Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ASR rules exclusions #2

Open
TuemmlerKelch opened this issue Aug 28, 2023 · 0 comments
Open

Add ASR rules exclusions #2

TuemmlerKelch opened this issue Aug 28, 2023 · 0 comments
Labels
enhancement New feature or request
Milestone
Version 1.1.0

Comments

@TuemmlerKelch
Copy link
Collaborator

TuemmlerKelch commented Aug 28, 2023
edited
Loading

Please implement the following logic:

  1. Defender not active
    1.1 Skip this section, as ASR rules cannot be applied regarless of configuration
  2. If Defender is active
    2.1 If the systems has no ASR rules active, display "ASR rules not configured"
    2.2 If 1 or more ASR rules are configured, display these including their status (monitor or block)
  3. Exclusions
    3.1If there are no exclusions configured, display "no ASR rules exclusions configured"
    3.2 If 1 or more exclusions are configured, display those

references for ASR rules compatibility for relevant OSes: here
We only need Windows 10/11 & Server 2016/2019/2022

Get some inspiration from ASR Analyzer which has a nice implementation for displaying active rules and exclusions
@TuemmlerKelch TuemmlerKelch added the enhancement New feature or request label Aug 28, 2023
@TuemmlerKelch TuemmlerKelch added this to the SystemValidator 1.1 milestone Aug 28, 2023
@TuemmlerKelch TuemmlerKelch changed the title Display status for all ASR rules and incorporate ASR rules exclusions Add ASR rules exclusions Aug 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Version 1.1.0
Development

No branches or pull requests
1 participant
@TuemmlerKelch