Q&A Do configured ASR (Attack Surface Reduction) rules remain after a feature update?

[Cutechri]

I'm a Dev insider of Windows 11 Pro and have recently took to hardening my OS for security. I enabled most of the Attack Surface Reduction rules that can be found here.

Being a Dev insider means I get new builds weekly and all of them are treated as if they were feature updates, so Windows proceeds to reinstall drivers and reset some settings upon reboot. Do these rules remain in place even after a feature update or do I need to enable them every time?

Apologies if this isn't the correct place to ask this question, I registered here just to ask this because I have some doubts.

 

[SeriousHoax]

You can use the Configure Defender tool to easily check/enable/disable ASR rules anytime. It's a portable application, so no installation is required.

ConfigureDefender/ConfigureDefender.exe at master · AndyFul/ConfigureDefender

Utility for configuring Windows 10 built-in Defender antivirus settings. - ConfigureDefender/ConfigureDefender.exe at master · AndyFul/ConfigureDefender

github.com

Support thread:

ConfigureDefender utility for Windows 10

ConfigureDefender utility for Windows 10/11. Developer website: https://github.com/AndyFul/ConfigureDefender Softpedia: https://www.softpedia.com/get/PORTABLE-SOFTWARE/System/System-Enhancements/ConfigureDefender.shtml Hard_Configurator website (thanks to @askalan)...

malwaretips.com

 

[Arequire]

I've personally never had my ASR rules changed after a feature update, but running non-stable builds may yield different results.

I agree with @SeriousHoax; fire up ConfigureDefender after each major build update to make sure your ASR rules are still enabled.

 

[Cutechri]

You can use the Configure Defender tool to easily check/enable/disable ASR rules anytime. It's a portable application, so no installation is required.

ConfigureDefender/ConfigureDefender.exe at master · AndyFul/ConfigureDefender

Utility for configuring Windows 10 built-in Defender antivirus settings. - ConfigureDefender/ConfigureDefender.exe at master · AndyFul/ConfigureDefender

github.com

Support thread:

ConfigureDefender utility for Windows 10

ConfigureDefender utility for Windows 10/11. Developer website: https://github.com/AndyFul/ConfigureDefender Softpedia: https://www.softpedia.com/get/PORTABLE-SOFTWARE/System/System-Enhancements/ConfigureDefender.shtml Hard_Configurator website (thanks to @askalan)...

malwaretips.com

Thanks, this seems like a neat tool and just what I need.

I used it and it seems my ASR rules are running. I also used it to enable Network Protection (something I couldn't do before) and harden Cloud Security. Thanks!

 

[ForgottenSeer 94654]

I'm a Dev insider of Windows 11 Pro and have recently took to hardening my OS for security. I enabled most of the Attack Surface Reduction rules that can be found here.

Being a Dev insider means I get new builds weekly and all of them are treated as if they were feature updates, so Windows proceeds to reinstall drivers and reset some settings upon reboot. Do these rules remain in place even after a feature update or do I need to enable them every time?

Apologies if this isn't the correct place to ask this question, I registered here just to ask this because I have some doubts.

In the past ASR rules being set back to default values has been reported.

There is another problem with ASR rules that is related. When an application updates, the existing ASR rule might block it. This is confirmed by Microsoft Security.

"Usually, cloud protection can determine that a new version of an application is similar enough to previous versions that it does not need to be reassessed at length. However, it might take some time for the app to build reputation after switching versions, particularly after a major update."

Attack surface reduction frequently asked questions (FAQ)

Find answers to frequently asked questions about Microsoft Defender for Endpoint's attack surface reduction rules.

docs.microsoft.com