Skip to content
Vectel
SupportSecurity

We want to block Office macro attacks and ransomware chains

Attack Surface Reduction rules in Defender block typical exploit paths: Office spawning cmd.exe, scripts from temp folders. Audit first, then block.

support/beveiliging/asr-rules-defendersteps: 4

Try this first

  1. Defender > Endpoints > ASR > set rules to audit
  2. Collect for a week, identify false positives
  3. Block mode for the safe set: 7 rules with low impact
  4. Exceptions by path, not by executable

When to bring us in

Critical rules vary by sector, happy to discuss.

See also

Was this helpful?

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works