Exclude files and paths from Attack Surface Reduction RulesID: oval:org.secpod.oval:def:79808 | Date: (C)2022-05-07 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
Exclude files and paths from Attack Surface Reduction (ASR) rules.
Enabled:
Specify the folders or files and resources that should be excluded from ASR rules in the Options section.
Enter each rule on a new line as a name-value pair:
- Name column: Enter a folder path or a fully qualified resource name. For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that specific folder
- Value column: Enter ""0"" for each item
Disabled:
No exclusions will be applied to the ASR rules.
Not configured:
Same as Disabled.
You can configure ASR rules in the Configure Attack Surface Reduction rules GP setting.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction\Exclude files and paths from Attack Surface Reduction Rules
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR!ExploitGuard_ASR_ASROnlyExclusions
Platform: |
Microsoft Windows 11 |