Information
This rule prevents attacks by blocking Adobe Reader from creating processes.
Malware can download and launch payloads and break out of Adobe Reader through social engineering or exploits. By blocking child processes from being generated by Adobe Reader, malware attempting to use Adobe Reader as an attack vector are prevented from spreading.
The recommended state for this setting is: Block
Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Block
Defender\Block Adobe Reader from creating child processes
Impact:
When a rule is triggered, a notification will be displayed from the Action Center.