deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add reviewer changes.

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC)
2018-06-12 11:47:21 -07:00
parent b83f8f41c3
commit 9b80f21746
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -123,12 +123,10 @@ This rule blocks the following file types from being run or launched from an ema
### Rule: Block Office applications from creating child processes
Office apps, such as Word or Excel, will not be allowed to create child processes.
Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, Outlook, and Access.
This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
In Windows 10, version 1803 and later, this rule also blocks suspicious apps from being launched through Outlook or Access.
### Rule: Block Office applications from creating executable content
This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is a typical malware technique.