With Windows 10 Fall Creators Update ready to deliver on October 17, there are some new Group Policy settings that will be introduced. As these are uncovered, we’ll highlight them here on myITforum.
- ADMX File: WindowsDefender.admx
- Overview: Configure Attack Surface Reduction rules
- Class: Machine
- Location: Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR
- Value: ExploitGuard_ASR_Rules
- Policy values: (see details)
- Details: Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in the Options section:
– Audit Mode: if the rule would normally cause an event, then it will be recorded (although the rule will not actually be applied)
– Off: the rule will not be applied
Specify the state for each ASR rule under the Options section for this setting.
Enter each rule on a new line as a name-value pair:
– Name column: Enter a valid ASR rule ID
– Value column: Enter the status ID that relates to state you want to specify for the associated rule
– 1 (Block)
– 0 (Off)
– 2 (Audit)Example:
No ASR rules will be configured.
Same as Disabled.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!