Would you like to learn how to configure attack surface reduction rules using Powershell? In this tutorial, we will show you how to use the command line to add an ASR rule on Windows Defender.

• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 2022
• Windows 10
• Windows 11

Equipment list

Here you can find the list of equipment used to create this tutorial.

This link will also show the software list used to create this tutorial.

Related tutorial – PowerShell

On this page, we offer quick access to a list of tutorials related to PowerShell.

Tutorial Powershell ASR – Configure attack surface reduction rules

Start an elevated Powershell command line.

Windows 10 - powershell elevated

Add an ASR rule using Powershell.

Copy to Clipboard

In our example, we add a rule to block JavaScript or VBScript from launching downloaded executable content.

There are multiple actions available.

Copy to Clipboard

List all configured ASR rules.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Restart the computer to enable the ASR rules.

Copy to Clipboard

Optionally, restart the Defender real-time protection to enable the ASR rules.

Copy to Clipboard

Create a test file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Test the ASR rule to Block JavaScript or VBScript from launching downloaded executable content.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

List events related to ASR rules.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Disable an ASR rule using Powershell.

Copy to Clipboard

Remove an ASR rule using Powershell.

Copy to Clipboard

Congratulations! You are able to configure ASR rules using Powershell.