News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Article – Attack Surface Reduction (ASR)

    Home » Forums » AskWoody support » Cyber Security » Cyber Security for Business users » Article – Attack Surface Reduction (ASR)

    Author
    Topic
    #2395372

    Attack Surface Reduction (ASR) – in the Monday AskWoody Newsletter, Susan said “I’m going to recommend one setting in particular for those of you who use Microsoft Office 365, Microsoft Office 2019, Microsoft Office 2016, Microsoft Office 2013, or Microsoft Office 2010. The setting is called “Block Office applications from creating child processes.” It ensures that phishing attacks that target Outlook, Word, and Excel can’t be used to launch ransomware attacks”.

    The setting seems to be available with the Win10 Home Registry hack that Susan recommends from Andy Ful. But with Win10 Pro using Group Policy, it does not seem that this setting is available (unless the option is available once you enabled the setting? If so where?)

    I would be grateful for your clarification. Many thanks

    Viewing 1 reply thread
    Author
    Replies
    • #2395400

      Were you able to follow Susan’s instructions to find Computer Configuration, Administrative Templates, Windows Components, Microsoft Defender Antivirus, Microsoft Defender Exploit Guard, Attack Surface Reduction, Configure Attack Surface Reduction rules in gpedit.msc?

      Windows 10 Pro version 21H2 build 19044.1320 + Microsoft 365 (group ASAP)

    • #2395434

      Susan’s screenshot in the newsletter showed the most recent Group Policy location, i.e. AFTER Microsoft renamed Windows Defender to Microsoft Defender.

      Scroll further down and look for Windows Defender, as in this earlier example:

      defender_re-name

      Hope this helps…

    Viewing 1 reply thread
    Reply To: Article – Attack Surface Reduction (ASR)

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.