Not what you are looking for? Ask the experts!
protection from .settingcontent-ms filetype abuse
I see a worrying article from Matt Nelson, in the Specter Ops site below, about the .SettingContent-ms filetype. His research has revealed that is is extremely easy to bypass the Attack Surface Reduction (ASR) rules.
Although Microsoft introduced Attack Surface Reduction (ASR) rules into Windows 10, it requires Windows Defender AV as a dependency. This means that if you have another registered AV installed (e.g. Norton Security), then the ASR rules that WOULD OTHERWISE be handled by Defender, are now dependent on the 3rd-party AV taking on the ASR role instead.
My question is:
Will Norton Security protect my system from the scenarios posted in the article (either with ANY of the "triple" command strings used that executes a file already on the system, or with the method whereby a user is tricked into clicking on a link that merely CONTAINS a crafted .SettingContent-ms file, that appears to run unchallenged). My version is: 220.127.116.11.