• Enable Attack Surface Reduction in Win10-1709

    Home » Forums » Admin IT Lounge » Admin IT Lounge – Miscellaneous » Enable Attack Surface Reduction in Win10-1709

    Tags:

    Author
    Topic
    Kirsty
    Manager
    October 21, 2017 at 11:51 pm #139783

    Enable Attack surface reduction
    08/25/2017 | Windows IT Pro Center>Threat Protection

     
    Enable and audit Attack surface reduction rules

    Applies to:

    Windows 10, version 1709

    Audience

    Enterprise security administrators

    Manageability available with

    Group Policy
    PowerShell
    Configuration service providers for mobile device management

    Attack surface reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.

    Enable and audit Attack surface reduction rules

    You can use Group Policy, PowerShell, or MDM CSPs to configure the state or mode for each rule. This can be useful if you only want to enable some rules, or you want to enable rules individually in audit mode.

     
    Read the full article here

    1 user thanked author for this post.
    NetDef
    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • Kirsty
      Manager
      October 22, 2017 at 1:07 am #139799

      According to Microsoft Malware Protection Center, ASR can block office applications from creating child processes, such as in the new DDE-based campaign (Exploit:O97M/DDEDownloader.B) seen in the wild right now via spam.

      Reply | Quote
    • NetDef
      AskWoody_MVP
      October 22, 2017 at 7:32 pm #140013

      This new security functionality is part of the new WDEG in Windows 10 1709.  Deploying these four features is the primary driver for why we are testing this release as much as we have in the last week.  It’s the single most important new feature in Windows 10 to our clients.

      So far at least, WDEG has worked better in our testing than most of the other new features in 1709.  Almost like it was written by a more competent dev team . . .

      One other note:  this feature requires that you use WD as your real time protection.  We’re evaluating that as well as the pay for edition coming in Microsoft 365.

      ~ Group "Weekend" ~

      1 user thanked author for this post.
      Kirsty
      Reply | Quote
    Viewing 1 reply thread
    Reply To: Enable Attack Surface Reduction in Win10-1709

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.