Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

ASR rule - Block Adobe Reader from creating child processes

Copper Contributor

Hi everyone,

 

IN our MS defender for Endpoint, we have used ASR rule to block Adobe to create a child process and it configured as BLOCK but we are still seeing in Security recommendation - Block Adobe Reader from creating child processes and shows all exposed endpoints. Do you have ever faced the same issue ?

 

2 Replies
Hi, so the policy is working on your endpoints when you check ASR Reports? Or is your problem, that exposed endpoints stats are not up to date yet?
its not implemented - I see from the report its grayed out we have used option BLOCK in ASR rule. I see in Security Baseline policy it was implemented as enable which we reverted and made it not configured. What its not yet implemented, any clues ?