Cloud IT Office 365

Microsoft Defender ATP Training Series Part 3: Attack Surface Reduction (ASR)

Written by Ambi

In this session we will discuss about Microsoft Defender ATP Attack Surface Reduction (ASR) basics. ASR rules target software behaviors that are often abused by attackers, such as:

  • Launching executable files and scripts that attempt to download or run files
  • Running obfuscated or otherwise suspicious scripts
  • Performing behaviors that apps don’t usually initiate during normal day-to-day work

Key timestamps:

0:50 ASR Overview
1:52 ASR Rules
2:36 The Golden Rule
5:29 Demo
6:38 Security Recommendations
8:44 Advanced Hunting

Few advanced hunting scripts Links:
More #MDATP resources

Official Microsoft ASR documentations:

Basic ASR Query:


About the author