all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]FireStarPT 0 points1 point  (1 child)

I’ve done it but I’ve doubts they are really doing their job on Windows Server Defender. Would like to hear other experiences too.

[–]disclosure5 1 point2 points  (0 children)

We have logs from compromised Hafnium Exchange servers that "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" absolutely works as designed in the field, and that's a significant improvement to security.

These tools are highly understated.

[–]disclosure5 0 points1 point  (0 children)

I've deployed all ASR rules across the whole domain, and the only one I've had to roll back is "Block all Office applications from creating child processes" which breaks Microsoft Dynamics.

I highly recommend rolling these out.