Show ASR settings for device with PowerShell

directorcia Uncategorized November 23, 2020November 23, 2020 1 Minute

I have just released a new script in my GitHub repository that will report on the local device Attack Surface Reduction settings (ASR) as shown above. You’ll find it here:

https://github.com/directorcia/Office365/blob/master/win10-asr-get.ps1

There no pre-requisites. Just run it on your Windows 10 devices to report.

If you are looking to change the ASR settings for your environment, I suggest you have a read of my previous article:

Attack surface reduction for Windows 10

I’d strongly encourage you to enable ASR across your Windows 10 fleet to reduce risks of attack.

Published by directorcia

View all posts by directorcia

Published November 23, 2020November 23, 2020

3 thoughts on “Show ASR settings for device with PowerShell”

GR says:

August 20, 2022 at 12:39 am

This is great. I was testing 2 policies and had my main policy with all the rules enabled as i wanted and then a second policy that just had vulnerable signed drivers rule in Audit mode. However with this script i discovered that by creating a new rule it had disabled all the rules in the main policy…. it seems that having 2 policies don’t sit well together.

LikeLike

Reply
Jay says:

March 4, 2023 at 2:23 am

Thank you! Do you know of a way to pull the path exclusions?

LikeLike

Reply
1. directorcia says:
  
  March 4, 2023 at 1:43 pm
  
  https://learn.microsoft.com/en-us/powershell/module/defender/add-mppreference?view=windowsserver2022-ps
  
  [-ExclusionPath ]
  
  LikeLike
  
  Reply

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: