Solutions

Microsoft Defender ASR Rule - Block persistence through WMI event subscription

Modified on 2025-06-10 16:35:22 +0200

Does anyone know or had problems with enabling the MS ASR rule "Block persistence through WMI event subscription" and PRTG monitoring through WMI.

Article Comments

Hello,

Thanks for contacting us. Can you please describe with more details what you are trying to accomplish? PRTG has the WMI Security Sensor to monitor Windows Defender and Event logs sensors for the Windows Event Viewer using WMI.

If you are getting a specific error, please share or feel free to open a new support ticket for further assistance.

Jul, 2023 - Permalink

Hi, No Specific error. I am looking at enabling the ASR rule "Block persistence through WMI event subscription" through Microsoft Defender 365. I was wondering if this had been seen to have a negative affect on PRTG WMI monitoring by any PRTG users.

Jul, 2023 - Permalink

Hello,

We haven't been reported with any similar issues or problems related to that specifically. Please feel free to open a support ticket if you face any issues for further investigation.

Thanks.

Jul, 2023 - Permalink

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Microsoft Defender ASR Rule - Block persistence through WMI event subscription

Article Comments

Search

Attention

Related Articles