Forum Discussion
ASR: Block abuse of exploited vulnerable signed drivers
James_Gillies we have not added this ASR Rule to the MEM ASR rule configuration profile. We have plans to add this configuration option so you don't have to use OMA-URIs so stay tuned.
Thanks,
Jake
robert_welsofd we recently managed to resolve this by removing all ASR rules from Endpoint Security as well as any ASR rules included under a Security Baseline profile and then used a Configuration Profile (Settings Catalog) to define all 16 (from recollection) ASR rules. After about 24/48 hours we then saw a significant improvement under MDE Security Recommendations and after 3-5 days we had 100% compliance on all ASR rules for all devices.
It appears to me that Configuration Profiles (Settings Catalog) are much more reliable at enforcing these controls than the GUI provided under Endpoint Security which is supposed to make management easier.
Hope this helps as it worked for us and we have now successfully rolled this out to a number of customers and now have a Device Secure Score of over 90% (our goal is to get a 90% score across all 3 categories in Secure Score)
I am happy to share screen clips etc if it helps so just reach out
Note- the key (and where we got stuck) was all ASR rules need to be defined in a single place and if you don’t remove the ASR rules from Security Baseline and Endpoint Security then the Configuration Profile did not appear to take affect and was trumped by one of the other policies
