Forum Discussion
Explot Guard - Attack Surface Reduction Rules not reporting as Enabled in WDATP console
Hi,
You are correct in your assumption.
We are currently in the process of changing this behavior and we will indicate the status for every Attack Surface Reduction rule separately.
MicrosoftDoug Howell hi Doug,
did you also run the new baseline 1809 script, this will turn on more sensors and some you might missed.
.\BaselineLocalInstall.ps1 -Win10DomainJoined - for Windows 10 v1809, domain-joined
.\BaselineLocalInstall.ps1 -Win10NonDomainJoined - for Windows 10 v1809, non-domain-joined
Jacques van Zijl I am not clear what connection the v1809 baselines (or any other version) have to my question. The clients are fully reporting into Defender ATP including Controlled Folder Access status which is another Exploit Guard feature, and I can verify on the systems the ASR rules are applied via GPO both by using GPResult and Get-MpPreference.
- Jacques van Zijl
Doug Howell my apologies, i thought you where referring to the ATP Score Card point, sometimes a miss configuration could lead not to add points in the Score Card.
Jacques van Zijl Do you have any comment on the Attack Surface Reduction Rules? As all our machines move to v1903 the behavior remains the same.
Exploit Guard missing pointsASR rules in GPOWe know the GPO is applied to the machines, with a mix of enforced and audit for the various rules. Why do we get NO points and 100% machines report there is an issue when we have actually hardened the machines significantly via the use of many of the rules (just not all of them)?
yaakov_iyunHi,
You are correct in your assumption.
We are currently in the process of changing this behavior and we will indicate the status for every Attack Surface Reduction rule separately.