deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

More voice and tone edits.

Browse Source
This commit is contained in:
Andrea Bichsel 2019-02-06 14:16:30 -08:00
parent 7e4849b99e
commit d579eaa2ae
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -28,16 +28,16 @@ Attack surface reduction rules work best with [Windows Defender Advanced Threat
Attack surface reduction rules each target specific behaviors that malware and malicious apps typically use to infect computers, including:
- Executable files and scripts used in Office apps or web mail that attempt to download or run files
- Scripts that are obfuscated or otherwise suspicious
- Behaviors that apps undertake that are not usually initiated during normal day-to-day work
- Obfuscated or otherwise suspicious scripts
- Behaviors that apps don't usually initiate during normal day-to-day work
When a rule triggers, the Action Center displays a notification. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information.
Triggered rules display a notification. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information.
You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization if they were enabled.
You can use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how attack surface reduction rules would impact your organization once enabled.
## Attack surface reduction rules
The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
The following sections describe each attack surface reduction rule. This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy:
Rule name | GUID
-|-
@ -56,7 +56,7 @@ Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9
Block Office communication application from creating child processes | 26190899-1602-49e8-8b27-eb1d0a1ce869
Block Adobe Reader from creating child processes | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
The rules apply to the following Office apps:
In general, attack surface reduction rules apply to the following Office apps:
- Microsoft Word
- Microsoft Excel