Attack Surface Reduction Rules can be set on different ways. If you don't use any Device Management and no Group Policies, there's only one way left: Powershell. But this is not as userfriendly as I hoped (especially the GUID). So I developed GUI for setting ASR Rules via Powershell.
Download the Powershell Script or Exe File from here and run it: https://github.com/hemaurer/MDATP_PoSh_Scripts/tree/master/ASR%20GUI
-
You will need Windows 10 Pro or Windows 10 Enterprise in Version 1709 or later.
-
The Powershell Script as well as the Exe have to run in admin mode to work properly.
For development and testing you might need to set the Powershell ExecutionPolicy to Unrestricted. Because of Security Risk it is recommended to set the policy to restricted after finishing development.
Before Development:
Set-ExecutionPolicy Unrestricted
After Development
Set-ExecutionPolicy Restricted
There is no installation as the EXE is based on the Powershell Script.
- Visual Studio
- Powershell ISE 5.0
- Hermann Maurer - Initial work
Thanks to
for Inspiration and initial Code base which is used in the "Report"-Function.