Attack Surface Reduction Rules


We are using WithSecure Elements EPP for Computers Premium. We have also rolled out Attack Surface Reduction rules as per recommendations from Microsoft. We have a Powershell script to show & confirm that the settings are in ‘block’ mode. However when we run a test process to check each of the rules they are not getting blocked.

Does anyone know if there are any settings we can apply to the policies to ensure these rules are applied and the processes blocked. From what I understand Microsoft Defender does this but thought there must be settings that can be applied to other AV systems.




Accepted Answer