deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 12904: Clarified Office apps rule.

Browse Source 
Clarified Office apps rule.
This commit is contained in:
Andrea Bichsel (Aquent LLC) 2018-11-16 22:04:02 +00:00 committed by Justin Hall
commit bf43a8bf12
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -71,6 +71,9 @@ This rule blocks the following file types from being run or launched from an ema
Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, and Access.
>[!NOTE]
>This does not include Outlook. For Outlook, please see [Block Office communication applications from creating child processes](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#rule-block-office-communication-applications-from-creating-child-processes).
This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
### Rule: Block Office applications from creating executable content