From d678d1a84f5e801ac673ca7ba28550c2a8ac2ca5 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 3 Apr 2019 04:30:09 -0600 Subject: [PATCH] Update --- .../enable-attack-surface-reduction.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 20dfb9bbb5..75d9674bee 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -34,6 +34,8 @@ You can exclude files and folders from being evaluated by most attack surface re >- Block process creations originating from PSExec and WMI commands >- Block JavaScript or VBScript from launching downloaded executable content +You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules the exclusions apply to. + >[!IMPORTANT] The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** is owned by microsoft and is not specified by admins. It uses Microsoft CLoud's Protection to update its trusted list regularly. >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.