I have just released a new script in my GitHub repository that will report on the local device Attack Surface Reduction settings (ASR) as shown above. You’ll find it here:
There no pre-requisites. Just run it on your Windows 10 devices to report.
If you are looking to change the ASR settings for your environment, I suggest you have a read of my previous article:
Attack surface reduction for Windows 10
I’d strongly encourage you to enable ASR across your Windows 10 fleet to reduce risks of attack.
3 thoughts on “Show ASR settings for device with PowerShell”
This is great. I was testing 2 policies and had my main policy with all the rules enabled as i wanted and then a second policy that just had vulnerable signed drivers rule in Audit mode. However with this script i discovered that by creating a new rule it had disabled all the rules in the main policy…. it seems that having 2 policies don’t sit well together.
Thank you! Do you know of a way to pull the path exclusions?