END POINT SECURITY - OBJECT PROTECTION RULES

 

Object Protection Rules provide control over what level of access rights processes and threads are allowed to have.

More information can be found here and here on the Microsoft website.

In our example, the Consent Process will only assign specific rights to its executables.
 

An Object Protection Rule will usually be coupled with a Process Set and Identity rule, and “Consent” is an example. If we look at the Process Identity for the “Consent Processes,” only the processes that match these following rules will be allowed to have the Object Protection Rule.