Advanced Protection against Ransomware ASR setting not applying

Copper Contributor

We deploy ASR rules to our Intune Managed Windows Autopilot devices VIA Endpoint protection ASR policy, we have configured 16 settings for this policy and 15 of them apply to device with the profile assigned to them, but the Advanced Protection against Ransomware doesn't apply.

 

I can confirm this by running "get-mppreference" in Command Prompt/Terminal and do not see the GUID "c1db55ab-c21a-4637-bb3f-a12568109d35" which as per Microsoft documentation is the correct one.

I also confirm this by going to the Registry Entry for ASR rules:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
Name: ASRRULES - Type: REG_SZ

The Data value has the GUID of all the other configured ASR rules as per Microsoft documentation, but is missing the APAR GUID

 

Testing adding in the entry: c1db55ab-c21a-4637-bb3f-a12568109d35=1 into the Reg key eventually reports back to Defender that it is now activated, but this deployment issue is happening across all/most of our clients and since all of the settings are crammed into 1 registry key I don't really want to mess with changing the value to all of our client devices

 

Has anyone else experienced this and might know why it is happening or has a good fix for it? or has Microsoft acknowledged this issue and will release fix?

1 Reply

Hi @AlexRF,

once before I had a similar problem with some ASR rules and I couldn't find a solution.

What helped me to solve the problem was the Microsoft Defender Update on the devices and the Windows update (the troubleshooting was made with the co-operation of Microsoft Support).

Here are some general troubleshooting steps and recommendations that might help resolve or identify the issue:
1. Endpoint Security Platform Updates: Make sure that the Microsoft Defender Antivirus on the affected devices is up-to-date. New updates might include bug fixes or improvements that address issues with ASR settings.
2. Intune Policies: Review your Intune policies to ensure that they are correctly configured and applied to the target devices. Verify that the ASR policy is assigned to the correct device groups and that there are no conflicts with other policies.
3. Update to the Latest Windows Version: Ensure that the Windows operating system on the devices is running the latest version. Some issues may be addressed in newer Windows updates.
4. Microsoft Support: If the issue persists, consider reaching out to Microsoft Support for assistance. 


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)