Rule | Status |
Block all Office apps from creating child processes | Block |
Block Office communication apps (Outlook, Teams, Skype) from creating child processes | Block |
Block Office apps from creating executable content | Block |
Block Office apps from injecting code into other processes | Block |
Block Win32 API calls from Office macros | Block |
Block use of copied or impersonated system tools | Block |
Block executable content from email client and webmail | Block |
Block execution of potentially obfuscated scripts | Block |
Use advanced protection against ransomware | Block |
Block JavaScript or VBScript from launching downloaded executable content | Audit |