Forum Discussion
ASR Only Per Rule Exclusions doesn't work - AsrOfficeCommAppChildProcessBlocked - global did
Hello, I'm trying exclude an application from ASR rule "Block Office communication application from creating child processes" but it doesn't work. ASR global exclusion ("Attack Surface Reduction On...
Its been a while since i looked into this, asking Bing Chat i get the following:
Within Microsoft Endpoint Manager (MEM), it’s not possible to add per-rule exclusions to an existing policy. Instead, the workaround is to create a new policy in MEM, effectively replacing the existing one to incorporate the desired per-rule exclusions. While this approach may seem cumbersome, it’s the current implementation for achieving the desired configuration.
Within Microsoft Endpoint Manager (MEM), it’s not possible to add per-rule exclusions to an existing policy. Instead, the workaround is to create a new policy in MEM, effectively replacing the existing one to incorporate the desired per-rule exclusions. While this approach may seem cumbersome, it’s the current implementation for achieving the desired configuration.
- Hi Thomas,
I don't know where you found this but I found different information. I read documentation: https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy
and there si:
"ASR policies do not support merge functionality for ASR Only Per Rule Exclusions and a policy conflict can result when multiple policies that configure ASR Only Per Rule Exclusions for the same device conflict. To avoid conflicts, combine the configurations for ASR Only Per Rule Exclusions into a single ASR policy. We are investigating adding policy merge for ASR Only Per Rule Exclusions in a future update."- Yes that is true, but modify a policy to add exclusions never worked properly, i had to delete the exclusion policy and recreate it with the new modifications to make it work, but this was almost a year ago when i had to do this.
its one of the many MS stuff that comes out which is not really as ready as it should be. beta versions.- So you create new policy when you need to create per rule exclusion and there is just this one rule configured?
It would meen to have one policy with global configuration where rule without exclusions are and multiple policies where there is just one ASR rule with exclusion is. Am I right?
Thank you.
