cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

ASR rules missing in SCCM

Arjan Veen, van
Brass Contributor

‎Jul 20 2022 03:04 AM

‎Jul 20 2022 03:04 AM

ASR rules missing in SCCM

All,

 

Why are the following ASR rules not available in SCCM?

 

Block abuse of exploited vulnerable signed drivers

56a863a9-875e-4185-98a7-b882c64b5ce5

 

Block Adobe Reader from creating child processes

7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c

Block Office communication application from creating child processes

26190899-1602-49e8-8b27-eb1d0a1ce869

Block persistence through WMI event subscription

e6db77e5-3df2-4cf1-b95a-636979351e5b

Block process creations originating from PSExec and WMI commands

d1e49aac-8f56-4280-b9ba-993a6d77406c

 

Best Regards

 

Arjan

1,579 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Arjan Veen, van (Brass Contributor)
Yong Rhee

‎Jul 20 2022 04:09 PM

‎Jul 20 2022 04:09 PM

Solution

Re: ASR rules missing in SCCM

@Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.
1 Like
Reply
Arjan Veen, van

‎Jul 20 2022 11:06 PM

‎Jul 20 2022 11:06 PM

Re: ASR rules missing in SCCM

Hi,

Yes we are running the latest MEMCM Current branch.

Best regards

Arjan
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Arjan Veen, van (Brass Contributor)
Yong Rhee

‎Jul 20 2022 04:09 PM

‎Jul 20 2022 04:09 PM

Solution

Re: ASR rules missing in SCCM

@Arjan Veen, van, in MEMCM (SCCM), it's dependent on WMI, thus the ASR Rules for WMI item is not available. For the other ones, what version of MEMCM are you using? Have you installed the latest MEMCM Current Branch (CB)? Thx.

View solution in original post

1 Like
Reply