Forum Discussion
ASR exclusion via GPO not working as expected
MicrosoftHello abl-bgd,
First, it is recommended to go through "How do I know what I need to exclude?" section here: Attack surface reduction frequently asked questions (FAQ) | Microsoft Learn
If you are using GPO, do not use quotes as advised here: Implement attack surface reduction rules | Microsoft Learn
ASR exclusions are independent from Microsoft Defender Antivirus exclusions. However, Microsoft Defender Antivirus exclusions do apply to some attack surface reduction rules. This specific rule doesn't honor AV exclusions.
In other words, if you define the exclusion using this method: Configure and validate exclusions based on extension, name, or location | Microsoft Learn it will not work. You will need this: Implement attack surface reduction rules | Microsoft Learn
Note: Excluding files or folders can severely reduce the protection provided by attack surface reduction rules. Excluded files will be allowed to run, and no report or event will be recorded.
Thanks for that confirmation. The GPO itself has documentation that appears to imply that a quote should be used, but it wasn't working which is what brought me here.