Cataster

Asked: 2022-08-26 20:18:51 +0800 CST2022-08-26 20:18:51 +0800 CST 2022-08-26 20:18:51 +0800 CST

Why isnt the remediation improving the exposure score in Microsoft defender?

I am trying to improve our exposure score on Microsoft Defender and noted that "Block persistence through WMI event subscription" has a remediation which Ive already applied since almost a month now.

Remediation:

Ensure that Microsoft Defender Antivirus is turned on as the primary antivirus solution, with Real-Time Protection enabled. (checked and applied given the 0 exposed devices, and 0 impact)
Enable this ASR rule in Block mode using Group Policy (done)

However, despite the attack surface reduction rule blocking persistence through WMI event subscriptions as reported on MEM (endpoint manager/intune),

it just doesnt seem to be really syncing with the remediation on Microsoft defender. The impact appears to have remained the same, and even my PC, despite the latest updates, appears to still reflect as an exposed device.

Why isnt the remediation improving the exposure score in Microsoft defender?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Why isnt the remediation improving the exposure score in Microsoft defender?

0 Answers