|
There are isolated problems with current patches, but they are well-known and documented on this site. |
Block executable files from running unless they meet a prevalence, age, or trusted list criterion
Does the above rule include (native) scripts (bat,ps1,vbs,js)?
Does it work the same way as Smartscreen but even for files without the Mark-of-the-Web? How is it different than Smartscreen?
How is it different than ISG in WDAC?
Block JavaScript or VBScript from launching downloaded executable content
Does it include Powershell and batch scripts? Why not?
See Use attack surface reduction rules to prevent malware infection | Microsoft Learn for Microsoft’s explanation. Of course, being Microsoft you’ll have more questions after reading the article(s).
Here’s a blog post that may help too – Demystifying attack surface reduction rules – Part 1 – Microsoft Community Hub. It is the first in a series.
--Joe
Thanks, but I’m asking here because the info on Microsoft’s site is vague.
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
