Resources/XAML/ASRRules.xaml
|
<UserControl xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:d="http://schemas.microsoft.com/expression/blend/2008" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" FontSize="16"> <Grid x:Name="ParentGrid"> <Grid.ColumnDefinitions> <ColumnDefinition Width="*" /> <ColumnDefinition Width="*" /> </Grid.ColumnDefinitions> <Grid.RowDefinitions> <RowDefinition Height="Auto" /> <!-- ASR Rule selections row --> <RowDefinition Height="3*" /> <!-- Execute Button Row --> <RowDefinition Height="*" /> </Grid.RowDefinitions> <TextBlock Grid.Row="0" Grid.ColumnSpan="2" Text="Use this page to manage Attack Surface Reduction (ASR) rules. Start by clicking the 'Retrieve ASR Status' button to fetch the latest status of ASR rules on the system. After making the necessary configurations, click the 'Apply ASR Rules' button to save and enforce the changes." FontSize="14" Margin="20,10,20,15" FontWeight="Normal" VerticalAlignment="Center" HorizontalAlignment="Center" TextWrapping="Wrap"/> <ListView x:Name="ASRRuleSet1" Grid.Row="1" Grid.Column="0" Grid.ColumnSpan="1" BorderThickness="0" Margin="0,40,0,0" ScrollViewer.PanningMode="Both"> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block abuse of exploited vulnerable signed drivers" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockAbuseOfExploitedVulnerableSignedDrivers" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center"> <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block Adobe Reader from creating child processes" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockAdobeReaderFromCreatingChildProcesses" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block all Office applications from creating child processes" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockAllOfficeApplicationsFromCreatingChildProcesses" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block credential stealing from the Windows local security authority subsystem" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockCredentialStealingFromTheWindowsLocalSecurityAuthoritySubsystem" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block executable content from email client and webmail" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockExecutableContentFromEmailClientAndWebmail" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block executable files from running unless they meet a prevalence, age, or trusted list criterion" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockExecutableFilesFromRunningUnlessTheyMeetAPrevalenceAgeOrTrustedListCriterion" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block execution of potentially obfuscated scripts" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockExecutionOfPotentiallyObfuscatedScripts" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block JavaScript or VBScript from launching downloaded executable content" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block Office applications from creating executable content" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockOfficeApplicationsFromCreatingExecutableContent" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block Office applications from injecting code into other processes" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> </ListView> <ListView x:Name="ASRRuleSet2" Grid.Row="1" Grid.Column="1" Grid.ColumnSpan="1" BorderThickness="0" Margin="0,40,0,0" ScrollViewer.PanningMode="Both"> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center"> <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block Office communication application from creating child processes" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockOfficeCommunicationApplicationFromCreatingChildProcesses" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center"> <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block persistence through WMI event subscription" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockPersistenceThroughWMIEventSubscription" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block process creations originating from PSExec and WMI commands" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockProcessCreationsOriginatingFromPSExecAndWMICommands" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block rebooting machine in Safe Mode (preview)" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockRebootingMachineInSafeMode" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block untrusted and unsigned processes that run from USB" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockUntrustedAndUnsignedProcessesThatRunFromUSB" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block use of copied or impersonated system tools (preview)" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockUseOfCopiedOrImpersonatedSystemTools" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block Webshell creation for Servers" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockWebshellCreationForServers" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Block Win32 API calls from Office macros" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="BlockWin32APICallsFromOfficeMacros" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <TextBlock Width="250" HorizontalAlignment="Center" VerticalAlignment="Center" Text="Use advanced protection against ransomware" TextWrapping="Wrap" Margin="0,0,10,0"/> <ComboBox x:Name="UseAdvancedProtectionAgainstRansomware" Width="110" Margin="10,0,0,0"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> </ListView> <StackPanel Orientation="Horizontal" Grid.Row="2" Grid.ColumnSpan="2" HorizontalAlignment="Center"> <Button x:Name="ApplyASRRulesButton" Margin="15,0,10,0" ToolTipService.InitialShowDelay="1000" ToolTip="Apply the configured Attack Surface Reduction Rules"> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center" VerticalAlignment="Center"> <TextBlock FontFamily="{DynamicResource SymbolThemeFontFamily}" VerticalAlignment="Center" FontSize="20" Text=""/> <TextBlock Text="Apply ASR Rules" VerticalAlignment="Center" HorizontalAlignment="Center" Margin="8,0,8,0" FontWeight="SemiBold"/> </StackPanel> </Button> <Button x:Name="RetrieveASRStatus" Margin="10,0,15,0" ToolTipService.InitialShowDelay="1000" ToolTip="Using this button will retrieve the latest effective status of each Attack Surface Reduction rule on the system and will populate the combo boxes for you."> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center" VerticalAlignment="Center"> <TextBlock FontFamily="{DynamicResource SymbolThemeFontFamily}" VerticalAlignment="Center" FontSize="20" Text=""/> <TextBlock Text="Retrieve ASR Status" VerticalAlignment="Center" HorizontalAlignment="Center" Margin="8,0,8,0" FontWeight="SemiBold"/> </StackPanel> </Button> </StackPanel> </Grid> </UserControl> |