I’m running a standalone Windows 10 Pro machine and I have good security hygiene when it comes to security.
I also don’t run any MS Office apps either.
I’m really careful about what I install and download and also have Edge Smart Screen enabled with the full block settings in the App and Browser settings.
Do I really need to enable Attack Surface Reduction rules or is the Defender default settings are enough?
So, that's a difficult question to answer. Nothing says that you absolutely "need" to enable those rules. If that were the case, it would be enforced by default, right?
I also suspect that 99% of people won't even know about this.
Bottom line: Anything that can reduce the attack surface is, in general, a good thing. However, you have to weigh whether this will cause any difficulties in your normal operations.
My personal opinion: Since you already practice safe computing, my gut reaction is that you should already be safe. But let me discourage you! Experiment to see whether this is something that you really want to implement or not.
I just did some testing and looks like I don’t need to create a Group Policy ASR rule because I opened Task Manager and tried to create a Dump file when selecting the Lsass.exe process and Defender automatically blocked it.
The ASR RULE for this is below which is the most serious one.
https://learn.microsoft.com/en-us/mi...rity-subsystem
Quote