• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.
Locked

‎06-05-2024 03:12 AM

HP Recommended
Product: HP Thunderbolt Dock 120W G4
Operating System: Microsoft Windows 10 (64-bit)

Hi HP and all,

 

I have recently encountered a block from Microsoft Defender ASR rules affecting HP Thunderbolt Dock G4 Firmware Installer, see image below:

ASR_Block_HP_ThunderboltDock.PNG

 

Defender for Endpoint information:

  • App or process blocked: WmiPrvSE.exe
  • Blocked by: Attack surface reduction
  • Rule: Block process creations originating from PSExec and WMI commands
  • Affected items: C:\Program Files\HP\HP Firmware Installer\HP Thunderbolt Dock G4\HPFirmwareInstaller.exe

The HPFirmwareinstaller.exe is not related to a critical function for the computer but it is quite good to have the opportunity to make firmware updates for the docking station when new drivers becomes available.

The end user will be prompted by Defender for Endpoint that a process is blocked and this generates unnecessary  calls to the ServiceDesk 

Now when more and more companies are moving to cloud managed computers,  ASR rules are becoming a very important part of the overall security requirements.


On the wishlist is that HP takes a look inside the code of the HP Thunderbolt Dock G4 Firmware Installer and make necessary changes to make it compliant with Microsoft's available security standards for the Attack Surface Reduction feature.


General Microsoft references for Attack Surface Reduction:
https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference 

https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#microso...

 

Blocking rule specific documentation:
https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-reference#block-p...

 

Best Regards

Par Hagman

Malmoe, Sweden

Category:
2 people had the same question
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.