You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/attack-surface-reduction-rules-reference.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -93,7 +93,7 @@ The following ASR rules DO NOT honor Microsoft Defender Antivirus exclusions:
93
93
|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes)|
94
94
95
95
> [!NOTE]
96
-
> For information about configuring per-rule exclusions, see the section titled **Configure ASR rules per-rule exclusions** in the topic[Test attack surface reduction rules](attack-surface-reduction-rules-deployment-test.md).
96
+
> For information about configuring per-rule exclusions, see the section titled **Configure ASR rules per-rule exclusions** in the article[Test attack surface reduction rules](attack-surface-reduction-rules-deployment-test.md).
97
97
98
98
## ASR rules and Defender for Endpoint Indicators of Compromise (IOC)
99
99
@@ -179,10 +179,10 @@ Toast notifications are generated for all rules in Block mode. Rules in any othe
179
179
180
180
For rules with the "Rule State" specified:
181
181
182
-
- ASR rules with `\ASR Rule, Rule State\` combinations are used to surface alerts (toast notifications) on Microsoft Defender for Endpoint only for devices at cloud block level "High"
183
-
- Devices that not at the high cloud block level don't generate alerts for any `ASR Rule, Rule State` combinations
184
-
- EDR alerts are generated for ASR rules in the specified states, for devices at cloud block level "High+"
185
-
- Toast notifications occur in block mode only and for devices at cloud block level "High"
182
+
- ASR rules with `\ASR Rule, Rule State\` combinations are used to surface alerts (toast notifications) on Microsoft Defender for Endpoint only for devices set at the cloud block level `High`.
183
+
- Devices that are not set at the cloud block level `High`don't generate alerts for any `ASR Rule, Rule State` combinations.
184
+
- EDR alerts are generated for ASR rules in the specified states, for devices set at the cloud block level `High+`.
185
+
- Toast notifications occur in block mode only and for devices set at the cloud block level `High`.
186
186
187
187
| Rule name | Rule state | EDR alerts | Toast notifications |
0 commit comments