deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added examples for MDM CSP paths and values.

Browse Source
This commit is contained in:
Andrea Bichsel
2019-01-28 11:55:29 -08:00
parent 2006c842f3
commit d1b978c171
1 changed files with 51 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
View File

@ -81,8 +81,8 @@ For information about enabling ASR rules and setting exclusions in SCCM, see [Cr
4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section: 4. Select **Configure Attack surface reduction rules** and select **Enabled**. You can then set the individual state for each rule in the options section:
- Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows: - Click **Show...** and enter the rule ID in the **Value name** column and your desired state in the **Value** column as follows:
- Block (enable ASR rule) = 1
- Disable = 0 - Disable = 0
- Block (enable ASR rule) = 1
- Audit = 2 - Audit = 2
![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png) ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](images/asr-rules-gp.png)
@ -144,8 +144,35 @@ Continue to use `Add-MpPreference -AttackSurfaceReductionOnlyExclusions` to add
Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule. Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductionrules) configuration service provider (CSP) to individually enable and set the mode for each rule.
The following is a sample for reference, using the [GUID value for the ASR rule](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules). The values to enable, disable, or enable in audit mode are:
- Disable = 0
- Block (enable ASR rule) = 1
- Audit = 2
```OMA-URI path
./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
```
```OMA-URI value
{75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84}=2|{3B576869-A4EC-4529-8536-B80A7769E899}=1|{D4F940AB-401B-4EfC-AADC-AD5F3C50688A}=2|{D3E037E1-3EB8-44C8-A917-57927947596D}=1|{5BEB7EFE-FD9A-4556-801D-275E5FFC04CC}=0|{BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550}=1
```
Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions.
Example:
```OMA-URI path
./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions
```
```OMA-URI value
c:\path|e:\path|c:\Whitelisted.exe
```
>[!NOTE]
>Be sure to enter OMA-URI values without spaces.
## Related topics ## Related topics
- [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md) - [Reduce attack surfaces with attack surface reduction rules](attack-surface-reduction-exploit-guard.md)