We've noted our findings after a couple of years auditing #Windows #Defender Attack Surface Reduction events.
Hopefully it will help anyone considering block mode.
Being able to use the credential stealing/lsass rule was the surprise for me.
medium.com/palantir/microsof…
5:30 PM · Jan 11, 2021
12
143
323









