Attack surface reduction

Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.

The feature is composed of a number of rules, each of which targets specific behaviors that are typically used by malware and malicious apps to infect machines, such as the following:

  • Executable files and scripts used in Office apps or web mail that attempt to download or run files.
  • Scripts that are obfuscated or otherwise suspicious.
  • Behaviors that apps undertake that are not usually initiated during normal day-to-day work.

When a rule is triggered, a notification will be displayed from the Action Center. You can customize the notification with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.

For more information on how to set up the rules, visit https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#attack-surface-reduction-rules.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset