To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Attack Surface reduction rules

Bronx
Bronx Member Posts: 1 Security Scout
edited August 8 in Elements Extended Detection & Response (XDR)

Hi,

We use withsecure as our primary AV and MDE as secondary AV, and was wondering if it is possible to configure MDE recommended ASR rules using withsecure. Examples of these rules include:

Block JavaScript or VBScript from launching downloaded executable content

Block Adobe Reader from creating child processes

Block all Office applications from creating child processes

Block Office applications from creating executable content

Block execution of potentially obfuscated scripts. ETC

DeepGuard is activated in our platform as well. Looking forward to your response

Best Answer

  • Sethu Laks
    Sethu Laks Staff, Moderator Posts: 266 W/ Moderator
    Solved

    Hi @Bronx

    Apologies for the delay in responding. While we don't have ready-made ASR rules, our Application Control engine allows you to create custom ones. We do offer pre-built rules for blocking batch and PowerShell scripts triggered by Microsoft Office applications, which can serve as a starting point for your own rules. You can refer to this article to know more about Application Control: https://www.withsecure.com/userguides/product.html#business/psb-portal/latest/en/task_AD0CD5AADFDF4614B5595CBEFD6D22F7-psb-portal-latest-en

Answers

  • Sethu Laks
    Sethu Laks Staff, Moderator Posts: 266 W/ Moderator

    Hi @Bronx

    Thank you for reaching out the WithSecure Community,

    Please allow us some time to check this with our backend team and will update you soon here.

  • LiselotteP
    LiselotteP Staff, Community Manager Posts: 395 Threat Terminator

    Is your issue still open? If one of the replies resolved it, please mark it as the best answer. Thanks!

Categories