From f01afeb588ffd87bf5bbe675e1b759929b70e9e8 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 27 Aug 2020 16:41:01 -0700 Subject: [PATCH] Removed repeated paragraph, applied footnote functionality Changed "*" to 1 and incremented the other two footnotes. --- .../microsoft-recommended-block-rules.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 5657add278..15cef4012c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -24,9 +24,8 @@ ms.date: 04/09/2019 - Windows 10 - Windows Server 2016 and above -Members of the security community\* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. +Members of the security community[^1] continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. -Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control: Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control: - addinprocess.exe @@ -34,7 +33,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you - addinutil.exe - aspnet_compiler.exe - bash.exe -- bginfo.exe[1] +- bginfo.exe[^2] - cdb.exe - csi.exe - dbghost.exe @@ -51,7 +50,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you - Microsoft.Build.dll - Microsoft.Build.Framework.dll - Microsoft.Workflow.Compiler.exe -- msbuild.exe[2] +- msbuild.exe[^3] - msbuild.dll - mshta.exe - ntkd.exe @@ -69,11 +68,11 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you - wslconfig.exe - wslhost.exe -[1]A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](https://docs.microsoft.com/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked. +[^1]: Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people: -[2]If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe. +[^2]: A vulnerability in bginfo.exe has been fixed in the latest version 4.22. If you use BGInfo, for security, make sure to download and run the latest version here [BGInfo 4.22](https://docs.microsoft.com/sysinternals/downloads/bginfo). Note that BGInfo versions earlier than 4.22 are still vulnerable and should be blocked. -*Microsoft recognizes the efforts of those in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people: +[^3]: If you are using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end user device that is not being used in a development context, we recommend that you block msbuild.exe.