Attack surface reduction rules help prevent malware from infecting computers with malicious code. Some of these rules aim to reduce your attack surface while you’re using Office applications. You can read about the full list here: Reduce attack surfaces with attack surface reduction rules.


We’re extending a few of these rules to include Office 365 desktop apps from the Microsoft Store (known as Office Centennial apps):

  • Block all Office applications from creating child processes
  • Block Office communication application from creating child processes

No action is required if you are already running Office Centennial apps and have any of these rules enabled in either audit or block mode. We’ll be doing a gradual rollout managed via our cloud. You shouldn’t see any change in your environments if you are not running Office Centennial apps.


The following rules are already enabled for Office Centennial apps:

  • Block Win32 API calls from Office macro
  • Block Office applications from creating executable content

You can see how these rules work right now by reading our previous blog post on how to configure, evaluate, and deploy the new rules, and you can go through the evaluation guide on the Windows Defender ATP test ground at https://demo.wd.microsoft.com.


1 Comment
Occasional Visitor
Since 2015 I contacted Microsoft but they were not convinced I think attack Surface will fail against my virus as I told you I contacted Microsoft more than once since 2015 thats why I shared all un Github https://github.com/didipostman/MyVirusCode please read my .bat file and ReadMe carefully if you execute myvirus.bat its your own risks dont put your blame on me