ASR detection shows Rules Turned OFF on machines

%3CLINGO-SUB%20id%3D%22lingo-sub-2616110%22%20slang%3D%22en-US%22%3EASR%20detection%20shows%20Rules%20Turned%20OFF%20on%20machines%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2616110%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20recently%20migrated%20from%20TrendMicro%20to%20MSDATP%20(%20Cloud)%20along%20with%20Defender%20as%20AV)%20.%20We%20have%20deployed%20Exploit%20Guard%20policy%20on%20all%20WKs%20however%20when%20i%20check%20Attack%20Surface%20detection%20rule%26nbsp%3B%20shows%20Rule%20is%20turned%20off%20on%26nbsp%3B%20few%20machines%20.%20Any%20idea%20how%20to%20fix%20it%20and%26nbsp%3B%20Also%20please%20let%20me%20know%20which%20of%20ASR%20rules%20should%20be%20enabled%20in%20Audit%20mode%20for%20pilot%20phase%20.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PraveenrajThyagarajan_0-1628179438866.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F300875iC8C79DD84E88A02C%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22PraveenrajThyagarajan_0-1628179438866.png%22%20alt%3D%22PraveenrajThyagarajan_0-1628179438866.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

Hi Team,

 

We have recently migrated from TrendMicro to MSDATP ( Cloud) along with Defender as AV . We have deployed Exploit Guard policy on all WKs  through SCCM CB however when i checked Attack Surface detection rule -  shows Rule is turned off on  few machines . Any idea how to fix it and  Also please let me know which of ASR rules should be enabled in Audit mode for pilot phase .

 

PraveenrajThyagarajan_0-1628179438866.png

 

0 Replies