SOLVED

ASR: Block abuse of exploited vulnerable signed drivers

Occasional Contributor

Hey there,

 

I am seeing a recommendation to apply the ASR Rule as listed above. It looks like a fairly new edition to the series of 16 ASR rules that can be configured.

 

However, on closer inspection there doesn't yet appear to be an Intune/Endpoint Manager option to add this under the standard Endpoint Security / Attack Surface Rules section.

 

There's an "Intune name" and a GUID but... I don't want to push this out via a MEM OMA-URI, it fractures where all the policies are kept and makes things messy.

 

Can I ask when it is expected to have this baked into the main Attack Surface Reduction rules section?

 

Seems a bit daft to make recommendations to implement the setting across all your endpoints when it's not as easy as all the other rules to actually implement?

 

Thanks very much.

 

James

3 Replies

@James_Gillies  I just got through the same path. You are right, this rules is not present in the WebGUI but it is yet configurable. Here's a good blog post about this : Configuring ASR Rules in Intune and how to automate it with PowerShell (call4cloud.nl)

 

best response confirmed by James_Gillies (Occasional Contributor)
Solution

@James_Gillies we have not added this ASR Rule to the MEM ASR rule configuration profile.  We have plans to add this configuration option so you don't have to use OMA-URIs so stay tuned.

 

Thanks,

Jake

Thanks Jake, that's great news. Will keep an eye on the MEM ASR rule configuration profile / announcements!
www.000webhost.com