Forum Discussion

subhashv1986's avatar
subhashv1986
Copper Contributor
Nov 10, 2023

ASR rule - Block Adobe Reader from creating child processes

Hi everyone,

 

IN our MS defender for Endpoint, we have used ASR rule to block Adobe to create a child process and it configured as BLOCK but we are still seeing in Security recommendation - Block Adobe Reader from creating child processes and shows all exposed endpoints. Do you have ever faced the same issue ?

 

  • adiii's avatar
    adiii
    Brass Contributor
    Hi, so the policy is working on your endpoints when you check ASR Reports? Or is your problem, that exposed endpoints stats are not up to date yet?
    • subhashv1986's avatar
      subhashv1986
      Copper Contributor
      its not implemented - I see from the report its grayed out we have used option BLOCK in ASR rule. I see in Security Baseline policy it was implemented as enable which we reverted and made it not configured. What its not yet implemented, any clues ?

Resources