Forum Discussion

dperusich's avatar
dperusich
Copper Contributor
Apr 28, 2023

ASR Logging for the Block settings

I'm trying to troubleshoot some office plugin which aren't functioning and I'm trying to determine whether it's the various Office block settings, which I've enumerated below. When Attack Surface Reduction blocks these events are they logged and if so where are those events located?

 

Block Win32 API calls from Office macros
Block JavaScript or VBScript from launching downloaded executable content
Block Office communication application from creating child processes
Block all Office applications from creating child processes
Block Office applications from creating executable content
Block Office applications from injecting code into other processes

Resources