Forum Discussion
Kiril
Apr 11, 2022Steel Contributor
ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?
An Excel Addin in our organization is blocked on some user devices by the rule: Block Office applications from creating executable content
The ASR rules report shows that many folders with many *.dll files are blocked from:
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\*
Is it safe to include the GAC folder as an exclusion?
- rahuljindal-MVPBronze ContributorI will advise against it unless the addin is dependent on the dlls and there is no other option. Did you check event logs or run advanced hunting queries to pull data on the addin? Maybe this can help.https://rahuljindalmyit.blogspot.com/2021/11/bloomberg-and-defender-exclusions-using.html
- KirilSteel ContributorI'll try using Advanced Hunting to figure out if there is more data. However, you're problem seems to the ransom protection. The rule stopping me is the prevention of office applications from creating executable content.
- rahuljindal-MVPBronze ContributorThe same exclusions will apply for both ransomware and ASR. Unfortunately there is no way to setup separately as of now. Advanced hunting queries should give you events for ASR.