Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Andy Ful" data-source="post: 995308" data-attributes="member: 32260"><p>I think that the info from the Microsoft documentation is related to the EDR console. In the EDR console, some ASR rules can produce additional alerts when Cloud Protection Level is High (or higher). But, for most ASR rules there will not be any additional alert even if the Cloud Protection Level is High. Still, the ASR rules will block the content independently of the fact that the EDR console alert was triggered or not. The normal alert on the client machines will be always visible.</p><p></p><p>You can easily check it. Download the 7-ZIP installer:</p><p>[URL unfurl="true"]https://www.7-zip.org/a/7z2200-x64.exe[/URL]</p><p>Copy it to the flash drive and run. It will be blocked by the ASR rule for USB even when the Cloud Protection Level is set to Default.</p><p></p><p>Another simple test can be done for the Adobe ASR rule.</p><p>Run Adobe Reader and press CTRL-O to open the Adobe file explorer window. Change the default file filtering from "PDF files" to "All files (*.*)". Navigate to any EXE file on your hard disk and use the "Run as administrator" from right-click context menu. Normally this could run the EXE file as a child process of Adobe Reader. But, it will be blocked by the ASR rule.</p><p></p><p>Edit.</p><p>Works also for ASR script rule.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 995308, member: 32260"] I think that the info from the Microsoft documentation is related to the EDR console. In the EDR console, some ASR rules can produce additional alerts when Cloud Protection Level is High (or higher). But, for most ASR rules there will not be any additional alert even if the Cloud Protection Level is High. Still, the ASR rules will block the content independently of the fact that the EDR console alert was triggered or not. The normal alert on the client machines will be always visible. You can easily check it. Download the 7-ZIP installer: [URL unfurl="true"]https://www.7-zip.org/a/7z2200-x64.exe[/URL] Copy it to the flash drive and run. It will be blocked by the ASR rule for USB even when the Cloud Protection Level is set to Default. Another simple test can be done for the Adobe ASR rule. Run Adobe Reader and press CTRL-O to open the Adobe file explorer window. Change the default file filtering from "PDF files" to "All files (*.*)". Navigate to any EXE file on your hard disk and use the "Run as administrator" from right-click context menu. Normally this could run the EXE file as a child process of Adobe Reader. But, it will be blocked by the ASR rule. Edit. Works also for ASR script rule. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
