Addressing Defender Security Recommendation 'Disable JavaScript on Adobe Reader 2017' using Proactive Remediation Scripts in Intune
Microsoft 365 Defender portal is a one stop shop for monitoring and responding to threat activity and in the process also strengthening the security posture across identities, email, data, endpoints, and apps. Within the portal and under the Vulnerability section, Microsoft have included Recommendations that gives you insight into various mitigatation steps to address the vulnerabilites. The more you remediate, the more your security score improves and reduces the over all threat exposure of the devices within your organization.
I have been assisting a customer to improve their security score and I wanted to cover the steps I carried out to remediate one particular recommendation. The recommendation in question is 'Disable JavaScript on Adobe Reader 2017' and this is what I did.
The remediation steps involve configuring a registry key to disable bDisableJavaScript. The information can be accessed within the recommendation itself.
There are multiple ways to configure the registry key. In my case, since the devices have AAD identity and are managed using Intune, I decided to use PS script to configure the registry key. Infact, I decided to use Proactive remediation scripts to ensure that the key is configured on the devices the whole time. I am not sure if Adobe updates can reset the keys, but didn't want to take a chance. If you want to know more about Proactive remediation, then you can read all about it in one of my earlier posts.
Note - In order to use Proactive Remediation feature, you need additional licenses. So if you are using it for the first time, then you will be presented with the following popup where you need to confirm the terms before you can start using the feature.
In order to configure this under Proactive Remediation, we need 2 scripts. Detection and Remediation.
Detection - The intent here is to detect for the key first. If found, the value of bDisableJavaScript will be checked for DWORD 1 or 0 and a output will be generated based on the strings mentioned below.
$check=Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\2017\FeatureLockDown" |
Select-Object -ExpandProperty bDisableJavaScript -ErrorAction SilentlyContinue
If(!$check){
"Key does not exist"
exit 1
}
Else{
Switch($check){
'1'{
'Java script is disabled'
}'0' {
'Java script is enabled'
}
}
}
Remediation - If the exit code of the detection script is 1, then the remediation script will run. Otherwise the strings in the detection script (provided above) will be generated as output.
If ($(Test-Path -Path "HKLM:\SOFTWARE\Policies\Adobe") -eq $False) { New-Item "HKLM:\SOFTWARE\Policies\Adobe" }
If ($(Test-Path -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader") -eq $False) { New-Item "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader" }
If ($(Test-Path -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\2017") -eq $False) { New-Item "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\2017" }
If ($(Test-Path -Path "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\2017\FeatureLockDown") -eq $False) { New-Item "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\2017\FeatureLockDown" }
New-ItemProperty "HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\2017\FeatureLockDown" -Name "bDisableJavaScript" -Value 1 -PropertyType "DWord" -Force
Now time to configure in Intune.
1. Sign-in to the Microsoft Endpoint Management Admin Center.
2. Browse to Reports > Endpoint Analytics > Proactive Remediations > Create a Script Package
3. Fill the relevant fields like Name, Description, Publisher etc and hit Next.
4. In the settings section, select the relevant detection and remediation scripts as covered above in the blog. It should then look something like this.
5. Run the script in 64-bit Powershell and leave the rest of the options as Default.
6. Assign the scope tags if required and then assign to device\user based group. You can define the frequency and add filters of the execution of the Proactive script. I set to run Daily against all Windows 10 production devices to suit my requirements.
The Intune management extension agent checks with Intune once every hour and after every reboot for any new scripts or changes. The execution results can be monitored directly in Intune under Reports->Endpoint Analytics-><Name of your Proactive Script> as shown below.
Add addtional columns to display details on Remediation pre and post execution steps.
Until next time..
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.Very interesting blog.
ReplyDeletecrackplus.org
Adobe Acrobat Pro DC Crack
DriverDoc Crack
XYplorer Crack
Grand 5 Theft Auto V Crack
SolidWorks Crack
I am happy after visited this site. I like all your posts. You were very nice Thanks for the information provided, they helped me a lot crackbins.com I hope you have more information Great blog.
ReplyDeleteAdobe Acrobat Pro DC
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
ReplyDeleteVery interesting blog.
DriverDoc Crack
Nice Post, Thanks for sharing. I have used Adobe Acrobat Pro DC Crack Version for a long time, its amazing.You can also other software free download from cracksilo.org
ReplyDeleteAdobe Acrobat Pro DC Crack
Nice Post, Thanks for sharing. I have used Adobe Acrobat Pro DC Crack Version for a long time, its amazing.You can also other software free download from cracksilo.org
ReplyDeleteAdobe Acrobat Pro DC Crack
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.Very interesting blog. erp customization examples
ReplyDeleteAfter reading a few of the blog pieces on your website, we sincerely love the way you written.
ReplyDeletecrackbins.com Please visit my website and share your thoughts with us.
Disc Drill Pro Crack
NordVPN Crack
Adobe Acrobat Pro DC Crack
Soothe 2 VST Crack
Typing Master Pro Crack
Good post! We are linking to this great post on our website. Keep up the good writing. Thanks for sharing.
ReplyDeleteMovavi Video Converter Crack
TransMac Crack
Adobe Acrobat Crack