# https://devblogs.microsoft.com/oldnewthing/20120125-00/?p=8463 | ||
# Document listed as only affected in Windows 7, is also in 7+ | ||
# https://docs.microsoft.com/en-us/windows/win32/win7appqual/fault-tolerant-heap | ||
# https://www.3dcadworld.com/windows-7-fault-tolerant-heap-prevents-crashing/ | ||
|
||
- !registryValue: | ||
path: 'HKLM\SOFTWARE\Microsoft\FTH' | ||
value: 'Enabled' | ||
data: '0' | ||
type: REG_DWORD | ||
# Reset FTH entries | ||
- !run: {exe: 'rundll32.exe', args: 'fthsvc.dll,FthSysprepSpecialize'} |
56 changes: 0 additions & 56 deletions
56
...ion/1. General Configuration/Mitigations/Anti-Cheat Support/Data Execution Prevention.cmd
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 4 additions & 0 deletions
4
...3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Disable FTH.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Windows Registry Editor Version 5.00 | ||
|
||
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH] | ||
"Enabled"=dword:00000000 |
4 changes: 4 additions & 0 deletions
4
.../3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Enable FTH.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Windows Registry Editor Version 5.00 | ||
|
||
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH] | ||
"Enabled"=dword:00000001 |
Binary file added
BIN
+1.43 KB
...figuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Reset FTH entries.lnk
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file removed
BIN
-352 Bytes
...ion/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Disable Memory Integrity.reg
Binary file not shown.
Binary file removed
BIN
-356 Bytes
...tion/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Enable Memory Integrity.reg
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters