You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/attack-surface-reduction-rules-reference.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,7 +51,7 @@ Attack surface reduction rules are categorized as one of two types:
51
51
52
52
-**Standard protection rules**: Are the minimum set of rules which Microsoft recommends you always enable, while you're evaluating the effect and configuration needs of the other ASR rules. These rules typically have minimal-to-no noticeable impact on the end user.
53
53
54
-
-**Other rules**: Rules that require some measure of following the documented deployment steps [Plan > Test (audit) > Enable (block/warn modes)], as documented in the [Attack surface reduction rules deployment guide](attack-surface-reduction-rules-deployment.md)
54
+
-**Other rules**: Rules that require some measure of following the documented deployment steps [Plan > Test (audit) > Enable (block/warn modes)], as documented in the [Attack surface reduction rules deployment guide](attack-surface-reduction-rules-deployment.md).
55
55
56
56
For the easiest method to enable the standard protection rules, see: [Simplified standard protection option](attack-surface-reduction-rules-report.md#simplified-standard-protection-option).
57
57
@@ -181,9 +181,9 @@ Toast notifications are generated for all rules in Block mode. Rules in any othe
181
181
For rules with the "Rule State" specified:
182
182
183
183
- ASR rules with `\ASR Rule, Rule State\` combinations are used to surface alerts (toast notifications) on Microsoft Defender for Endpoint only for devices at cloud block level "High".
184
-
- Devices that not at the high cloud block level don't generate alerts for any `ASR Rule, Rule State` combinations
185
-
- EDR alerts are generated for ASR rules in the specified states, for devices at cloud block level "High+"
186
-
- Toast notifications occur in block mode only and for devices at cloud block level "High"
184
+
- Devices that not at the high cloud block level don't generate alerts for any `ASR Rule, Rule State` combinations.
185
+
- EDR alerts are generated for ASR rules in the specified states, for devices at cloud block level "High+".
186
+
- Toast notifications occur in block mode only and for devices at cloud block level "High".
187
187
188
188
| Rule name | Rule state | EDR alerts | Toast notifications |
0 commit comments