Jan 17 2024 04:16 PM - edited Jan 19 2024 09:57 AM
Hello,
Our Settings Catalog ASR policies that are set as Blocked are being detected as Audited within Secure Score.
It seems to have started on 11/13.
The rules that have been impacted:
Block untrusted and unsigned processes that run from USB
Block Adobe Reader from creating child processes
Block JavaScript or VBScript from launching downloaded executable content
Block persistence through WMI event subscription
Block executable files from running unless they meet a prevalence, age, or trusted list criterion
Block Office communication application from creating child processes
Block Office applications from creating executable content
Block Office applications from injecting code into other processes
Block execution of potentially obfuscated scripts
I have updated my policy in the hopes that it redetects everything is set to blocked, will update this post if it works.
*Update* It sadly does not.
Thank you very much,
Jan 22 2024 10:13 PM
Jan 22 2024 10:54 PM
Yup no change so far.