Organisations should either implement ASR using Microsoft Defender Antivirus or use third party antivirus solutions that offer similar functionality to those provided by ASR. Block Office communication application from creating child processes.Block Win32 API calls from Office macro.Block Office applications from injecting code into other processes.Block Office applications from creating executable content.Block all Office applications from creating child processes.Block executable content from email client and webmail.In order to use ASR, Microsoft Defender Antivirus must be configured as the primary real-time antivirus scanning engine on workstations.ĪSR offers a number of Microsoft Office-related attack surface reduction rules, these include: It is designed to combat the threat of malware exploiting legitimate functionality in Microsoft Office applications. Attack Surface ReductionĪttack Surface Reduction (ASR), a security feature of Microsoft Windows 10, forms part of Microsoft Defender Exploit Guard. The following recommendations, listed in alphabetical order, should be treated as high priorities when hardening Microsoft Office deployments. Finally, as Group Policy settings for Microsoft Office are periodically updated by Microsoft, care should be taken to ensure the latest version is always used. For cloud-based policy configurations, equivalents are available in Microsoft 365 Apps admin centre for many of the Group Policy settings. Once downloaded, the ADMX and associated ADML files can be placed in %SystemDrive%\Windows\SYSVOL\domain\Policies\PolicyDefinitions on the Domain Controller and they will be automatically loaded in the Group Policy Management Editor. The Group Policy Administrative Templates for Microsoft 365, Office 2021, Office 2019 and Office 2016 can be obtained from Microsoft. Before implementing the recommendations in this publication, testing should be undertaken to ensure the potential for unintended negative impacts on business processes is reduced as much as possible. This publication provides recommendations on hardening Microsoft 365, Office 2021, Office 2019 and Office 2016 applications.
Hardening applications on workstations is an important part of reducing this risk. Workstations are often targeted by adversaries using malicious websites, emails or removable media in an attempt to extract sensitive information.
0 kommentar(er)
