Last active
July 20, 2021 16:29
-
-
Save jangeisbauer/6f779d12a4b6a859da4e40ef62019252 to your computer and use it in GitHub Desktop.
asrRulesTable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Block Adobe Reader from creating child processes,7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-adobe-reader-from-creating-child-processes | |
| Block all Office applications from creating child processes,D4F940AB-401B-4EFC-AADC-AD5F3C50688A,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-all-office-applications-from-creating-child-processes | |
| Block credential stealing from the Windows local security authority subsystem (lsass.exe),9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-credential-stealing-from-the-windows-local-security-authority-subsystem | |
| Block executable content from email client and webmail,BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-executable-content-from-email-client-and-webmail | |
| Block executable files from running unless they meet a prevalence age or trusted list criterion,01443614-cd74-433a-b99e-2ecdc07bfc25,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion | |
| Block execution of potentially obfuscated scripts,5BEB7EFE-FD9A-4556-801D-275E5FFC04CC,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-execution-of-potentially-obfuscated-scripts | |
| Block JavaScript or VBScript from launching downloaded executable content,D3E037E1-3EB8-44C8-A917-57927947596D,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-javascript-or-vbscript-from-launching-downloaded-executable-content | |
| Block Office applications from creating executable content,3B576869-A4EC-4529-8536-B80A7769E899,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-applications-from-creating-executable-content | |
| Block Office applications from injecting code into other processes,75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-applications-from-injecting-code-into-other-processes | |
| Block Office communication application from creating child processes,26190899-1602-49e8-8b27-eb1d0a1ce869,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-communication-application-from-creating-child-processes | |
| Block persistence through WMI event subscription,e6db77e5-3df2-4cf1-b95a-636979351e5b,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-persistence-through-wmi-event-subscription | |
| Block process creations originating from PSExec and WMI commands,d1e49aac-8f56-4280-b9ba-993a6d77406c,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands | |
| Block untrusted and unsigned processes that run from USB,b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-untrusted-and-unsigned-processes-that-run-from-usb | |
| Block Win32 API calls from Office macros,92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-win32-api-calls-from-office-macros | |
| Use advanced protection against ransomware,c1db55ab-c21a-4637-bb3f-a12568109d35,https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#use-advanced-protection-against-ransomware |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Block abuse of exploited vulnerable signed drivers,56a863a9-875e-4185-98a7-b882c64b5ce5,https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules?view=o365-worldwide#block-abuse-of-exploited-vulnerable-signed-drivers