From 8adf81b60baa9692e22a2a5abda5052d694eeb88 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 12 Sep 2017 17:10:14 -0700 Subject: [PATCH 1/3] update image --- .../enable-attack-surface-reduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 910db87d44..045207e8de 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -80,7 +80,7 @@ See the [Attack Surface Reduction](attack-surface-reduction-exploit-guard.md) to - Audit mode = 2 - ![](images/asr-rules-gp.png) + ![](images/asr-rules-gp.png) From b773e56e7d67ac3d3c6385490f6f25f7a7b2e4d5 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 12 Sep 2017 17:29:23 -0700 Subject: [PATCH 2/3] image ref changes --- .../enable-attack-surface-reduction.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 045207e8de..6b1a83871a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -79,8 +79,7 @@ See the [Attack Surface Reduction](attack-surface-reduction-exploit-guard.md) to - Disabled = 0 - Audit mode = 2 - - ![](images/asr-rules-gp.png) +![](images/asr-rules-gp.png) From 602d3fcde4e57c1a4970006542dcb53b69734899 Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Tue, 12 Sep 2017 18:10:34 -0700 Subject: [PATCH 3/3] update ps for asr enabling and remove cloud reqs for CFA and ASR --- .../attack-surface-reduction-exploit-guard.md | 2 +- .../controlled-folders-exploit-guard.md | 2 +- .../enable-attack-surface-reduction.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 0916abe7b6..0817855e6a 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -129,7 +129,7 @@ The following requirements must be met before Attack Surface Reduction will work Windows 10 version | Windows Defender Antivirus - | - -Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled +Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled diff --git a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index 2cda929649..2945821a44 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -62,7 +62,7 @@ The following requirements must be met before Controlled Folder Access will work Windows 10 version | Windows Defender Antivirus -|- -Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) must be enabled +Insider Preview build 16232 or later (dated July 1, 2017 or later) | [Windows Defender AV real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) must be enabled ## Review Controlled Folder Access events in Windows Event Viewer diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 6b1a83871a..d128c1da67 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -90,13 +90,13 @@ See the [Attack Surface Reduction](attack-surface-reduction-exploit-guard.md) to 2. Enter the following cmdlet: ```PowerShell - Add-MpPreference -AttackSurfaceReductionRules_Ids + Set-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions Enabled ``` You can enable the feature in audit mode using the following cmdlet: ```PowerShell -Set-MpPreference -AttackSurfaceReductionRules_Actions AuditMode +Add-MpPreference -AttackSurfaceReductionRules_Ids -AttackSurfaceReductionRules_Actions AuditMode ``` Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.