Control Attack Surface Reduction (ASR) Rules
One of the key components of Windows Defender is the Attack Surface Reduction (ASR) Rules. In my opinion, the ASR rules is what makes Defender such a powerful platform.
It would be great if we could include the ability to turn on, manage, and add exclusions for the ASR rules in huntress. Other competitor platforms can do this and it works quite well.
These rules exponentially expand the effectiveness of Defender.
Just curious if there are any updates related to the ASR Rules?
marked this post as
Josh Lambert [Product Manager - Huntress]
In a separate request, Huntress has said that they are working on expanding the feature set of MAV and they specifically said that ASR is part of that effort.
Maybe i'm wrong, but I thought ASR rules was only in the enterprise licensed version of Windows Defender and Huntress works only on the free version.
Brian Cook: inquiring minds want to know too!
The microsoft defender docs say that the feature is available in the free (Microsoft Defender Antivirus) version... but you need the licensed version to monitor the results. So this seems like a great play for Huntress to pick up management and monitoring of the feature! More details here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide