Not what you are looking for? Ask the experts!
protection from .settingcontent-ms filetype abuse
I see a worrying article from Matt Nelson, in the Specter Ops site below, about the .SettingContent-ms filetype. His research has revealed that is is extremely easy to bypass the Attack Surface Reduction (ASR) rules.
Although Microsoft introduced Attack Surface Reduction (ASR) rules into Windows 10, it requires Windows Defender AV as a dependency. This means that if you have another registered AV installed (e.g. Norton Security), then the ASR rules that WOULD OTHERWISE be handled by Defender, are now dependent on the 3rd-party AV taking on the ASR role instead.
My question is:
Will Norton Security protect my system from the scenarios posted in the article (either with ANY of the "triple" command strings used that executes a file already on the system, or with the method whereby a user is tricked into clicking on a link that merely CONTAINS a crafted .SettingContent-ms file, that appears to run unchallenged). My version is: 18.104.22.168.
NOTE: I posted this 1 month and 1 day ago, and just found that after waiting for that time for the Norton Support tagged guys to answer, the thread was closed WITHOUT AN ANSWER. This is not acceptable, and have had to spend more time creating a new thread to report the same thing. I feel I have wasted my time in trying to report an important vulnerability, and need to know how I stand with my purchased AV product from Norton.