ASR rules missing in SCCM

Arjan Veen, van · ‎Jul 20 2022

All,

Why are the following ASR rules not available in SCCM?

Block abuse of exploited vulnerable signed drivers

56a863a9-875e-4185-98a7-b882c64b5ce5

Block Adobe Reader from creating child processes

7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c

Block Office communication application from creating child processes

26190899-1602-49e8-8b27-eb1d0a1ce869

Block persistence through WMI event subscription

e6db77e5-3df2-4cf1-b95a-636979351e5b

Block process creations originating from PSExec and WMI commands

d1e49aac-8f56-4280-b9ba-993a6d77406c

Best Regards

Arjan

Arjan Veen, van · ‎Jul 20 2022

@Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.

Arjan Veen, van · ‎Jul 20 2022

Hi,

Yes we are running the latest MEMCM Current branch.

Best regards

Arjan

ASR rules missing in SCCM

ASR rules missing in SCCM

Re: ASR rules missing in SCCM

Re: ASR rules missing in SCCM

Products (64)

Special Topics (44)

Video Hub (976)

Most Active Hubs

Most Active Hubs

Video Hub

ASR rules missing in SCCM

ASR rules missing in SCCM

Re: ASR rules missing in SCCM

Re: ASR rules missing in SCCM