Block Use of Copied or Impersonated System Tools using Defender ASR Rules

Let’s discuss the Block using Copied or Impersonated System Tools using MS Defender ASR Rules. Microsoft Introduces new block use of copied or Impersonated System tools, and This capability is now in Preview.

This new capability will be available on Windows 11 and Windows 10 versions. This feature brings many changes to Windows Tools. Windows Tools is a folder in the Windows 11 Control Panel. Windows Tool is also known as Administrative Tool in Windows 10 Control Panel.

The block use of copied or Impersonated system tools is based on ASR rules-supported Operating Systems. Microsoft designed this tool for general availability. Users can explore this capability very soon. This feature helps you to block the use of executable files that are identified as copies of Windows system tools.

The executable files are either duplicates or impostors of the original system tools. This is a very effective and user-friendly tool of Microsoft. This blog post helps you to understand more about the Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules.

Patch My PC

Microsoft also released a new Block Rebooting Machine in Safe Mode. This is based on Microsoft Defender ASR Rules. This is a diagnostic mode that only loads the essential files and drivers needed for Windows to run.

Block Use of Copied or Impersonated System Tools using MS Defender ASR Rules

Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules have many abilities. Some malicious programs may try to copy or impersonate Windows system tools to avoid detection or gain privileges.

Potential attacks may occur if such executable files are allowed. Propagation and execution of such duplicates and imposters of the system tools on Windows machines will be prevented by this rule.

Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules - Fig.1
Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules – Fig.1

Different Features of Block Use of Copied or Impersonated System Tools

The Intune name of this new feature is Block Use of Copied or Impersonated System Tools. The Configuration Manager name is not yet available. Its dependencies are Microsoft Defender Antivirus, and GUID is c0033c00-d16d-4114-a5a0-dc9b3a7d2ceb.

Adaptiva
Rule NameWindows 11 and Windows 10Windows Server 2022 and Windows Server 2019Windows ServerWindows Server 2016Windows Server 2012 R2
YYYYYY
Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules – Table.1
Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules - Fig.2
Block Use of Copied or Impersonated System Tools Using MS Defender ASR Rules – Fig.2

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Gopika S Nair is a computer enthusiast. She loves writing on Windows 11 and related technologies. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She is Post Graduate Diploma Holder in Computer Science.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.