Attack Surface Reduction Rules (ASR)

Question

Hi Everyone.

We have new configuration our environment Attack Surface Reduction Rules (ASR)

We have created sccm Console it self and deployed test machines

Now we have to check whether ASR rules applied or not test user machine

Requirement

1.How I can pull or create Those deployment ASR rule report and if Rules are applyed or not

2.How we can check in user machine’s  wether ASR rules applied or not

Is there any SQL or Power Shell  script to pull  report??

 

Thanks in Advance

 

 

 

 

 

 

in progress 0
Krish 2021-10-22T10:54:16+05:30 2 Answers 186 views Beginner
0

Answers ( 2 )

  2. Krish
    0
    2021-11-01T22:44:44+05:30
    Reply

    Hello Anoop

    Thanks for reply

    We have created ASR rule which are available in SCCM console, now customer request is to check whether how many machines got applyed rules

    Similar to success and failed and in progress Status

    Thanks

  4. Anoop C Nair
    0
    2021-10-26T12:34:38+05:30
    Reply

    I think you can get the reports from the SCCM default reports ..isn’t it once you made the ASR policies in SCCM with the following steps?

    In SCCM, go to Assets and Compliance > Endpoint Protection > Windows Defender Exploit Guard.

    Select Home > Create Exploit Guard Policy.

    Enter a name and a description, select Attack Surface Reduction, and select Next.

    Choose which rules will block or audit actions and select Next.

    Review the settings and select Next to create the policy.

    After the policy is created, Close.

Leave an answer

Sorry, you do not have permission to answer to this question .