Recovering from Attack Surface Reduction rule shortcut deletions
Updated 1/23/2023 @ 1:10pm PST On January 13th, Windows Security and Microsoft Defender for Endpoint customers may have experienced a series of false positive detections for the Attack Surface Reduction (ASR) rule “Block Win32 API calls from Office macro” after updating to security intelligence builds between 1.381.2134.0 and 1.381.2163.0. These detections resulted in the deletion …
Recovering from Attack Surface Reduction rule shortcut deletions Continue Reading