deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Added PowerShell cmdlet.

Browse Source
This commit is contained in:
Andrea Bichsel 2019-01-28 11:27:58 -08:00
parent 69f02bcf28
commit 2006c842f3
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
View File

@ -85,7 +85,7 @@ For information about enabling ASR rules and setting exclusions in SCCM, see [Cr
- Disable = 0
- Audit = 2
![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png)
![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png)
5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item.
@ -102,14 +102,19 @@ For information about enabling ASR rules and setting exclusions in SCCM, see [Cr
Set-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Enabled
```
You can enable the feature in audit mode using the following cmdlet:
To enable ASR rules in audit mode, use the following cmdlet:
```PowerShell
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions AuditMode
```
Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
>[!IMPORTANT>
To turn off ASR rules, use the following cmdlet:
```PowerShell
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled
```
>[!IMPORTANT]
>You must specify the state individually for each rule, but you can combine rules and states in a comma-separated list.
>
>In the following example, the first two rules will be enabled, the third rule will be disabled, and the fourth rule will be enabled in audit mode:
@ -124,7 +129,7 @@ You can also the `Add-MpPreference` PowerShell verb to add new rules to the exis
>`Set-MpPreference` will always overwrite the existing set of rules. If you want to add to the existing set, you should use `Add-MpPreference` instead.
>You can obtain a list of rules and their current state by using `Get-MpPreference`
3. To exclude files and folders from ASR rules, enter the following cmdlet:
3. To exclude files and folders from ASR rules, use the following cmdlet:
```PowerShell
Add-MpPreference -AttackSurfaceReductionOnlyExclusions "<fully qualified path or resource>"