From e7a00afbc27c8ab534f3fdba9e6eddbd78fcffa2 Mon Sep 17 00:00:00 2001 From: vboyev-MSFT Date: Tue, 21 Jan 2025 11:42:05 -0600 Subject: [PATCH 1/3] Update defender-endpoint-false-positives-negatives.md Added ASR Rule exclusions details as it was missing and is relevant --- .../defender-endpoint-false-positives-negatives.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/defender-endpoint/defender-endpoint-false-positives-negatives.md b/defender-endpoint/defender-endpoint-false-positives-negatives.md index 1f37d43430..297588836e 100644 --- a/defender-endpoint/defender-endpoint-false-positives-negatives.md +++ b/defender-endpoint/defender-endpoint-false-positives-negatives.md @@ -212,9 +212,11 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi - [Create "allow" indicators for Microsoft Defender for Endpoint](#indicators-for-defender-for-endpoint) - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus) +- For Attack Surface Reduction Rule exclusions [Configure attack surface reduction per-rule exclusions](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-deployment-test#configure-attack-surface-reduction-per-rule-exclusions) or you can leverage [ASR rule only exclusions](https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#exclude-files-and-folders-from-attack-surface-reduction-rules) > [!NOTE] > Microsoft Defender Antivirus exclusions apply only to antivirus protection, not across other Microsoft Defender for Endpoint capabilities. To exclude files broadly, use [custom indicators](indicators-overview.md) for Microsoft Defender for Endpoint and exclusions for Microsoft Defender Antivirus. +> ASR Rules can leverage ASR Rule Exclusions - where the exclusions apply to all ASR Rules; ASR per Rule Exclusions; Defender AV exclusions; as well as allow indicators defined in Custom Indicators. The procedures in this section describe how to define indicators and exclusions. From 91e710cb7e4b56256324208d0d564566030ad910 Mon Sep 17 00:00:00 2001 From: Emm Walsh Date: Thu, 23 Jan 2025 12:11:04 +0000 Subject: [PATCH 2/3] Update link for Attack Surface Reduction Rule --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/defender-endpoint-false-positives-negatives.md b/defender-endpoint/defender-endpoint-false-positives-negatives.md index 297588836e..8772e17b39 100644 --- a/defender-endpoint/defender-endpoint-false-positives-negatives.md +++ b/defender-endpoint/defender-endpoint-false-positives-negatives.md @@ -212,7 +212,7 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi - [Create "allow" indicators for Microsoft Defender for Endpoint](#indicators-for-defender-for-endpoint) - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus) -- For Attack Surface Reduction Rule exclusions [Configure attack surface reduction per-rule exclusions](https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-deployment-test#configure-attack-surface-reduction-per-rule-exclusions) or you can leverage [ASR rule only exclusions](https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#exclude-files-and-folders-from-attack-surface-reduction-rules) +- For Attack Surface Reduction Rule exclusions [Configure attack surface reduction per-rule exclusions](/defender-endpoint/attack-surface-reduction-rules-deployment-test#configure-attack-surface-reduction-per-rule-exclusions) or you can leverage [ASR rule only exclusions](https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#exclude-files-and-folders-from-attack-surface-reduction-rules) > [!NOTE] > Microsoft Defender Antivirus exclusions apply only to antivirus protection, not across other Microsoft Defender for Endpoint capabilities. To exclude files broadly, use [custom indicators](indicators-overview.md) for Microsoft Defender for Endpoint and exclusions for Microsoft Defender Antivirus. From e148d797e486714a5dc484b3efe1cda8b226b55b Mon Sep 17 00:00:00 2001 From: Emm Walsh Date: Thu, 23 Jan 2025 12:44:02 +0000 Subject: [PATCH 3/3] Update ASR rule exclusions link --- .../defender-endpoint-false-positives-negatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/defender-endpoint-false-positives-negatives.md b/defender-endpoint/defender-endpoint-false-positives-negatives.md index 8772e17b39..a3388497d3 100644 --- a/defender-endpoint/defender-endpoint-false-positives-negatives.md +++ b/defender-endpoint/defender-endpoint-false-positives-negatives.md @@ -212,7 +212,7 @@ To define exclusions across Microsoft Defender for Endpoint, perform the followi - [Create "allow" indicators for Microsoft Defender for Endpoint](#indicators-for-defender-for-endpoint) - [Define exclusions for Microsoft Defender Antivirus](#exclusions-for-microsoft-defender-antivirus) -- For Attack Surface Reduction Rule exclusions [Configure attack surface reduction per-rule exclusions](/defender-endpoint/attack-surface-reduction-rules-deployment-test#configure-attack-surface-reduction-per-rule-exclusions) or you can leverage [ASR rule only exclusions](https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#exclude-files-and-folders-from-attack-surface-reduction-rules) +- For Attack Surface Reduction Rule exclusions [Configure attack surface reduction per-rule exclusions](/defender-endpoint/attack-surface-reduction-rules-deployment-test#configure-attack-surface-reduction-per-rule-exclusions) or you can leverage [ASR rule only exclusions](/defender-endpoint/enable-attack-surface-reduction#exclude-files-and-folders-from-attack-surface-reduction-rules) > [!NOTE] > Microsoft Defender Antivirus exclusions apply only to antivirus protection, not across other Microsoft Defender for Endpoint capabilities. To exclude files broadly, use [custom indicators](indicators-overview.md) for Microsoft Defender for Endpoint and exclusions for Microsoft Defender Antivirus.