Forum Discussion
ASR rules on personal microsft account?
Hello,
I triggered a Windows Defender block on my personal PC:
Following the links takes me to Defender for Endpoint tips, but this si my personal PC which doesn't have that? I have logged in to my work's teams account on this PC - could that have caused group policies to be applied and if so - how do undo it!
Thanks for any help received.
ps. I have tried allowing the app in defender, turning off app control etc, but this is persistent
2 Replies
If you're a local admin, your device is not onboarded to MDE and managed by an organization you can disable ASR rules via PowerShell https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#powershell
Add-MpPreference -AttackSurfaceReductionRules_Ids <rule ID> -AttackSurfaceReductionRules_Actions Disabled
The ASR GUIDs can be found at https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#asr-rule-to-guid-matrix
- Thanks that's great
