ASRRules

2.0.0

ASRRules is a module that will help view and modify Attack Surface Reduction Rules provided by Windows Defender

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name ASRRules

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name ASRRules

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

MIT License

Package Details

Author(s)

  • Emin Atac

Tags

security defense Defender ASR DefenderASR MicrosoftDefender WindowsDefender

Functions

Get-ASRRuleData Set-ASRRuleConfig Get-ASRRuleConfig

PSEditions

Core Desktop

Dependencies

This module has no dependencies.

Release Notes

2025.10.26 - Version 2.0.0
2025.10.26 - Adding rule: Block use of copied or impersonated system tools
2025.10.26 - Adding rule: Block Webshell creation for Servers
2025.10.26 - Adding rule: Block rebooting machine in Safe Mode
2021.12.11 - Version 1.0.1
2021.12.11 - Adding rule: Block abuse of exploited vulnerable signed drivers
2021.03.25 - Version 1.0.0

FileList

Version History

Version Downloads Last updated
2.0.0 (current version) 6 10/26/2025
1.0.1 432 12/11/2021
1.0.0 232 3/21/2021