deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update attack-surface-reduction-rules-in-windows-10-enterprise-e3.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-05-05 11:41:46 -07:00
parent 91ecbd1e8c
commit 40a8d48ae3
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md
View File

@ -20,6 +20,7 @@ ms.custom: asr
**Applies to:** **Applies to:**
- Windows 10 Enterprise E5
- Windows 10 Enterprise E3 - Windows 10 Enterprise E3
Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license. Attack surface reduction rules help prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This feature area includes the rules, monitoring, reporting, and analytics necessary for deployment that are included in [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), and require the Windows 10 Enterprise E5 license.
@ -28,19 +29,21 @@ A limited subset of basic attack surface reduction rules can technically be used
Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients. Attack surface reduction rules are supported on Windows Server 2019 as well as Windows 10 clients.
The limited subset of rules that can be used in Windows 10 Enterprise E3 include: |Rule |Windows E3 |Windows E5 |
|--|--|--|
- Block executable content from email client and webmail [Block executable content from email client and webmail](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-executable-content-from-email-client-and-webmail) |Yes |Yes |
- Block all Office applications from creating child processes |[Block all Office applications from creating child processes](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-all-office-applications-from-creating-child-processes) |Yes |Yes |
- Block Office applications from creating executable content |[Block Office applications from creating executable content](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-applications-from-creating-executable-content) |Yes |Yes |
- Block Office applications from injecting code into other processes |[Block Office applications from injecting code into other processes](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-office-applications-from-injecting-code-into-other-processes) |Yes |Yes |
- Block JavaScript or VBScript from launching downloaded executable content |[Block JavaScript or VBScript from launching downloaded executable content](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-javascript-or-vbscript-from-launching-downloaded-executable-content) |Yes |Yes |
- Block execution of potentially obfuscated scripts |[Block execution of potentially obfuscated scripts](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-execution-of-potentially-obfuscated-scripts) |Yes |Yes |
- Block Win32 API calls from Office macro |[Block Win32 API calls from Office macros](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-win32-api-calls-from-office-macros) |Yes |Yes |
- Use advanced protection against ransomware |[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | | |
- Block credential stealing from the Windows local security authority subsystem (lsass.exe) |[Use advanced protection against ransomware](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#use-advanced-protection-against-ransomware) | | |
- Block process creations originating from PSExec and WMI commands |[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | | |
- Block untrusted and unsigned processes that run from USB |[Block untrusted and unsigned processes that run from USB](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-untrusted-and-unsigned-processes-that-run-from-usb) | | |
|Block process creations originating from PSExec and WMI commands | | |
| Block untrusted and unsigned processes that run from USB | | |
For more information about these rules, see [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md). For more information about these rules, see [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction.md).