alexverboon/CI_AsrPersistenceThroughWmi_Remediation.ps1

## CI_AsrPersistenceThroughWmi_Remediation.ps1
<#
.Synopsis
      CI_AsrPersistenceThroughWmi_Remediation
.DESCRIPTION
    Script for Configuration Manager - Configuration Item

    CI_AsrPersistenceThroughWmi_Remediation configures the Rule Block persistence through WMI event subscription in Block mode

.NOTES
    v1.0, 28.10.2020, alex verboon
#>

Write-Output "Configuring Block persistence through WMI event subscription in Block mode"
$AsrPersistenceThroughWmiRuleID = "e6db77e5-3df2-4cf1-b95a-636979351e5b"
Add-MpPreference -AttackSurfaceReductionRules_Ids "$AsrPersistenceThroughWmiRuleID" -AttackSurfaceReductionRules_Actions Enabled
	<#
	.Synopsis
	CI_AsrPersistenceThroughWmi_Remediation
	.DESCRIPTION
	Script for Configuration Manager - Configuration Item

	CI_AsrPersistenceThroughWmi_Remediation configures the Rule Block persistence through WMI event subscription in Block mode

	.NOTES
	v1.0, 28.10.2020, alex verboon
	#>

	Write-Output "Configuring Block persistence through WMI event subscription in Block mode"
	$AsrPersistenceThroughWmiRuleID = "e6db77e5-3df2-4cf1-b95a-636979351e5b"
	Add-MpPreference -AttackSurfaceReductionRules_Ids "$AsrPersistenceThroughWmiRuleID" -AttackSurfaceReductionRules_Actions Enabled