During a security assessment you observe that Emotet is entering the network through Word attachments that execute PowerShell to drop additional malware. All endpoints run Microsoft Defender Antivirus. To break this infection chain without disabling Office entirely, which Defender Attack Surface Reduction (ASR) rule should you enable through Group Policy?
Enable the ASR rule "Block executable content from email client and webmail"
Force cloud-delivered protection and automatic sample submission
Turn on controlled folder access for user profile directories
Enable the ASR rule "Block all Office applications from creating child processes"
The ASR rule that blocks all Office applications from creating child processes stops Word, Excel, or other Office applications from launching cmd.exe, PowerShell, or script interpreters. This directly disrupts the technique Emotet uses to spawn a PowerShell downloader while still allowing signed or trusted macros that do not need to create external processes.
The rule that blocks executable content from email clients only prevents the direct execution of EXE or script attachments and would not stop a macro inside a document from spawning PowerShell. Controlled folder access protects user data from encryption but does not address the initial execution path. Enabling cloud-delivered protection improves signature and ML detection but does not specifically prevent Office from spawning child processes, so the macro could still fire.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Emotet and how does it spread?
Open an interactive chat with Bash
How does the Defender ASR rule 'Block all Office applications from creating child processes' work?
Open an interactive chat with Bash
What is PowerShell and why is it often exploited by malware?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .