365 Defender Endpoint Manager

Attack Surface Reduction = Zero Day Protection

by

Attack Surface Reduction (ASR) rules have expanded to include a full range of zero-day protections. If you aren’t using them today or haven’t tried to use them recently, then it’s time to look again. If you aren’t locking down Windows natively then you’re missing out on critical security features.

  • ASR Rules
    • Block credential stealing from LSASS
    • Block abuse of exploited vulnerable signed drivers
    • Block persistence in WMI events
    • Block Adobe from creating child processes
    • Block Office from creating child processes
    • Block executable content in email and webmail
    • Block exe’s that don’t meet prevalence, age or trust
    • Block obfuscated scripts
    • Block javascript and VBscript
    • Block Office apps and communication apps from creating executable content
    • Block process creation from PSExec and WMI
    • Block untrusted processes from USB
    • Block WMI32 calls from Office macros
    • Uses advanced protection against malware
  • Controlled Folder Access
    • Protects: User data storage areas
    • Protects: Boot sector, Windows system files, processes, executables and dll’s.
    • Protects: against Scripts and Certificates
    • Protects: Any others that you specify
  • Exploit Protection
    • Control flow guard
    • Data execution prevention
    • Randomization for images
    • Randomization for virtual memory locations
    • exception chain validation
    • heap integrity validation
  • Smartscreen
    • Block potentially unwanted apps
    • Defend DNS requests
    • Force download only from trusted locations
    • Enable app installation controls
    • Works in Shell and File areas in addition to the browser
    • Provides phishing protections in browser
  • Network Protection
    • Block dangerous domains before anything else happens
  • Web Protection and Web Content Filtering
    • Blocks domains by category
    • Blocks parked domains
    • Blocked newly registered domains
    • Tracks activity changes per user

All of this can be deployed via Intune and managed in Defender XDR or another security solution of your choice. But first you need to set Windows up for success by configuring it for zero-day protection.

All we do is support IT professionals. Help for IT Pros, M365 admin News, Security community, Mentor-led Mastermind groups, MSP training and more. https://www.thirdtier.net

You may also like

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.