Forum Discussion

Kiril's avatar
Kiril
Steel Contributor
Apr 11, 2022

ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

An Excel Addin in our organization is blocked on some user devices by the rule: Block Office applications from creating executable content

 

The ASR rules report shows that many folders with many *.dll files are blocked from:

 

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\*

 

Is it safe to include the GAC folder as an exclusion?

    • Kiril's avatar
      Kiril
      Steel Contributor
      I'll try using Advanced Hunting to figure out if there is more data. However, you're problem seems to the ransom protection. The rule stopping me is the prevention of office applications from creating executable content.
      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        The same exclusions will apply for both ransomware and ASR. Unfortunately there is no way to setup separately as of now. Advanced hunting queries should give you events for ASR.

Resources