Demystifying attack surface reduction rules - Part 2

According to this article and MS documentation (ASR Q&A section) LSASS rule exclusions are against "Process Name" field, but in Office child process rule exclusions are against "Path" field. So on other rules which field is taken into consideration?

I opened a case with MS regarding that, I also have given feedback regarding the official documentation. QA section of ASR documentation gives ASR as example. The choice cannot be worse. If LSASS rule really considers "Process Name" for exclusions, it is the only rule that does that (others use Path). So documentation gives a very wrong guidance for people who try to craft exclusions for other rules.

But recently I realized that MS fixed the issue. In the past for LSASS rule Path field was always outputting "Lsass.exe" and Process Name was the process that is accessing Lsass. But now Microsoft reversed that so now in Path field you do see the process that is trying to access Lsass. Rules became consistent, anyone who tries to craft exclusions should only consider "Path" field in the logs. Though trying to craft exclusions for Lsass rule is useless and you should set it and wait for the smoke. On the other hand crafting exclusions for some other rules (like office child process blocking) is a must.

Microsoft still needs to correct the ASR documentation, my Git comment for their page still pending.