![]() ![]() Links to information about configuration management system versions referenced in this table are listed below this table. ASR rules supported configuration management systems ( 3) Version and build number apply only to Windows 10. ( 2) For Windows Server 2016 and Windows Server 2012 R2, the minimum required version of Microsoft Endpoint Configuration Manager is version 2111. For more information, see Onboard Windows Servers to the Defender for Endpoint service. ( 1) Refers to the modern unified solution for Windows Server 20. * File and folder exclusions not supported. Version 1803 (Semi-Annual Enterprise Channel) or laterīlock persistence through Windows Management Instrumentation (WMI) event subscription For more information, see New functionality in the modern unified solution for Windows Server 2012 R Preview. Unless otherwise indicated, the minimum Windows 10 build is version 1709 (RS3, build 16299) or later the minimum Windows Server build is version is 1809 or later.Īttack surface reduction rules in Windows Server 2012 R2 and Windows Server 2016 are available for devices onboarded using the modern unified solution package. Microsoft Defender Antivirus exclusions apply to some Microsoft Defender for Endpoint capabilities, such as some of the attack surface reduction (ASR) rules.įollowing is a list of ASR rules that honor Microsoft Defender Antivirus exclusions: ASR rules name: Microsoft Defender Antivirus exclusions and ASR rules Use advanced protection against ransomware ASR rule name:īlock abuse of exploited vulnerable signed driversīlock Adobe Reader from creating child processesīlock all Office applications from creating child processesīlock credential stealing from the Windows local security authority subsystem (lsass.exe)īlock executable content from email client and webmailīlock executable files from running unless they meet a prevalence, age, or trusted list criterionīlock execution of potentially obfuscated scriptsīlock JavaScript or VBScript from launching downloaded executable contentīlock Office applications from creating executable contentīlock Office applications from injecting code into other processesīlock Office communication application from creating child processesīlock persistence through WMI event subscriptionīlock process creations originating from PSExec and WMI commandsīlock untrusted and unsigned processes that run from USB Other rules: Rules which require some measure of following the documented deployment steps, as documented in the Attack surface reduction (ASR) rules deployment guideįor the easiest method to enable the standard protection rules, see: Simplified standard protection option.These rules typically have minimal-to-no noticeable impact on the end user. Standard protection rules: Are the minimum set of rules which Microsoft recommends you always enable, while you are evaluating the impact and configuration needs of the other ASR rules.Per ASR rule alert and notification detailsĪSR rules are categorized as one of two types:.ASR rules supported configuration management systems.ASR rules supported operating system versions.This article provides information about Microsoft Defender for Endpoint attack surface reduction (ASR) rules: Microsoft Microsoft 365 Defender for Endpoint Plan 1.
0 Comments
Leave a Reply. |