Forum Discussion

dperusich's avatar
dperusich
Copper Contributor
Jun 07, 2023

Attack surface reduction exclusion for cmd.exe

We have a group of users who are receiving ASR blocks in a design tool we use called Rhino7 for one of the add-ons which is called Ladybug Tools. This addon is a bunch of python libraries, and when they are called they execute "cmd.exe" with various Parent Commandline's, like the one from the code block below.

 

While I certainly do not want to blanket allow any "cmd.exe" execution, how can I craft an ASR Exclusion to account for this?

 

 

Parent Commandline: C:\Windows\system32\cmd.exe /c "honeybee-radiance sunpath parse-hours suns.mod --name sun-up-hours.txt"
Parent Commandline: C:\Windows\system32\cmd.exe /c "honeybee-radiance translate model-to-rad-folder model.hbjson --grid "*" --grid-check"
Parent Commandline: C:\Windows\system32\cmd.exe /c "honeybee-radiance sky mtx sky.wea --name sky --north 0.0 --sky-type sun-only --hourly --sun-up-hours --visible --output-format ASCII --sky-density 1"
Parent Commandline: C:\Windows\system32\cmd.exe /c "honeybee-radiance sky skydome --name rflux_sky.sky --sky-density 1"
Parent Commandline: C:\Windows\system32\cmd.exe /c "honeybee-radiance sky mtx sky.wea --name sky --north 0.0 --sky-type total --hourly --sun-up-hours --visible --output-format ASCII --sky-density 1"

 

 

 

Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
 For more information please contact your IT administrator.
 	ID: 01443614-CD74-433A-B99E-2ECDC07BFC25
 	Detection time: 2023-06-07T15:00:57.573Z
 	User: DOMAIN\user
 	Path: C:\Program Files\ladybug_tools\python\Scripts\honeybee-radiance.exe
 	Process Name: C:\Windows\System32\cmd.exe
 	Target Commandline: 
 	Parent Commandline: C:\Windows\system32\cmd.exe /c "honeybee-radiance sky mtx sky.wea --name sky --north 0.0 --sky-type sun-only --hourly --sun-up-hours --visible --output-format ASCII --sky-density 1"
 	Involved File: 
 	Inheritance Flags: 0x00000000
 	Security intelligence Version: 1.391.723.0
 	Engine Version: 1.1.23050.3
 	Product Version: 4.18.23050.3

 

 

 

No RepliesBe the first to reply

Resources