I have just released a new script in my GitHub repository that will report on the local device Attack Surface Reduction settings (ASR) as shown above. You’ll find it here:
https://github.com/directorcia/Office365/blob/master/win10-asr-get.ps1
There no pre-requisites. Just run it on your Windows 10 devices to report.
If you are looking to change the ASR settings for your environment, I suggest you have a read of my previous article:
Attack surface reduction for Windows 10
I’d strongly encourage you to enable ASR across your Windows 10 fleet to reduce risks of attack.
This is great. I was testing 2 policies and had my main policy with all the rules enabled as i wanted and then a second policy that just had vulnerable signed drivers rule in Audit mode. However with this script i discovered that by creating a new rule it had disabled all the rules in the main policy…. it seems that having 2 policies don’t sit well together.
LikeLike
Thank you! Do you know of a way to pull the path exclusions?
LikeLike
https://learn.microsoft.com/en-us/powershell/module/defender/add-mppreference?view=windowsserver2022-ps
[-ExclusionPath ]
LikeLike