SOLVED

ASR rules missing in SCCM

Occasional Contributor

All,

 

Why are the following ASR rules not available in SCCM?

 

Block abuse of exploited vulnerable signed drivers

56a863a9-875e-4185-98a7-b882c64b5ce5

 

Block Adobe Reader from creating child processes

7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c

Block Office communication application from creating child processes

26190899-1602-49e8-8b27-eb1d0a1ce869

Block persistence through WMI event subscription

e6db77e5-3df2-4cf1-b95a-636979351e5b

Block process creations originating from PSExec and WMI commands

d1e49aac-8f56-4280-b9ba-993a6d77406c

 

Best Regards

 

Arjan

2 Replies
best response confirmed by Arjan Veen, van (Occasional Contributor)
Solution
@Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.
Hi,

Yes we are running the latest MEMCM Current branch.

Best regards

Arjan