From 6c520d261f39ef3fd6ece81a4138bea1a4cff851 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 3 Apr 2019 04:27:19 -0600 Subject: [PATCH] Added note as suggested that policy can't be changed issue #1880 --- .../enable-attack-surface-reduction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index c89bbdc0fa..20dfb9bbb5 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -34,7 +34,8 @@ You can exclude files and folders from being evaluated by most attack surface re >- Block process creations originating from PSExec and WMI commands >- Block JavaScript or VBScript from launching downloaded executable content -You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. +>[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** is owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. +>You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. ASR rules support environment variables and wildcards. For information about using wildcards, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists).