Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 738000" data-attributes="member: 32260"><p>My system is configured for testing all ASR rules set to ON. Furthermore, I am trying to understand how works the <span style="color: rgb(65, 168, 95)"><strong>ASR rule</strong></span>:</p><p>"<span style="color: rgb(65, 168, 95)"><strong>Block executable files from running unless they meet a prevalence, age, or trusted list criteria</strong></span>".</p><p>Here are my findings:</p><ol> <li data-xf-list-type="ol">The rule supports exclusions, but that worked well for me only after some reboots. I excluded C:\Windows and C:\Program Files ...</li> <li data-xf-list-type="ol">All my already installed applications (in C:\Program Files...) and portable programs on the second disc could be executed without a problem, also the legal programs downloaded from the Internet.</li> <li data-xf-list-type="ol">The fresh compilation of ConfigureDefender could be run from the excluded folder, but was blocked in other locations (<strong><span style="color: rgb(41, 105, 176)">A, B,</span></strong> ...).</li> <li data-xf-list-type="ol">When I turned <span style="color: rgb(184, 49, 47)"><strong>OFF</strong></span> the <span style="color: rgb(65, 168, 95)"><strong>ASR rule</strong></span><span style="color: rgb(0, 0, 0)"> temporarily and run the fresh compilation of ConfigureDefender in the location</span><span style="color: rgb(41, 105, 176)"><strong> A</strong></span><span style="color: rgb(0, 0, 0)">, it was checked in Defender cloud and after several seconds Defender allowed it to run. Next, after I turned the </span><span style="color: rgb(65, 168, 95)"><strong>ASR rule</strong></span> <span style="color: rgb(184, 49, 47)"><strong>ON</strong></span><span style="color: rgb(0, 0, 0)"> again, the<span style="color: rgb(0, 0, 0)"> fresh compilation of ConfigureDefender <span style="color: rgb(0, 0, 0)">in the location</span><span style="color: rgb(41, 105, 176)"><strong> A</strong></span></span> was NOT BLOCKED anymore. But, this was not true for the same file in another <span style="color: rgb(0, 0, 0)"><span style="color: rgb(0, 0, 0)"><span style="color: rgb(0, 0, 0)">location <span style="color: rgb(41, 105, 176)"><strong>B</strong></span></span>.</span></span></span><span style="color: rgb(0, 0, 0)"> So, this </span><span style="color: rgb(65, 168, 95)"><strong>ASR rule</strong></span><span style="color: rgb(0, 0, 0)"> could get the information from the Defender local AI about the previous file execution history.</span></li> </ol><p><span style="color: rgb(0, 0, 0)">I am curious, how long this <span style="color: rgb(65, 168, 95)"><strong>ASR rule</strong></span><span style="color: rgb(0, 0, 0)"> will block <span style="color: rgb(0, 0, 0)">the fresh compilation of ConfigureDefender in the location <span style="color: rgb(41, 105, 176)"><strong>B</strong></span></span>. I am waiting for the Microsoft article on how this rule can be managed.</span></span></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 738000, member: 32260"] My system is configured for testing all ASR rules set to ON. Furthermore, I am trying to understand how works the [COLOR=rgb(65, 168, 95)][B]ASR rule[/B][/COLOR]: "[COLOR=rgb(65, 168, 95)][B]Block executable files from running unless they meet a prevalence, age, or trusted list criteria[/B][/COLOR]". Here are my findings: [LIST=1] [*]The rule supports exclusions, but that worked well for me only after some reboots. I excluded C:\Windows and C:\Program Files ... [*]All my already installed applications (in C:\Program Files...) and portable programs on the second disc could be executed without a problem, also the legal programs downloaded from the Internet. [*]The fresh compilation of ConfigureDefender could be run from the excluded folder, but was blocked in other locations ([B][COLOR=rgb(41, 105, 176)]A, B,[/COLOR][/B] ...). [*]When I turned [COLOR=rgb(184, 49, 47)][B]OFF[/B][/COLOR] the [COLOR=rgb(65, 168, 95)][B]ASR rule[/B][/COLOR][COLOR=rgb(0, 0, 0)] temporarily and run the fresh compilation of ConfigureDefender in the location[/COLOR][COLOR=rgb(41, 105, 176)][B] A[/B][/COLOR][COLOR=rgb(0, 0, 0)], it was checked in Defender cloud and after several seconds Defender allowed it to run. Next, after I turned the [/COLOR][COLOR=rgb(65, 168, 95)][B]ASR rule[/B][/COLOR] [COLOR=rgb(184, 49, 47)][B]ON[/B][/COLOR][COLOR=rgb(0, 0, 0)] again, the[COLOR=rgb(0, 0, 0)] fresh compilation of ConfigureDefender [COLOR=rgb(0, 0, 0)]in the location[/COLOR][COLOR=rgb(41, 105, 176)][B] A[/B][/COLOR][/COLOR] was NOT BLOCKED anymore. But, this was not true for the same file in another [COLOR=rgb(0, 0, 0)][COLOR=rgb(0, 0, 0)][COLOR=rgb(0, 0, 0)]location [COLOR=rgb(41, 105, 176)][B]B[/B][/COLOR][/COLOR].[/COLOR][/COLOR][/COLOR][COLOR=rgb(0, 0, 0)][B] [/B]So, this [/COLOR][COLOR=rgb(65, 168, 95)][B]ASR rule[/B][/COLOR][COLOR=rgb(0, 0, 0)] could get the information from the Defender local AI about the previous file execution history.[/COLOR] [/LIST] [COLOR=rgb(0, 0, 0)]I am curious, how long this [COLOR=rgb(65, 168, 95)][B]ASR rule[/B][/COLOR][COLOR=rgb(0, 0, 0)] will block [COLOR=rgb(0, 0, 0)]the fresh compilation of ConfigureDefender in the location [COLOR=rgb(41, 105, 176)][B]B[/B][/COLOR][/COLOR]. I am waiting for the Microsoft article on how this rule can be managed.[/COLOR][/COLOR] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
