18.10.42.6.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'

Information

This policy setting controls the state for the Attack Surface Reduction (ASR) rules.

The recommended state for this setting is: Enabled

Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction\Configure Attack Surface Reduction rules

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsDefender.admx/adml that is included with the Microsoft Windows 10 Release 1709 Administrative Templates (or newer).

Impact:

When a rule is triggered, a notification will be displayed from the Action Center.

See Also

https://workbench.cisecurity.org/benchmarks/17689

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-16, CSCv7|8.3

Plugin: Windows

Control ID: 078b457c6cafefe2248b67e9da74c1a71c517e53bbd161c3c52bfd7851d95017