Forum Discussion

Doug Howell's avatar
Doug Howell
Copper Contributor
Apr 29, 2019

Explot Guard - Attack Surface Reduction Rules not reporting as Enabled in WDATP console

We have rolled out Attack Surface Reduction rules via GPO (including newst rule in v1809 so 14/14 rules).  We have some in audit mode and some applying.  I can verify systems have the policy via Get-MpPreference.  But the WD ATP console does not report them as applying as it shows all systems need to "Turn on Attack Surface Reduction rules".  What is the logic used for that?  For Controlled Folder Access, we have it in audit mode and that adds points.

 

Does the ASR one not count any points unless ALL rules are in Enabled mode?  If so, is there a way to change this behaviour as I do not feel 0 points is an accurate reflection of our position given over half the rules are in Enabled state, and it makes using the console to remediate machines with issues such as the GPO not applying useless.

  • Doug Howell 

    Hi, 

    You are correct in your assumption.

    We are currently in the process of changing this behavior and we will indicate the status for every Attack Surface Reduction rule separately.

Resources