Attack Surface Reduction rules
GPTKB entity
Statements (110)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:block |
credential theft
process injection malicious scripts JavaScript and VBScript launched from Office Win32 API calls from Office macros child processes from Office apps credential stealing executable content from email and web executable content from email and web downloads malicious DLLs malicious Office files malicious code in memory malicious use of Adobe Reader malicious use of LSASS malicious use of Office applications malicious use of PowerShell malicious use of WMI malicious use of access.exe malicious use of acrobat.exe malicious use of at.exe malicious use of audiodg.exe malicious use of bitsadmin.exe malicious use of calc.exe malicious use of certutil.exe malicious use of chrome.exe malicious use of cmd.exe malicious use of conhost.exe malicious use of cscript.exe malicious use of csrss.exe malicious use of dllhost.exe malicious use of dwm.exe malicious use of edge.exe malicious use of excel.exe malicious use of explorer.exe malicious use of firefox.exe malicious use of fontdrvhost.exe malicious use of foxitreader.exe malicious use of ftp.exe malicious use of iexplore.exe malicious use of installutil.exe malicious use of lsass.exe malicious use of mimikatz malicious use of msbuild.exe malicious use of mshta.exe malicious use of msiexec.exe malicious use of mspaint.exe malicious use of msxsl.exe malicious use of net.exe malicious use of net1.exe malicious use of notepad.exe malicious use of onenote.exe malicious use of opera.exe malicious use of outlook.exe malicious use of paint.exe malicious use of powerpnt.exe malicious use of powershell.exe malicious use of procdump.exe malicious use of psexec.exe malicious use of publisher.exe malicious use of reader.exe malicious use of reg.exe malicious use of regsvr32.exe malicious use of rundll32.exe malicious use of safari.exe malicious use of sc.exe malicious use of schtasks.exe malicious use of scripting engines malicious use of sdbinst.exe malicious use of services.exe malicious use of smss.exe malicious use of snippingtool.exe malicious use of spoolsv.exe malicious use of sumatrapdf.exe malicious use of svchost.exe malicious use of system tools malicious use of taskhostw.exe malicious use of taskmgr.exe malicious use of telnet.exe malicious use of tftp.exe malicious use of visio.exe malicious use of web browsers malicious use of wininit.exe malicious use of winlogon.exe malicious use of winword.exe malicious use of wmic.exe malicious use of wmiprvse.exe malicious use of wordpad.exe malicious use of wscript.exe network protection bypass obfuscated scripts processes created by Office apps untrusted USB and removable drives untrusted fonts untrusted processes |
| gptkbp:canBe |
gptkb:PowerShell
gptkb:Intune gptkb:Group_Policy gptkb:Microsoft_Endpoint_Manager |
| gptkbp:developedBy |
gptkb:Microsoft
|
| https://www.w3.org/2000/01/rdf-schema#label |
Attack Surface Reduction rules
|
| gptkbp:introducedIn |
gptkb:Windows_10
gptkb:Windows_Server_2019 |
| gptkbp:partOf |
Microsoft Defender Exploit Guard
|
| gptkbp:purpose |
reduce attack surface
block known threats prevent malware execution |
| gptkbp:requires |
gptkb:Microsoft_Defender_Antivirus
|
| gptkbp:bfsParent |
gptkb:Windows_Defender_Exploit_Protection
|
| gptkbp:bfsLayer |
8
|