deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fixed broken links.

Browse Source
This commit is contained in:
Andrea Bichsel
2019-02-06 13:02:16 -08:00
parent f93df55c57
commit 9fc3632628
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
View File

@ -11,7 +11,6 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 09/18/2018
--- ---
# Troubleshoot attack surface reduction rules # Troubleshoot attack surface reduction rules
@ -40,7 +39,7 @@ Attack surface reduction rules will only work on devices with the following cond
> - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update). > - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update).
> - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). > - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
> - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled. > - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable ASR topic](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules). > - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode. If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode.
@ -61,7 +60,7 @@ Follow the instructions in [Use the demo tool to see how attack surface reductio
Audit mode allows the rule to report as if it actually blocked the file or process, but will still allow the file to run. Audit mode allows the rule to report as if it actually blocked the file or process, but will still allow the file to run.
1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md#use-group-policy-to-enable-or-audit-attack-surface-reduction-rules). 1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed). 2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed).
3. [Review the attack surface reductio rule event logs](attack-surface-reduction-exploit-guard.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**. 3. [Review the attack surface reductio rule event logs](attack-surface-reduction-exploit-guard.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**.