Windows 10 21H2 adds ransomware protection to security baseline

Windows 10 21H2 adds ransomware protection to security baseline

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2, available today from the Microsoft Security Compliance Toolkit.

“This Windows 10 feature update brings very few new policy settings,” Microsoft security consultant Rick Munck said.

“One setting has been added for this release for printer driver installation restrictions (which was also added to the Windows 11 release). Additionally, all Microsoft Edge Legacy settings have been removed,”

Protection from human-operated ransomware

However, the highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this was also made a default setting in the Windows 11 security baseline two months ago).

When toggling on the Microsoft Security Baseline for Windows 10 21H2, Redmond urges admins to toggle on Defender for Endpoint’s tamper protection feature to protect against human-operated ransomware attacks.

This feature does that by blocking attempts by ransomware operators or malware to disable OS security features and security solutions to gain easier access to sensitive data and deploy further malware or malicious tools.

Tamper protection automatically locks Microsoft Defender Antivirus using the default secure values, thwarting attempts to change them using the registry, PowerShell cmdlets, or group policies.

After enabling it, ransomware operators would have a considerably more challenging task when trying to:

  • Disable virus and threat protection
  • Disable real-time protection
  • Turnoff behavior monitoring
  • Disable antivirus (such as IOfficeAntivirus (IOAV))
  • Disable cloud-delivered protection
  • Remove security intelligence updates
  • Disable automatic actions on detected threats

PrintNightmare and Edge Legacy

With the new Windows 10 21H2 security baseline, Redmond removed all Microsoft Edge Legacy settings after its EdgeHTML-based web browser reached end of support in March.

“Going forward, please use the new Microsoft Edge (Chromium-based) baseline, which is on a separate release cadence and available as part of the Microsoft Security Compliance Toolkit,” Munck added.

Microsoft also added a new setting to the MS Security…