Resources/XAML/ASRRules.xaml
|
<UserControl xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:d="http://schemas.microsoft.com/expression/blend/2008" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" Style="{StaticResource Page_Style}"> <Grid x:Name="ParentGrid"> <Grid.ColumnDefinitions> <ColumnDefinition Width="*" /> <ColumnDefinition Width="*" /> </Grid.ColumnDefinitions> <Grid.RowDefinitions> <RowDefinition Height="Auto" /> <!-- ASR Rule selections row --> <RowDefinition Height="3*" /> <!-- Execute Button Row --> <RowDefinition Height="*" /> </Grid.RowDefinitions> <TextBlock Grid.Row="0" Grid.ColumnSpan="2" Text="Use this page to manage Attack Surface Reduction (ASR) rules. Start by clicking the 'Retrieve ASR Status' button to fetch the latest status of ASR rules on the system. After making the necessary configurations, click the 'Apply ASR Rules' button to save and enforce the changes." Foreground="Black" FontSize="14" Margin="20,10,20,15" FontWeight="Normal" VerticalAlignment="Center" HorizontalAlignment="Center" TextWrapping="Wrap"/> <ListView x:Name="ASRRuleSet1" Grid.Row="1" Grid.Column="0" Grid.ColumnSpan="1" ItemContainerStyle="{StaticResource CustomListViewItemStyle}" BorderThickness="0" Margin="0,40,0,0" ScrollViewer.PanningMode="Both"> <ListView.Background> <SolidColorBrush Color="Transparent"/> </ListView.Background> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block abuse of exploited vulnerable signed drivers" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockAbuseOfExploitedVulnerableSignedDrivers" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center"> <Label Content="Block Adobe Reader from creating child processes" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockAdobeReaderFromCreatingChildProcesses" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block all Office applications from creating child processes" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockAllOfficeApplicationsFromCreatingChildProcesses" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block credential stealing from the Windows local security authority subsystem" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockCredentialStealingFromTheWindowsLocalSecurityAuthoritySubsystem" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block executable content from email client and webmail" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockExecutableContentFromEmailClientAndWebmail" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block executable files from running unless they meet a prevalence, age, or trusted list criterion" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockExecutableFilesFromRunningUnlessTheyMeetAPrevalenceAgeOrTrustedListCriterion" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block execution of potentially obfuscated scripts" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockExecutionOfPotentiallyObfuscatedScripts" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block JavaScript or VBScript from launching downloaded executable content" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block Office applications from creating executable content" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockOfficeApplicationsFromCreatingExecutableContent" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block Office applications from injecting code into other processes" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> </ListView> <ListView x:Name="ASRRuleSet2" Grid.Row="1" Grid.Column="1" Grid.ColumnSpan="1" ItemContainerStyle="{StaticResource CustomListViewItemStyle}" BorderThickness="0" Margin="0,40,0,0" ScrollViewer.PanningMode="Both"> <ListView.Background> <SolidColorBrush Color="Transparent"/> </ListView.Background> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center"> <Label Content="Block Office communication application from creating child processes" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockOfficeCommunicationApplicationFromCreatingChildProcesses" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center"> <Label Content="Block persistence through WMI event subscription" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockPersistenceThroughWMIEventSubscription" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block process creations originating from PSExec and WMI commands" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockProcessCreationsOriginatingFromPSExecAndWMICommands" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block rebooting machine in Safe Mode (preview)" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockRebootingMachineInSafeMode" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block untrusted and unsigned processes that run from USB" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockUntrustedAndUnsignedProcessesThatRunFromUSB" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block use of copied or impersonated system tools (preview)" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockUseOfCopiedOrImpersonatedSystemTools" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block Webshell creation for Servers" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockWebshellCreationForServers" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Block Win32 API calls from Office macros" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="BlockWin32APICallsFromOfficeMacros" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> <ListViewItem Margin="0,5,0,5" HorizontalAlignment="Center" VerticalAlignment="Center"> <StackPanel Orientation="Horizontal" VerticalAlignment="Center" HorizontalAlignment="Center" > <Label Content="Use advanced protection against ransomware" Style="{StaticResource ModernLabelStyle}" Margin="0,0,10,0"/> <ComboBox x:Name="UseAdvancedProtectionAgainstRansomware" Width="90" Margin="10,0,0,0" Style="{StaticResource ModernComboBoxStyle}" ItemContainerStyle="{StaticResource ModernComboBoxItemStyle}"> <ComboBoxItem Content="Disable" /> <ComboBoxItem Content="Block" /> <ComboBoxItem Content="Audit" /> <ComboBoxItem Content="Warn" /> </ComboBox> </StackPanel> </ListViewItem> </ListView> <StackPanel Orientation="Horizontal" Grid.Row="2" Grid.ColumnSpan="2" HorizontalAlignment="Center"> <Button x:Name="ApplyASRRulesButton" Style="{StaticResource CustomButtonStyle2}" Margin="15,0,10,0" ToolTipService.InitialShowDelay="1000" ToolTip="Apply the configured Attack Surface Reduction Rules"> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center" VerticalAlignment="Center"> <TextBlock Text="Apply ASR Rules" VerticalAlignment="Center" HorizontalAlignment="Center" Margin="8,0,8,0" FontWeight="SemiBold"/> </StackPanel> </Button> <Button x:Name="RetrieveASRStatus" Style="{StaticResource CustomButtonStyle2}" Margin="10,0,15,0" ToolTipService.InitialShowDelay="1000" ToolTip="Using this button will retrieve the latest effective status of each Attack Surface Reduction rule on the system and will populate the combo boxes for you."> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center" VerticalAlignment="Center"> <TextBlock Text="Retrieve ASR Status" VerticalAlignment="Center" HorizontalAlignment="Center" Margin="8,0,8,0" FontWeight="SemiBold"/> </StackPanel> </Button> </StackPanel> </Grid> </UserControl> |