The following information below describes how to implement the following security recommendation from Microsoft:
Attack Surface Reduction (ASR) rules are the most effective method for blocking the most common attack techniques being used in cyber attacks and malicious software.
This ASR rule scans executable files entering the system to determine whether they’re trustworthy.
To address this security recommendation, perform the following:
- Sign in to the Microsoft Endpoint Manager admin center (
https://endpoint.microsoft.com). - Select “Endpoint security” and then “Attack surface reduction”.
- Click on “Create Policy” and select the platform “Windows 10 and later”.
- Choose the profile type “Attack surface reduction rules”.
- In the settings, find the rule “Use advanced protection against ransomware” and set it to “Block”.
- Assign the policy to the desired groups.
