• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

Block Adobe Reader from creating child processes GPO

New Here ,
Mar 01, 2023 Mar 01, 2023

Copy link to clipboard

Copied

There is an attack surface reduction rule we wish to establish in our environment, that is meant to block Adobe Reader from creating child processes. This appears to be very easy in InTune, but InTune is not ready for production. Therefore, GPO is the choice. Is there an ADMX template I can use, or any guidance on how the policy might be created?

TOPICS
How to , Windows

Views

9.6K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 01, 2023 Mar 01, 2023

Copy link to clipboard

Copied

LATEST

I found the GUID for blocking Adobe Reader from creating child processes, and I know now how to add it to the GPO. For perpetutuity, this is how ASR is implemented in GPO:
1. In Group Policy Management Editor, navigate to Computer Configuration/Administrative Templates/Windows Components/Microsoft Defender Antivirus/Microsoft Defender Exploit Guard/Attack Surface Reduction

2. Open the Configure Attack Surface Reduction Rules

3. Enable rule, and click the Show button for the state for each ASR rule

4. The GUIDs for Adobe Reader (and others) are listed here:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-...

5. GUID in left box, and either 0, 1, or 2 in right box
0 = Disable the rule

1 = Enforce the rule

2 - Audit the rule (logged only)

 

Hope that helps somebody.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines