deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-27 20:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4725 from VLG17/patch-29

Browse Source 
removed/added info
This commit is contained in:
Beth Levin 2019-08-19 09:11:48 -07:00 committed by GitHub
commit 0d26d1359a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -267,7 +267,7 @@ This rule blocks processes through PsExec and WMI commands from running, to prev
>[!WARNING]
>Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [System Center Configuration Manager](https://docs.microsoft.com/sccm) because this rule blocks WMI commands the SCCM client uses to function correctly.
This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, SCCM CB 1802
This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019
Intune name: Process creation from PSExec and WMI commands
@ -297,7 +297,7 @@ This rule prevents Outlook from creating child processes. It protects against so
>[!NOTE]
>This rule applies to Outlook and Outlook.com only.
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019
Intune name: Process creation from Office communication products (beta)
@ -309,11 +309,11 @@ GUID: 26190899-1602-49e8-8b27-eb1d0a1ce869
Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. This rule prevents attacks like this by blocking Adobe Reader from creating additional processes.
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810
This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019
Intune name: Process creation from Adobe Reader (beta)
SCCM name: Not applicable
SCCM name: Not yet available
GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
@ -321,6 +321,8 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository.
This rule was introduced in: Windows 10 1903, Windows Server 1903
Intune name: Block persistence through WMI event subscription
SCCM name: Not yet available