deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

More voice and tone edits.

Browse Source
This commit is contained in:
Andrea Bichsel
2019-02-06 14:21:04 -08:00
parent d579eaa2ae
commit 35bd5f5aac
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -21,11 +21,11 @@ ms.author: v-anbic
Attack surface reduction rules help prevent actions and apps that malware often uses to infect computers. You can set attack surface reduction rules for computers running Windows 10 or Windows Server 2019. Attack surface reduction rules help prevent actions and apps that malware often uses to infect computers. You can set attack surface reduction rules for computers running Windows 10 or Windows Server 2019.
To use attack surface reduction rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in Windows Defender Advanced Threat Protection (Windows Defender ATP). With an E3 license, you won't have these advanced capabilities, but you can develop your own monitoring and reporting tools to use in conjunction with attack surface reduction rules. To use attack surface reduction rules, you need either a Windows 10 Enterprise E3 or E5 license. We recommend an E5 license so you can take advantage of the advanced monitoring and reporting capabilities available in [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md).
Attack surface reduction rules work best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md), which gives you detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). With an E3 license, you won't have these advanced capabilities, but you can develop your own monitoring and reporting tools to use in conjunction with attack surface reduction rules.
Attack surface reduction rules each target specific behaviors that malware and malicious apps typically use to infect computers, including: Attack surface reduction rules target specific behaviors that malware and malicious apps typically use to infect computers, including:
- Executable files and scripts used in Office apps or web mail that attempt to download or run files - Executable files and scripts used in Office apps or web mail that attempt to download or run files
- Obfuscated or otherwise suspicious scripts - Obfuscated or otherwise suspicious scripts