ASR rules and Exploit protection best practices according to Microsoft. #1115
Replies: 1 comment 2 replies
-
|
Thank you very much, i'll definitely read it and make changes wherever needed |
Beta Was this translation helpful? Give feedback.
-
|
That sounds great! I also wanted to add that from my initial testing it seems like the Office apps are incompatible with Arbitrary Code Guard so that's probably another reason Microsoft wanted to push away from Exploit Protection usage on office apps. Let me know if you see the same behavior. |
Beta Was this translation helpful? Give feedback.
-
|
I also found this https://learn.microsoft.com/en-us/defender-endpoint/exploit-protection-reference which talks about potential compatibility considerations with other apps and with other exploit protection settings. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Microsoft mentions using ASR rules in favour of Exploit protection settings for office apps:
Microsoft also has deprecated these 5 exploit protection rules:
EAF
IAF
SimExec
CallerCheck
StackPivot
First two were deprecated due to application compatibility issues but since the Harden app applies these mitigations to compatible apps, they should be kept imo. Just wanted to let you know they were deprecated.
Last 3 were replaced with Arbitrary Code Guard which I see is not enabled as an exploit mitigation in favour of the depreceated ones.
Thought it was interesting info and might have implications for this repo.
Beta Was this translation helpful? Give feedback.
All reactions