Forum Discussion

Arjan Veen, van's avatar
Arjan Veen, van
Brass Contributor
Jul 20, 2022

ASR rules missing in SCCM

All,

 

Why are the following ASR rules not available in SCCM?

 

Block abuse of exploited vulnerable signed drivers

56a863a9-875e-4185-98a7-b882c64b5ce5

 

Block Adobe Reader from creating child processes

7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c

Block Office communication application from creating child processes

26190899-1602-49e8-8b27-eb1d0a1ce869

Block persistence through WMI event subscription

e6db77e5-3df2-4cf1-b95a-636979351e5b

Block process creations originating from PSExec and WMI commands

d1e49aac-8f56-4280-b9ba-993a6d77406c

 

Best Regards

 

Arjan

  • Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.
  • Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.
    • Arjan Veen, van's avatar
      Arjan Veen, van
      Brass Contributor
      Hi,

      Yes we are running the latest MEMCM Current branch.

      Best regards

      Arjan

Resources