Does ERP have default rules for controlling WMI?
WMI is abused. It isn't the only actor in a "WMI attack." There isn't "WMI-only" malware, at least not that I am aware of.
WMI should not be disabled. However, all the stuff that calls it in an attack should be disabled and\or not used outright.
The answer is the same as the basic answer to all the other attacks out there ad infinitum... and that is to disable the commonly abused Windows processes (PowerShell, PowerShell_ISE, PowerShell .dll loading, wscript, cscript, etc, etc) and only allow stuff temporarily when you need it, don't use macros, use something other than Microsoft Office programs, etc.
It's the same thing. Over-and-over. It's a formula that works. Testing has proven it across decades over-and-over. It's a formula that will never go out of style because it will always work. Sort of like $500 wing-tip shoes. Understated. Reliable. Always work.
If you want convenience and usability, then you will have to sacrifice some security. You are not going to get the protections you want without some work and sacrifice. You cannot install a program and say to yourself "OK... now I'm protected." No matter how much they want you to believe that, it just ain't true... at least not in the sense that "I'm protected" means to you in your mind. What they mean is that figuratively... "You are decently protected - and not perfectly - with our soft installed." If you want very high protection, meaning security soft geek protection, then everyone who knows better knows that involves some form of default-deny where the user has had to make tweakings and configurations, reduced attack surface, and has accepted accepted some level of, what others incorrectly perceive and rate as, "unacceptable" inconvenience or annoyances.