Forum Discussion
Attack Surface Reduction rules with Packaged app
Our application is a Packaged App, distributed using a signed MSIX package. The executable files inside the MSIX package is not signed, since it is our belief that this is not promoted by Microsoft. The package creation tool (inside Visual Studio) does not support signing the individual files going into the package.
We have a customer running Microsoft Defender for Endpoint with a massive set of ASR rules. One of these rules prevents our application from running, since it is not signed (the .exe-file that is).
In this article: https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction-rules-deploymentit is stated at the end:
"Caveat
Some rules don't work well if unsigned, internally developed application and scripts are in high usage. It's more difficult to deploy attack surface reduction rules if code signing isn't enforced."
So my question is: Is it possible to have ASR rules with Zero-day protection act on the Package Identity instead of the signature of the Exe-file?
And if not, should we try to get Microsoft to support signing binary files going into the Msix package?
2 Replies
Hello, I am unaware of solution, but why doesn't excluding the application executables from the highly used ASR rules.
Hi Chandra,
I'm not really familiar with the ASR rules myself, but the problem our customer is indicating is;
our .exe-file is not signed using a code signing certificate, only the application package itself (msix package). In my understanding, this should be enough to be able to specify ASR rules for the application, but our customer is telling me they can only verify certificates on the .ex itself.
The problem is that it is not possible to sign the .exe files when building a signed msix using Microsoft's tools.
