Select a rule to configure
Why ASR Matters
Understanding Attack Surface Reduction and its role in modern cybersecurity.
What is Attack Surface Reduction?
Attack surfaces are all the places where your organization is vulnerable to cyber threats and attacks. Attack Surface Reduction (ASR) rules targets software behaviors that are often abused by attackers, such as:
- Launching executable files and scripts that attempt to download or run files
- Running obfuscated or otherwise suspicious scripts
- Performing behaviors that apps don't usually initiate during normal day-to-day work
Rule Reference
How to Use ASR Configurator
Step 1: Select a Preset
Start by choosing a preset that matches your environment from the dropdown menu in the sidebar.
- Basic: Minimal impact, safe for all users.
- Balanced (Recommended): Good security posture with low risk of breaking apps.
- Strict: Maximum security, high risk of false positives.
Step 2: Customize Rules
Click on individual rules in the sidebar to view details and adjust their mode:
- Block: High security. The action is stopped.
- Audit: Monitoring only. The action is allowed but logged. Use this to test rules.
- Disabled: The rule is turned off.
Step 3: Generate & Apply Code
Select your deployment method from the bottom tabs:
| Method | Best For | How to Apply |
|---|---|---|
| PowerShell | Single Machines / Testing | Open PowerShell as Admin, paste the code, and run. |
| Group Policy | Active Directory Domains | Save as .reg file and import, or manually configure in GPO Editor. |
| Intune | Cloud / M365 Devices | Copy JSON and import into Endpoint Security > ASR Policy. |
About the Project
This project aims to take initiative in cybersecurity awareness and help people understand Attack Surface Reduction rules. The goal is to empower users to secure their Windows systems effectively while understanding the impact of each security rule.
Created by ASUTOSH GAUTAM
Cybersecurity Student
View on GitHub
Disclaimer
This tool is for educational purposes. Always test ASR rules in Audit mode before switching to Block mode in a production environment. The creator accepts no responsibility for system issues caused by improper configuration.