From 1993331377e6e5c927a1213b8647fdf59ae029a6 Mon Sep 17 00:00:00 2001 From: Andrea Bichsel <35236577+andreabichsel@users.noreply.github.com> Date: Mon, 28 Jan 2019 12:36:00 -0800 Subject: [PATCH] Fixed formatting --- .../enable-attack-surface-reduction.md | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 1420c2c6e7..8b5b458d09 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -144,31 +144,23 @@ For information about enabling ASR rules and setting exclusions in SCCM, see [Cr Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule. -The following is a sample for reference, using the [GUID value for the ASR rule](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules). The values to enable, disable, or enable in audit mode are: +The following is a sample for reference, using [GUID values for ASR rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules). + +OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules +Value: {75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1 + +The values to enable, disable, or enable in audit mode are: - Disable = 0 - Block (enable ASR rule) = 1 - Audit = 2 -```OMA-URI path -./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules -``` - -```OMA-URI value -{75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1 -``` - Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. Example: -```OMA-URI path -./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions -``` - -```OMA-URI value -c:\path|e:\path|c:\Whitelisted.exe -``` +OMA-URI path: ./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions +Value: c:\path|e:\path|c:\Whitelisted.exe >[!NOTE] >Be sure to enter OMA-URI values without spaces.