deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 06:43:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update capitalization

Browse Source
This commit is contained in:
Iaan D'Souza-Wiltshire
2017-09-28 17:09:01 -07:00
parent dd48997d65
commit 33839645fd
23 changed files with 323 additions and 323 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -1,7 +1,7 @@
---
title: Use Attack Surface Reduction rules to prevent malware infection
title: Use Attack surface reduction rules to prevent malware infection
description: ASR rules can help prevent exploits from using apps and scripts to infect machines with malware
keywords: Attack Surface Reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
keywords: Attack surface reduction, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
@ -37,11 +37,11 @@ ms.date: 08/25/2017
- Configuration service providers for mobile device management
Attack Surface Reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md).
Attack Surface Reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
Attack surface reduction works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into Windows Defender EG events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
The feature is comprised of a number of rules, each of which target specific behaviors that are typically used by malware and malicious apps to infect machines, such as:
@ -49,13 +49,13 @@ The feature is comprised of a number of rules, each of which target specific beh
- Scripts that are obfuscated or otherwise suspicious
- Behaviors that apps undertake that are not usually inititated during normal day-to-day work
See the [Attack Surface Reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule.
See the [Attack surface reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule.
When a rule is triggered, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack Surface Reduction would impact your organization if it were enabled.
You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how Attack surface reduction would impact your organization if it were enabled.
## Attack Surface Reduction rules
## Attack surface reduction rules
The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
@ -125,7 +125,7 @@ It uses the [AntiMalwareScanInterface (AMSI)](https://msdn.microsoft.com/en-us/l
## Requirements
The following requirements must be met before Attack Surface Reduction will work:
The following requirements must be met before Attack surface reduction will work:
Windows 10 version | Windows Defender Antivirus
- | -
@ -134,9 +134,9 @@ Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows De
## Review Attack Surface Reduction events in Windows Event Viewer
## Review Attack surface reduction events in Windows Event Viewer
You can review the Windows event log to see events that are created when an Attack Surface Reduction rule is triggered (or audited):
You can review the Windows event log to see events that are created when an Attack surface reduction rule is triggered (or audited):
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *asr-events.xml* to an easily accessible location on the machine.
@ -150,7 +150,7 @@ You can review the Windows event log to see events that are created when an Atta
4. Click **OK**.
5. This will create a custom view that filters to only show the following events related to Attack Surface Reduction:
5. This will create a custom view that filters to only show the following events related to Attack surface reduction:
Event ID | Description
-|-
@ -172,7 +172,7 @@ You can review the Windows event log to see events that are created when an Atta
Topic | Description
---|---
[Evaluate Attack Surface Reduction](evaluate-attack-surface-reduction.md) | Use a tool to see a number of scenarios that demonstrate how the feature works, and what events would typically be created.
[Enable Attack Surface Reduction](enable-attack-surface-reduction.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage Attack Surface Reduction in your network.
[Customize Attack Surface Reduction](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by Attack Surface Reduction and customize the notification that appears on a user's machine when a rule blocks an app or file.
[Evaluate Attack surface reduction](evaluate-attack-surface-reduction.md) | Use a tool to see a number of scenarios that demonstrate how the feature works, and what events would typically be created.
[Enable Attack surface reduction](enable-attack-surface-reduction.md) | Use Group Policy, PowerShell, or MDM CSPs to enable and manage Attack surface reduction in your network.
[Customize Attack surface reduction](customize-attack-surface-reduction.md) | Exclude specified files and folders from being evaluated by Attack surface reduction and customize the notification that appears on a user's machine when a rule blocks an app or file.