scripts/CENTRAL_Template_Create_new_Threat_Protection_Policy.json at main · JimBenna/scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
[
  {
    "name": "All settings activated",
    "type": "threat-protection",
    "priority": 10,
    "enabled": true,
    "settings": {
      "endpoint.threat-protection.block-active-adversary-mitigation.enabled": {
        "value": true
      },
      "endpoint.threat-protection.block-safeboot-usage.enabled": {
        "value": true
      },
      "endpoint.threat-protection.exclusions.scanning": {
        "value": [
          {
            "value": "C:\\xxx",
            "type": "path",
            "scanMode": "onDemandAndOnAccess",
          },
          {
            "value": "www.sophos.com",
            "type": "web",
            "scanMode": "onAccess",
          },
          {
            "value": "692ba6a23003f06d34eaf215a817b67f24ca71162ad0d165184119e89cb9c240",
            "type": "journalHashingProcess",
          },
          {
            "value": "notepad++.exe",
            "type": "process",
            "scanMode": "onDemand",
            "comment": "NotePad++ should not be scanned on Demand",
          },
          {
            "value": "/home/*/Documents",
            "type": "posixPath",
            "scanMode": "onDemand",
          },
          {
            "value": "192.168.222.2",
            "type": "web",
            "scanMode": "onAccess",
          }
        ]
      },
      "endpoint.threat-protection.malware-protection.desktop-messaging.message": {
        "value": "We have setup the maximal prootection available. If you have any trouble contact IT Support"
      },
      "endpoint.threat-protection.network-protection.self-isolation.enabled": {
        "value": true
      },
      "endpoint.threat-protection.malware-protection.scheduled-scan.days": {
        "value": [
          3,6,7
        ],
        "unit": "day"
    },
    "endpoint.threat-protection.malware-protection.scheduled-scan.enabled": {
      "value": true
    },
    "endpoint.threat-protection.malware-protection.scheduled-scan.scan-all-files.enabled": {
      "value": false
    },
    "endpoint.threat-protection.malware-protection.scheduled-scan.time": {
      "value": "04:00"
    },
    "endpoint.threat-protection.malware-protection.scheduled-scan.scan-all-files.enabled": {
      "value": true
    },
    "endpoint.threat-protection.malware-protection.scheduled-scan.deep-scanning.enabled": {
      "value": true
    },
    "endpoint.threat-protection.protect-in-safeboot.enabled": {
      "value": true
    },
    "endpoint.threat-protection.network-protection.ips.all.enabled": {
      "value": true
    },
    "endpoint.threat-protection.network-protection.ips.enabled": {
      "value": true
    },
    "endpoint.threat-protection.web-control.tls-decryption.enabled": {
      "value": true
    },
    "endpoint.threat-protection.web-control.tls-decryption.quic.enabled": {
      "value": true
    }
    }
}
]