deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add warning about PSExec rule blocking SCCM compliance rules.

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC)
2018-04-06 08:46:27 -07:00
parent 076a04cfae
commit 569981914b
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -174,6 +174,9 @@ Local Security Authority Subsystem Service (LSASS) authenticates users who log i
This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks. This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks.
>[!WARNING]
>[Only use this rule if you are managing your devices with Intune or other MDM solution. If you use this rule with SCCM, it will prevent SCCM compliance rules from working, because this rule blocks the PSExec commands in SCCM.]
### Rule: Block untrusted and unsigned processes that run from USB ### Rule: Block untrusted and unsigned processes that run from USB
With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include: With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include: