In plain English
ASR rules are pre-built guardrails in Windows that stop common attack techniques before they can do damage. They include blocking Office applications from spawning executable processes (a key ransomware delivery vector), preventing credential dumping from memory, and stopping scripts from running from suspicious locations.
Full definition
ASR rules ship inside and are toggled through or Group Policy. They target techniques attackers use repeatedly because they work: Office applications spawning child processes (a classic delivery path), credential dumping from LSASS memory, scripts executing from locations Windows considers suspicious. Each rule can run in audit mode first, so your IT team sees what would have been blocked before committing to enforcement.
These controls act before a payload executes. A lands, the user opens the Word attachment, the macro tries to launch PowerShell. With the right ASR rule enabled, that process spawn never happens. The ransomware never gets its foothold.
Most Australian SMEs running Business Premium already have the licensing to enable ASR rules. They rarely have them switched on. An IronSights Fortify deployment configures and monitors these rules as part of the endpoint hardening baseline, mapping directly onto Mitigation Strategy 3 (application control) within the framework.
