Deploying ASR rules
There are some more well-known and documented weak points in a standard machine build that bad actors like to target. Javascript, Office Macros, and Adobe Acrobat Reader are some examples.
Fortunately, there are built-in ASR rules that can be enabled to block these from executing. Additionally, there is the option to enable them in Audit mode if there are concerns about the potential impact on your application.
Getting ready
To configure these, head to the Endpoint security blade, click Attack surface reduction, and choose to Create a new policy. Select Attack surface reduction from the list of options.
Once again, you will see that we have reusable settings here; this is where you can specify USB and printer device IDs. These are not relevant to ASR rules; they are for some of the other policies that can be configured in this blade.
How to do it…
These steps will run you through creating your new ASR policy:
- Set your policy’...