/images/avatar.png

Work and live with IT

Create persistent Defender AV exclusions and circumvent Defender for Endpoint detection

A user with administrative permissions is able to create Defender AV exclusions without using the Add-MPPrefence cmdlet. Because of the way the exclusion is created, most public guidelines and hunting queries on detecting this kind of change won’t detect it. Even more troubling is the fact that Microsoft Defender for Endpoint will not log any of those changes made. Therefore it’s not easy to detect and could go undetected for security personnel which relies on those queries and products.

Use Pulse Secure on Windows 11

Officially Pulse Secure does not yet support Windows 11, but that doesn’t mean it won’t work. However, it is not as easy as expected. The connection keeps getting disconnected after a few seconds. The manual solution which is described in the forum was a bit too “manual” for me. Open the settings of the “Juniper Networks Virtual Adapter” Enable the “Juniper Network Service” network binding Since the virtual network card is automatically removed if the connection is not successful and then loses the setting, I have automated the steps via PowerShell.

Journey To Passwordless: Microsoft Authenticator App

So far, we have only used FIDO2 security keys and Windows Hello for Business for sign-in. Unfortunately, there is still a gap in order to get along completely without a password. Microsoft does not currently support FIDO2 sign-in on Android or iOS, so a password would be required for sign-in on the smartphone. But there is a solution for this as well.

Journey To Passwordless: PowerShell administration without a password

By now, the admin can sign-in to a Windows 10 computer without a password and, as long as a supported browser is used, to the web portals. Even a 100% passwordless Intune deployment has been possible with a few tricks. But how does this setup perform in everyday life. And by everyday life, in this case I don’t mean using the countless portals