优化 ASR 规则部署和检测Optimize ASR rule deployment and detections

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版Sign up for a free trial.

攻击面减少 (ASR) 识别 并阻止典型的恶意软件攻击。Attack surface reduction (ASR) rules identify and prevent typical malware exploits. 它们控制何时以及如何运行潜在的恶意代码。They control when and how potentially malicious code can run. 例如,它们可以防止 JavaScript 或 VBScript 启动下载的可执行文件、阻止从 Office 宏调用 Win32 API 以及阻止从 USB 驱动器运行的进程。For example, they can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, and block processes that run from USB drives.

攻击面管理卡Attack surface management card
攻击面管理卡Attack surface management card

攻击 面管理卡 是 Microsoft 365 安全中心工具的入口点,可用于:The Attack surface management card is an entry point to tools in Microsoft 365 security center that you can use to:

  • 了解 ASR 规则当前在组织中是如何部署的。Understand how ASR rules are currently deployed in your organization.
  • 查看 ASR 检测并识别可能的不正确检测。Review ASR detections and identify possible incorrect detections.
  • 分析排除的影响并生成要排除的文件路径列表。Analyze the impact of exclusions and generate the list of file paths to exclude.

选择 转到攻击面管理 > 监视&报告>攻击面减少规则>添加排除项Select Go to attack surface management > Monitoring & reports > Attack surface reduction rules > Add exclusions. 可以在那里导航到 Microsoft 365 安全中心的其他部分。From there, you can navigate to other sections of Microsoft 365 security center.

Microsoft 365 安全中心的"攻击面减少规则"页中的"添加排除项"选项卡Add exclusions tab in the Attack surface reduction rules page in Microsoft 365 security center
Microsoft 365 安全中心的"攻击面减少规则"页中的"添加排除项"选项卡The Add exclusions tab in the Attack surface reduction rules page in Microsoft 365 security center

备注

若要访问 Microsoft 365 安全中心,你需要 Microsoft 365 E3 或 E5 许可证和在 Azure Active Directory 上具有特定角色的帐户。To access Microsoft 365 security center, you need a Microsoft 365 E3 or E5 license and an account that has certain roles on Azure Active Directory. 阅读所需的许可证和权限Read about required licenses and permissions.

有关 Microsoft 365 安全中心中的 ASR 规则部署详细信息,请参阅监视 和管理 ASR 规则部署和检测For more information about ASR rule deployment in Microsoft 365 security center, see Monitor and manage ASR rule deployment and detections.

相关主题Related topics