Attack Surface reduction rules

Bronx · 2024-08-07T14:03:53+00:00

There was an error rendering this rich post.

Hi,

We use withsecure as our primary AV and MDE as secondary AV, and was wondering if it is possible to configure MDE recommended ASR rules using withsecure. Examples of these rules include:

Block JavaScript or VBScript from launching downloaded executable content

Block Adobe Reader from creating child processes

Block all Office applications from creating child processes

Block Office applications from creating executable content

Block execution of potentially obfuscated scripts. ETC

DeepGuard is activated in our platform as well. Looking forward to your response

Find more posts tagged with

Accepted answers

Sethu Laks

Hi @Bronx

Apologies for the delay in responding. While we don't have ready-made ASR rules, our Application Control engine allows you to create custom ones. We do offer pre-built rules for blocking batch and PowerShell scripts triggered by Microsoft Office applications, which can serve as a starting point for your own rules. You can refer to this article to know more about Application Control: https://www.withsecure.com/userguides/product.html#business/psb-portal/latest/en/task_AD0CD5AADFDF4614B5595CBEFD6D22F7-psb-portal-latest-en

All comments

LiselotteP

Is your issue still open? If one of the replies resolved it, please mark it as the best answer. Thanks!

Sethu Laks

Hi @Bronx

Sethu Laks

Hi @Bronx

Thank you for reaching out the WithSecure Community,

Please allow us some time to check this with our backend team and will update you soon here.