Jump to content

Eset Alternative to Microsoft Defender Attack Surface Reduction


Recommended Posts

Hello,

are the rules from Defender Attack Surface Reduction or equivalent implemented in Eset Endpoint Security? 
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction

If not, is there any way to enable the rules with Eset enabled?

 

Kind regards

Martin

Link to post
Share on other sites
11 minutes ago, INDUS_MH said:

If not, is there any way to enable the rules with Eset enabled?

Some of the ASR rule protections are incorporated into the various Eset protection mechanisms; namely the HIPS.

Some of the ASR protection rules are not; for example, "Block execution of potentially obfuscated scripts." Eset scans such scripts but will only block their execution if known malware exists or highly suspicious activity is being performed.

Other ASR rules such as "Block Office applications from creating executable content" can be had in Eset by creating custom HIPS rules for like activity.

Link to post
Share on other sites

Hello @Marcos

I added the HIPS rules from KB6119 and noticed afterward that the powershell can not even be opened, as it always tries to open conhost.exe with it. I set the disallowed child processes from all to just the scripting executables.

Maybe the KB6119 needs a small update?

Also do you know if Eset intends to add additional HIPS rules to the KB or plans to implement the functionality out of the box?

 

Kind regards

Martin

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...