From 7c704e6272a53c7a8a5d38b124e29d6d33fe8567 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 19 Aug 2019 10:46:47 +0300 Subject: [PATCH] removed/added info https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4536 --- .../attack-surface-reduction-exploit-guard.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index e78eb77ef5..d4108e91a2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -267,7 +267,7 @@ This rule blocks processes through PsExec and WMI commands from running, to prev >[!WARNING] >Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [System Center Configuration Manager](https://docs.microsoft.com/sccm) because this rule blocks WMI commands the SCCM client uses to function correctly. -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, SCCM CB 1802 +This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019 Intune name: Process creation from PSExec and WMI commands @@ -297,7 +297,7 @@ This rule prevents Outlook from creating child processes. It protects against so >[!NOTE] >This rule applies to Outlook and Outlook.com only. -This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810 +This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019 Intune name: Process creation from Office communication products (beta) @@ -309,11 +309,11 @@ GUID: 26190899-1602-49e8-8b27-eb1d0a1ce869 Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. This rule prevents attacks like this by blocking Adobe Reader from creating additional processes. -This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019, SCCM CB 1810 +This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019 Intune name: Process creation from Adobe Reader (beta) -SCCM name: Not applicable +SCCM name: Not yet available GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c @@ -321,6 +321,8 @@ GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. With this rule, admins can prevent threats that abuse WMI to persist and stay hidden in WMI repository. +This rule was introduced in: Windows 10 1903, Windows Server 1903 + Intune name: Block persistence through WMI event subscription SCCM name: Not yet available