Update 23/05/2020
Added new info regarding ASR GUI! A community tool that will help you reporting and setting ASR rules locally! Ideal for lab scenarios!
Kudos to Hermann Maurer!
Hello agai...
Updated May 23, 2020
Version 7.0
Blog Post
Thanks I found that. The problem is that as a a non-specialist this is rather daunging:
Click Add again. The Add Row OMA-URI Settings opens. In Add Row, do the following:
- In Name, type a name for the rule.
- In Description, type a brief description.
- In OMA-URI, type or paste the specific OMA-URI link for the rule that you are adding.
- In Data type, select String.
- In Value, type or paste the GUID value, the = sign and the State value with no spaces (GUID=StateValue). Where: {0 : Disable (Disable the ASR rule)}, {1 : Block (Enable the ASR rule)}, {2 : Audit (Evaluate how the ASR rule would impact your organization if enabled)}, {6 : Warn (Enable the ASR rule but allow the end-user to bypass the block)}
However I did find this https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/customize-attack-surface-reduction?view=o365-worldwide which could help and also this https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26