Forum Discussion
Arjan Veen, van
Jul 20, 2022Brass Contributor
ASR rules missing in SCCM
All,
Why are the following ASR rules not available in SCCM?
Block abuse of exploited vulnerable signed drivers
56a863a9-875e-4185-98a7-b882c64b5ce5
Block Adobe Reader from creating child processes
7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
Block Office communication application from creating child processes
26190899-1602-49e8-8b27-eb1d0a1ce869
Block persistence through WMI event subscription
e6db77e5-3df2-4cf1-b95a-636979351e5b
Block process creations originating from PSExec and WMI commands
d1e49aac-8f56-4280-b9ba-993a6d77406c
Best Regards
Arjan
- Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.
- yongrheemsftMicrosoftArjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.
- Arjan Veen, vanBrass ContributorHi,
Yes we are running the latest MEMCM Current branch.
Best regards
Arjan