Forum Discussion

James_Gillies's avatar
James_Gillies
Brass Contributor
Oct 08, 2021
Solved

ASR: Block abuse of exploited vulnerable signed drivers

Hey there,   I am seeing a recommendation to apply the ASR Rule as listed above. It looks like a fairly new edition to the series of 16 ASR rules that can be configured.   However, on closer insp...
  • Jake_Mowrer's avatar
    Jake_Mowrer
    Oct 13, 2021

    James_Gillies we have not added this ASR Rule to the MEM ASR rule configuration profile.  We have plans to add this configuration option so you don't have to use OMA-URIs so stay tuned.

     

    Thanks,

    Jake

PatrickF11's avatar
PatrickF11
MCT
Apr 22, 2022

mcoombe I've found something very interesting:

Have anyone tried creating a new Policy inside of Endpoint Security?

After creating a new rule there is whole new layout of the items, including a new item: Block abuse of exploited vulnerable signed drivers (Device)"

 

edit: in the "Target" column the new policy has the entry "mdm,microsoftSense" instead of "mdm".

This could go along with server management i guess?

 

🙂

Alex_AVN1711's avatar
Alex_AVN1711
Copper Contributor
May 22, 2022

PatrickF11 

 

Thanks,

Just have checked that.