Forum Discussion
Explot Guard - Attack Surface Reduction Rules not reporting as Enabled in WDATP console
Hi,
You are correct in your assumption.
We are currently in the process of changing this behavior and we will indicate the status for every Attack Surface Reduction rule separately.
Jacques van Zijl I am not clear what connection the v1809 baselines (or any other version) have to my question. The clients are fully reporting into Defender ATP including Controlled Folder Access status which is another Exploit Guard feature, and I can verify on the systems the ASR rules are applied via GPO both by using GPResult and Get-MpPreference.
MicrosoftDoug Howell my apologies, i thought you where referring to the ATP Score Card point, sometimes a miss configuration could lead not to add points in the Score Card.
Jacques van Zijl Do you have any comment on the Attack Surface Reduction Rules? As all our machines move to v1903 the behavior remains the same.
Exploit Guard missing pointsASR rules in GPOWe know the GPO is applied to the machines, with a mix of enforced and audit for the various rules. Why do we get NO points and 100% machines report there is an issue when we have actually hardened the machines significantly via the use of many of the rules (just not all of them)?
yaakov_iyunHi,
You are correct in your assumption.
We are currently in the process of changing this behavior and we will indicate the status for every Attack Surface Reduction rule separately.
What is the timeline on this change? Lots has changed in the console but still it is all or none for evaluating and scoring ASR rules.
