deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add new functionality for existing ASR rule.

Browse Source
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-06-12 11:26:02 -07:00
parent 0c07e47939
commit b83f8f41c3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
localizationpriority: medium localizationpriority: medium
author: andreabichsel author: andreabichsel
ms.author: v-anbic ms.author: v-anbic
ms.date: 05/30/2018 ms.date: 06/12/2018
--- ---
@ -127,6 +127,8 @@ Office apps, such as Word or Excel, will not be allowed to create child processe
This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables. This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
In Windows 10, version 1803 and later, this rule also blocks suspicious apps from being launched through Outlook or Access.
### Rule: Block Office applications from creating executable content ### Rule: Block Office applications from creating executable content
This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is a typical malware technique. This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is a typical malware technique.