Information
This policy setting controls the state for the Attack Surface Reduction (ASR) rules.
The recommended state for this setting is: Enabled.
Rationale:
Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
Impact:
When a rule is triggered, a notification will be displayed from the Action Center.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer).
Default Value:
Disabled. (No ASR rules will be configured.)