Q&A Do configured ASR (Attack Surface Reduction) rules remain after a feature update?

Cutechri

Level 1
Thread author
Apr 15, 2022
17
I'm a Dev insider of Windows 11 Pro and have recently took to hardening my OS for security. I enabled most of the Attack Surface Reduction rules that can be found here.

Being a Dev insider means I get new builds weekly and all of them are treated as if they were feature updates, so Windows proceeds to reinstall drivers and reset some settings upon reboot. Do these rules remain in place even after a feature update or do I need to enable them every time?

Apologies if this isn't the correct place to ask this question, I registered here just to ask this because I have some doubts.
 

SeriousHoax

Level 42
Verified
Top poster
Well-known
Mar 16, 2019
3,181
You can use the Configure Defender tool to easily check/enable/disable ASR rules anytime. It's a portable application, so no installation is required.


Support thread:
 

Cutechri

Level 1
Thread author
Apr 15, 2022
17
You can use the Configure Defender tool to easily check/enable/disable ASR rules anytime. It's a portable application, so no installation is required.


Support thread:
Thanks, this seems like a neat tool and just what I need.

I used it and it seems my ASR rules are running. I also used it to enable Network Protection (something I couldn't do before) and harden Cloud Security. Thanks!
 
Last edited:
F

ForgottenSeer 94654

I'm a Dev insider of Windows 11 Pro and have recently took to hardening my OS for security. I enabled most of the Attack Surface Reduction rules that can be found here.

Being a Dev insider means I get new builds weekly and all of them are treated as if they were feature updates, so Windows proceeds to reinstall drivers and reset some settings upon reboot. Do these rules remain in place even after a feature update or do I need to enable them every time?

Apologies if this isn't the correct place to ask this question, I registered here just to ask this because I have some doubts.
In the past ASR rules being set back to default values has been reported.

There is another problem with ASR rules that is related. When an application updates, the existing ASR rule might block it. This is confirmed by Microsoft Security.

"Usually, cloud protection can determine that a new version of an application is similar enough to previous versions that it does not need to be reassessed at length. However, it might take some time for the app to build reputation after switching versions, particularly after a major update."