Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 935829" data-attributes="member: 32260"><p>Yes. Microsoft updated ASR rules but did not add new rules. The update is related to the new mode = Warn.</p><p>Before this update, the ASR rules had 3 modes: Disabled, Enabled, Audit. I will add the Warn Mode to ConfigureDefender in a few months.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><h2>Warn mode for users</h2><p>(<strong>NEW</strong>!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes.</p><p></p><p>Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks.</p><p></p><h3>Requirements for warn mode to work</h3><p>Warn mode is supported on devices running the following versions of Windows:</p><p></p><ul> <li data-xf-list-type="ul"><a href="https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809" target="_blank">Windows 10, version 1809</a> or later</li> <li data-xf-list-type="ul"><a href="https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-1809" target="_blank">Windows Server, version 1809</a> or later</li> </ul><p>Microsoft Defender Antivirus must be running with real-time protection in <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state" target="_blank">Active mode</a>.</p><p></p><p>In addition, make sure <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions" target="_blank">Microsoft Defender Antivirus and antimalware updates</a> are installed.</p><p></p><ul> <li data-xf-list-type="ul">Minimum platform release requirement: 4.18.2008.9</li> <li data-xf-list-type="ul">Minimum engine release requirement: 1.1.17400.5</li> </ul><p>For more information and to get your updates, see <a href="https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform" target="_blank">Update for Microsoft Defender antimalware platform</a>.</p><p></p><h3>Cases where warn mode is not supported</h3><p>Warn mode is not supported for the following attack surface reduction rules:</p><p></p><ul> <li data-xf-list-type="ul"><a href="https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#block-javascript-or-vbscript-from-launching-downloaded-executable-content" target="_blank">Block JavaScript or VBScript from launching downloaded executable content</a> (GUID d3e037e1-3eb8-44c8-a917-57927947596d)</li> <li data-xf-list-type="ul"><a href="https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#block-persistence-through-wmi-event-subscription" target="_blank">Block persistence through WMI event subscription</a> (GUID e6db77e5-3df2-4cf1-b95a-636979351e5b)</li> <li data-xf-list-type="ul"><a href="https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#use-advanced-protection-against-ransomware" target="_blank">Use advanced protection against ransomware</a> (GUID c1db55ab-c21a-4637-bb3f-a12568109d35)</li> </ul><p>In addition, warn mode is not supported on devices running older versions of Windows. In those cases, attack surface reduction rules that are configured to run in warn mode will run in block mode.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 935829, member: 32260"] Yes. Microsoft updated ASR rules but did not add new rules. The update is related to the new mode = Warn. Before this update, the ASR rules had 3 modes: Disabled, Enabled, Audit. I will add the Warn Mode to ConfigureDefender in a few months.:) [HEADING=1]Warn mode for users[/HEADING] ([B]NEW[/B]!) Prior to warn mode capabilities, attack surface reduction rules that are enabled could be set to either audit mode or block mode. With the new warn mode, whenever content is blocked by an attack surface reduction rule, users see a dialog box that indicates the content is blocked. The dialog box also offers the user an option to unblock the content. The user can then retry their action, and the operation completes. When a user unblocks content, the content remains unblocked for 24 hours, and then blocking resumes. Warn mode helps your organization have attack surface reduction rules in place without preventing users from accessing the content they need to perform their tasks. [HEADING=2]Requirements for warn mode to work[/HEADING] Warn mode is supported on devices running the following versions of Windows: [LIST] [*][URL='https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1809']Windows 10, version 1809[/URL] or later [*][URL='https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-1809']Windows Server, version 1809[/URL] or later [/LIST] Microsoft Defender Antivirus must be running with real-time protection in [URL='https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility#functionality-and-features-available-in-each-state']Active mode[/URL]. In addition, make sure [URL='https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus#monthly-platform-and-engine-versions']Microsoft Defender Antivirus and antimalware updates[/URL] are installed. [LIST] [*]Minimum platform release requirement: 4.18.2008.9 [*]Minimum engine release requirement: 1.1.17400.5 [/LIST] For more information and to get your updates, see [URL='https://support.microsoft.com/help/4052623/update-for-microsoft-defender-antimalware-platform']Update for Microsoft Defender antimalware platform[/URL]. [HEADING=2]Cases where warn mode is not supported[/HEADING] Warn mode is not supported for the following attack surface reduction rules: [LIST] [*][URL='https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#block-javascript-or-vbscript-from-launching-downloaded-executable-content']Block JavaScript or VBScript from launching downloaded executable content[/URL] (GUID d3e037e1-3eb8-44c8-a917-57927947596d) [*][URL='https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#block-persistence-through-wmi-event-subscription']Block persistence through WMI event subscription[/URL] (GUID e6db77e5-3df2-4cf1-b95a-636979351e5b) [*][URL='https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#use-advanced-protection-against-ransomware']Use advanced protection against ransomware[/URL] (GUID c1db55ab-c21a-4637-bb3f-a12568109d35) [/LIST] In addition, warn mode is not supported on devices running older versions of Windows. In those cases, attack surface reduction rules that are configured to run in warn mode will run in block mode. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
