Forum Discussion
ASR Exclusions
Hi all,
I've been experiencing with ASR exclusions at several clients with same results...
1. Rules in Audit mode, exclusion added but file keep comming back in report for all exclusions...
2. Using Get-MpPreference on endpoint do not show any exclusion at all
Endpoints are W10/11 22h2
My questions are
1. Do exclusions only get pushed to endpoint on block mode?
2. Exclusions are being added to the asr policy, do i need to set them some place else? GPO?
3. If I create a audit policy and a block policy with different group assignment, setting same exclusions in both. Moving endpoint from the audit group to the block group. Will this work? Ive been told only one asr policy can be in place audit or block....
4. Per rule exclusions, ive been told not to use... not working... is this true?
Thank you
- In this scenario I will recommend you to open a premier ticket . I am 100 sure normal ticket wont help you brother . I am sorry
- SABBIR_RUBAYATIron ContributorYou can run ASR as audit mode or block mode. But its better to run in audit mode first. Audit mode lets you see a record of what would have happened if you had enabled the feature. You can also get an idea of how many suspicious file modification attempts occur over a certain period of time. The features won't block or prevent apps, scripts, or files from being modified.
Please do not forget to mark helpful if you find my comment helpful- Francois_PapillonCopper ContributorAllready running in audit mode, but audit or block, exceptions never get to endpoints and every exceptions will still show up in the list... exceptions simply dont work at all, I got over 10 clients in the excact same position. ASR is unusable without exceptions
- SABBIR_RUBAYATIron ContributorI think ASR works better with intune . I have deployed ASR exclutions for some devices which are managed by intune and I had better experience .
NB : Intune devices were enrolled with autopilote as many feature will not work based on which why you have enrolled your devices . same rule didnt worked for teh devices which are managed by local AD . you can give it a try
- mikhailfSteel ContributorIt would be great to have an answer from Microsoft about ASR.
It seems that ASR doesn’t work as it should.
We have done several tests and sometime exclusions do not apply, sometimes, Block/Audit configuration doesn’t apply. - Francois_PapillonCopper ContributorReally no one are using ASR exclusions? Microsoft ?
- GuruLeeBrass ContributorOur ASR per rule exclusions for folder paths starting with a UNC or a wildcard path '*\path\to\file\*' do not work.
How do we exclude files in such a path?