Forum Discussion
Solved
ASR: Block abuse of exploited vulnerable signed drivers
Hey there,
I am seeing a recommendation to apply the ASR Rule as listed above. It looks like a fairly new edition to the series of 16 ASR rules that can be configured.
However, on closer inspection there doesn't yet appear to be an Intune/Endpoint Manager option to add this under the standard Endpoint Security / Attack Surface Rules section.
There's an "Intune name" and a GUID but... I don't want to push this out via a MEM OMA-URI, it fractures where all the policies are kept and makes things messy.
Can I ask when it is expected to have this baked into the main Attack Surface Reduction rules section?
Seems a bit daft to make recommendations to implement the setting across all your endpoints when it's not as easy as all the other rules to actually implement?
Thanks very much.
James
James_Gillies we have not added this ASR Rule to the MEM ASR rule configuration profile. We have plans to add this configuration option so you don't have to use OMA-URIs so stay tuned.
Thanks,
Jake
James_Gillies Has there been an update to this and does the new version mdmsense work correctly. I have matched both policies and was thinking about switching to the new one. Does anyone have experience with the results of doing this?
- We switched our ASR policy over to the new "modern" MEM policies that target mdm and MicrosoftSense about 1 month ago. MEM enrolled devices successfully receive the policies however devices like servers that are only enrolled in MDE (MicrosoftSense) do not yet receive these policies and we have had to use our RMM tools to deploy the ASR policies via PowerShell. Hopefully in the future devices that are only MDE enrolled will also get these policies (as the target of mdm,microsoftsense suggests they should)
mcoombe Are your servers correctly hybrid joined? This is a prereq.
Hi, I swapped our policies over into a new mdmsense Intune policy, seems to work fine - no issues so far, change was made about 2 weeks ago now.
- I am happy to hear that. I will give it a try.
- Jake_Mowrer
Microsoft
James_Gillies we have not added this ASR Rule to the MEM ASR rule configuration profile. We have plans to add this configuration option so you don't have to use OMA-URIs so stay tuned.
Thanks,
Jake
- Where is this? This is getting silly.
What is the problem with this setting?
I can see the policy just fine:
Try recreating the policy if you cannot see it inside of an old one.
- I have come across the same issue and in 2023 there is still no option to add this. Intune configuration policies are turning into a hot mess.
Jake_Mowrer when is this coming?
James_Gillies I just got through the same path. You are right, this rules is not present in the WebGUI but it is yet configurable. Here's a good blog post about this : Configuring ASR Rules in Intune and how to automate it with PowerShell (call4cloud.nl)
