deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 9007: Add new functionality for existing ASR rule.

Browse Source 
Add new functionality for existing ASR rule.
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-06-12 19:11:39 +00:00
commit b10c867cb8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
localizationpriority: medium localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 05/30/2018 ms.date: 06/12/2018
--- ---
@ -123,7 +123,7 @@ This rule blocks the following file types from being run or launched from an ema
### Rule: Block Office applications from creating child processes ### Rule: Block Office applications from creating child processes
Office apps, such as Word or Excel, will not be allowed to create child processes. Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, Outlook, and Access.
This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables. This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.