mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-06 01:27:21 +00:00
Merged PR 11249: Removed broken links.
Removed broken links.
This commit is contained in:
Andrea Bichsel (Aquent LLC)
commit
40dc7ce199
@ -61,9 +61,6 @@
|
||||
### [How Windows 10 uses the TPM](tpm/how-windows-uses-the-tpm.md)
|
||||
### [TPM Group Policy settings](tpm/trusted-platform-module-services-group-policy-settings.md)
|
||||
### [Back up the TPM recovery information to AD DS](tpm/backup-tpm-recovery-information-to-ad-ds.md)
|
||||
### [Manage TPM commands](tpm/manage-tpm-commands.md)
|
||||
### [Manage TPM lockout](tpm/manage-tpm-lockout.md)
|
||||
### [Change the TPM owner password](tpm/change-the-tpm-owner-password.md)
|
||||
### [View status, clear, or troubleshoot the TPM](tpm/initialize-and-configure-ownership-of-the-tpm.md)
|
||||
### [Understanding PCR banks on TPM 2.0 devices](tpm/switch-pcr-banks-on-tpm-2-0-devices.md)
|
||||
### [TPM recommendations](tpm/tpm-recommendations.md)
|
||||
|
||||
@ -6,7 +6,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/19/2017
|
||||
---
|
||||
|
||||
|
||||
@ -6,7 +6,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/19/2017
|
||||
---
|
||||
|
||||
|
||||
@ -7,7 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 10/27/2017
|
||||
---
|
||||
|
||||
|
||||
@ -1,24 +1,23 @@
|
||||
---
|
||||
title: View status, clear, or troubleshoot the TPM (Windows 10)
|
||||
title: Troubleshoot the TPM (Windows 10)
|
||||
description: This topic for the IT professional describes how to view status for, clear, or troubleshoot the Trusted Platform Module (TPM).
|
||||
ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
ms.date: 04/19/2017
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 09/11/2018
|
||||
---
|
||||
|
||||
# View status, clear, or troubleshoot the TPM
|
||||
# Troubleshoot the TPM
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
This topic for the IT professional describes actions you can take through the Trusted Platform Module (TPM) snap-in, **TPM.msc**:
|
||||
|
||||
- [View the status of the TPM](#view-the-status-of-the-tpm)
|
||||
This topic provides information for the IT professional to troubleshoot the Trusted Platform Module (TPM):
|
||||
|
||||
- [Troubleshoot TPM initialization](#troubleshoot-tpm-initialization)
|
||||
|
||||
@ -32,15 +31,7 @@ For information about the TPM cmdlets, see [TPM Cmdlets in Windows PowerShell](h
|
||||
|
||||
## About TPM initialization and ownership
|
||||
|
||||
Starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you would initialize the TPM and create an owner password. Therefore, with Windows 10, in most cases, we recommend that you avoid configuring the TPM through **TPM.msc**. The one exception is that in certain circumstances you might use **TPM.msc** to clear the TPM. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic.
|
||||
|
||||
## View the status of the TPM
|
||||
|
||||
To view the status of the TPM, open the TPM Management console (TPM.msc). In the center pane, find the **Status** box.
|
||||
|
||||
In most cases, the status will be **Ready**. If the status is ready but “**with reduced functionality**,” see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic.
|
||||
|
||||
If the status is **Not ready**, you can try the steps in [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this topic. If this does not bring it to a **Ready** state, contact the manufacturer, and see the troubleshooting suggestions in the next section.
|
||||
Starting with Windows 10, the operating system automatically initializes and takes ownership of the TPM. This is a change from previous operating systems, where you would initialize the TPM and create an owner password.
|
||||
|
||||
## Troubleshoot TPM initialization
|
||||
|
||||
@ -72,19 +63,13 @@ For example, toggling TPMs will cause BitLocker to enter recovery mode. We stron
|
||||
|
||||
## Clear all the keys from the TPM
|
||||
|
||||
With Windows 10, in most cases, we recommend that you avoid configuring the TPM through TPM.msc. The one exception is that you can use TPM.msc to clear the TPM, for example, as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, for example, attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly.
|
||||
You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly.
|
||||
|
||||
Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows 10 operating system will automatically re-initialize it and take ownership again.
|
||||
|
||||
> [!WARNING]
|
||||
> Clearing the TPM can result in data loss. For more information, see the next section, “Precautions to take before clearing the TPM.”
|
||||
|
||||
There are several ways to clear the TPM:
|
||||
|
||||
- **Clear the TPM as part of a complete reset of the computer**: You might want to remove all files from the computer and completely reset it, for example, in preparation for a clean installation. To do this, we recommend that you use the **Reset** option in **Settings**. When you perform a reset and use the **Remove everything** option, it will clear the TPM as part of the reset. You might be prompted to press a key before the TPM can be cleared. For more information, see the “Reset this PC” section in [Recovery options in Windows 10](https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options).
|
||||
|
||||
- **Clear the TPM to fix “reduced functionality” or “Not ready” TPM status**: If you open TPM.msc and see that the TPM status is something other than **Ready**, you can try using TPM.msc to clear the TPM and fix the status. However, be sure to review the precautions in the next section.
|
||||
|
||||
### Precautions to take before clearing the TPM
|
||||
|
||||
Clearing the TPM can result in data loss. To protect against such loss, review the following precautions:
|
||||
@ -103,15 +88,19 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
|
||||
|
||||
**To clear the TPM**
|
||||
|
||||
1. Open the TPM MMC (tpm.msc).
|
||||
1. Open the Windows Defender Security Center app.
|
||||
|
||||
2. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
|
||||
2. Click **Device security**.
|
||||
|
||||
3. Under **Actions**, click **Clear TPM**.
|
||||
3. Click **Security processor details**.
|
||||
|
||||
4. You will be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
|
||||
4. Click **Security processor troubleshooting**.
|
||||
|
||||
5. After the PC restarts, your TPM will be automatically prepared for use by Windows 10.
|
||||
5. Click **Clear TPM**.
|
||||
|
||||
6. You will be prompted to restart the computer. During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
|
||||
|
||||
7. After the PC restarts, your TPM will be automatically prepared for use by Windows 10.
|
||||
|
||||
## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 or 1511)
|
||||
|
||||
@ -149,20 +138,6 @@ If you want to stop using the services that are provided by the TPM, you can use
|
||||
|
||||
- If you did not save your TPM owner password or no longer know it, click **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
|
||||
|
||||
### Change the TPM Owner Password (available only with Windows 10, version 1607 and earlier versions)
|
||||
|
||||
If you have the [owner password](https://technet.microsoft.com/itpro/windows/keep-secure/change-the-tpm-owner-password) available, you can use TPM.msc to change the TPM Owner Password.
|
||||
|
||||
1. Open the TPM MMC (tpm.msc).
|
||||
|
||||
2. In the **Action** pane, click **Change the Owner Password**
|
||||
|
||||
- If you saved your TPM owner password on a removable storage device, insert it, and then click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, click **Browse** to locate the .tpm file that is saved on your removable storage device, click **Open**, and then click **Turn TPM Off**.
|
||||
|
||||
- If you do not have the removable storage device with your saved TPM owner password, click **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then click **Turn TPM Off**.
|
||||
|
||||
This capability was fully removed from TPM.msc in later versions of Windows.
|
||||
|
||||
## Use the TPM cmdlets
|
||||
|
||||
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/?view=win10-ps).
|
||||
|
||||
@ -20,12 +20,6 @@ This topic for the IT professional describes how to manage which Trusted Platfor
|
||||
|
||||
After a computer user takes ownership of the TPM, the TPM owner can limit which TPM commands can be run by creating a list of blocked TPM commands. The list can be created and applied to all computers in a domain by using Group Policy, or a list can be created for individual computers by using the TPM MMC. Because some hardware vendors might provide additional commands or the Trusted Computing Group may decide to add commands in the future, the TPM MMC also supports the ability to block new commands.
|
||||
|
||||
Domain administrators can configure a list of blocked TPM commands by using Group Policy. Local administrators cannot allow TPM commands that are blocked through Group Policy. For more information about this Group Policy setting, see [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md#configure-the-list-of-blocked-tpm-commands).
|
||||
|
||||
Local administrators can block commands by using the TPM MMC, and commands on the default block list are also blocked unless the Group Policy settings are changed from the default settings.
|
||||
|
||||
Two policy settings control the enforcement which allows TPM commands to run. For more information about these policy settings, see [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md#ignore-the-default-list-of-blocked-tpm-commands).
|
||||
|
||||
The following procedures describe how to manage the TPM command lists. You must be a member of the local Administrators group.
|
||||
|
||||
**To block TPM commands by using the Local Group Policy Editor**
|
||||
|
||||
@ -6,7 +6,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 04/19/2017
|
||||
---
|
||||
|
||||
|
||||
@ -6,7 +6,8 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 08/16/2017
|
||||
---
|
||||
|
||||
|
||||
@ -7,7 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 05/16/2018
|
||||
---
|
||||
|
||||
|
||||
@ -7,7 +7,8 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
author: andreabichsel
|
||||
ms-author: v-anbic
|
||||
ms.date: 08/21/2018
|
||||
---
|
||||
|
||||
|
||||
@ -6,8 +6,9 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
ms.date: 06/29/2018
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 09/11/2018
|
||||
---
|
||||
|
||||
# TPM Group Policy settings
|
||||
@ -24,37 +25,7 @@ The Group Policy settings for TPM services are located at:
|
||||
|
||||
The following Group Policy settings were introduced in Window 10.
|
||||
|
||||
## Configure the list of blocked TPM commands
|
||||
|
||||
This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands that are blocked by Windows.
|
||||
|
||||
If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is **TPM\_OwnerReadInternalPub**, and command number 170 is **TPM\_FieldUpgrade**. To find the command number that is associated with each TPM command, at the command prompt, type **tpm.msc** to open the TPM Management Console and navigate to the **Command Management** section.
|
||||
|
||||
If you disable or do not configure this policy setting, only those TPM commands that are specified through the default or local lists can be blocked by Windows. The default list of blocked TPM commands is preconfigured by Windows.
|
||||
|
||||
- You can view the default list by typing **tpm.msc** at the command prompt, navigating to the **Command Management** section, and exposing the **On Default Block List** column.
|
||||
|
||||
- The local list of blocked TPM commands is configured outside of Group Policy by running the TPM Management Console or scripting using the **Win32\_Tpm** interface.
|
||||
|
||||
## Ignore the default list of blocked TPM commands
|
||||
|
||||
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
|
||||
|
||||
The default list of blocked TPM commands is preconfigured by Windows. You can view the default list by typing **tpm.msc** at the command prompt to open the TPM Management Console, navigating to the **Command Management** section, and exposing the **On Default Block List** column.
|
||||
|
||||
If you enable this policy setting, the Windows operating system will ignore the computer's default list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the local list.
|
||||
|
||||
If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to the commands that are specified by Group Policy and the local list of blocked TPM commands.
|
||||
|
||||
## Ignore the local list of blocked TPM commands
|
||||
|
||||
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
|
||||
|
||||
The local list of blocked TPM commands is configured outside of Group Policy by typing **tpm.msc** at the command prompt to open the TPM Management Console, or scripting using the **Win32\_Tpm** interface. (The default list of blocked TPM commands is preconfigured by Windows.)
|
||||
|
||||
If you enable this policy setting, the Windows operating system will ignore the computer's local list of blocked TPM commands, and it will block only those TPM commands that are specified by Group Policy or the default list.
|
||||
|
||||
If you disable or do not configure this policy setting, Windows will block the TPM commands in the local list, in addition to the commands that are specified in Group Policy and the default list of blocked TPM commands.
|
||||
|
||||
## Configure the level of TPM owner authorization information available to the operating system
|
||||
|
||||
@ -115,7 +86,7 @@ For each standard user, two thresholds apply. Exceeding either threshold prevent
|
||||
|
||||
- [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold) This value is the maximum total number of authorization failures that all standard users can have before all standard users are not allowed to send commands that require authorization to the TPM.
|
||||
|
||||
An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
|
||||
An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
|
||||
|
||||
If you do not configure this policy setting, a default value of 480 minutes (8 hours) is used.
|
||||
|
||||
@ -127,7 +98,7 @@ This setting helps administrators prevent the TPM hardware from entering a locko
|
||||
|
||||
An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
|
||||
|
||||
An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
|
||||
An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
|
||||
|
||||
If you do not configure this policy setting, a default value of 4 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
|
||||
|
||||
@ -139,7 +110,7 @@ This setting helps administrators prevent the TPM hardware from entering a locko
|
||||
|
||||
An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
|
||||
|
||||
An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
|
||||
An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the Windows Defender Security Center. Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
|
||||
|
||||
If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
|
||||
|
||||
|
||||
@ -6,8 +6,9 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
ms.date: 07/27/2017
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 09/11/2018
|
||||
---
|
||||
|
||||
# Trusted Platform Module
|
||||
@ -26,9 +27,6 @@ Trusted Platform Module (TPM) technology is designed to provide hardware-based,
|
||||
| [TPM fundamentals](tpm-fundamentals.md) | Provides background about how a TPM can work with cryptographic keys. Also describes technologies that work with the TPM, such as TPM-based virtual smart cards. |
|
||||
| [TPM Group Policy settings](trusted-platform-module-services-group-policy-settings.md) | Describes TPM services that can be controlled centrally by using Group Policy settings. |
|
||||
| [Back up the TPM recovery information to AD DS](backup-tpm-recovery-information-to-ad-ds.md) | For Windows 10, version 1511 and Windows 10, version 1507 only, describes how to back up a computer’s TPM information to Active Directory Domain Services. |
|
||||
| [Manage TPM commands](manage-tpm-commands.md) | Describes methods by which a local or domain administrator can block or allow specific TPM commands. |
|
||||
| [Manage TPM lockout](manage-tpm-lockout.md) | Describes how TPM lockout works (to help prevent tampering or malicious attacks), and outlines ways to work with TPM lockout settings. |
|
||||
| [Change the TPM owner password](change-the-tpm-owner-password.md) | In most cases, applies to Windows 10, version 1511 and Windows 10, version 1507 only. Tells how to change the TPM owner password. |
|
||||
| [View status, clear, or troubleshoot the TPM](initialize-and-configure-ownership-of-the-tpm.md) | Describes actions you can take through the TPM snap-in, TPM.msc: view TPM status, troubleshoot TPM initialization, and clear keys from the TPM. Also, for TPM 1.2 and Windows 10, version 1507 or 1511, describes how to turn the TPM on or off. |
|
||||
| [Troubleshoot the TPM](initialize-and-configure-ownership-of-the-tpm.md) | Describes actions you can take through the TPM snap-in, TPM.msc: view TPM status, troubleshoot TPM initialization, and clear keys from the TPM. Also, for TPM 1.2 and Windows 10, version 1507 or 1511, describes how to turn the TPM on or off. |
|
||||
| [Understanding PCR banks on TPM 2.0 devices](switch-pcr-banks-on-tpm-2-0-devices.md) | Provides background about what happens when you switch PCR banks on TPM 2.0 devices. |
|
||||
| [TPM recommendations](tpm-recommendations.md) | Discusses aspects of TPMs such as the difference between TPM 1.2 and 2.0, and the Windows 10 features for which a TPM is required or recommended. |
|
||||
|
||||
@ -58,8 +58,8 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
|
||||
Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
|
||||
Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
|
||||
Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
|
||||
Block only Office communication applications from creating child processes (available for beta testing) | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes (available for beta testing) | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
Block only Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
|
||||
The rules apply to the following Office apps:
|
||||
|
||||
|
||||
@ -62,8 +62,8 @@ Use advanced protection against ransomware | [!include[Check mark yes](images/sv
|
||||
Block credential stealing from the Windows local security authority subsystem (lsass.exe) | [!include[Check mark no](images/svg/check-no.svg)] | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
|
||||
Block process creations originating from PSExec and WMI commands | [!include[Check mark yes](images/svg/check-yes.svg)] | d1e49aac-8f56-4280-b9ba-993a6d77406c
|
||||
Block untrusted and unsigned processes that run from USB | [!include[Check mark yes](images/svg/check-yes.svg)] | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
|
||||
Block only Office communication applications from creating child processes (available for beta testing) | [!include[Check mark yes](images/svg/check-yes.svg)] | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes (available for beta testing) | [!include[Check mark yes](images/svg/check-yes.svg)] | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
Block only Office communication applications from creating child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
|
||||
|
||||
See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
|
||||
|
||||
@ -63,8 +63,8 @@ Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d3
|
||||
Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
|
||||
Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
|
||||
Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
|
||||
Block only Office communication applications from creating child processes (available for beta testing) | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes (available for beta testing) | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
Block only Office communication applications from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
|
||||
Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
|
||||
|
||||
See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user