Forum Discussion
ASR rule "Block Win32 API calls from Office macro Block XLS
Hi All, we have deploy defender for Endpoint in customer organization and the rule "ASR rule "Block Win32 API calls from Office macro" block old version of Excel with macro, we set exclusion for a path that contain this file but problem persist.
If we convert this file into new version of Excel problem not appears, there is a solution for this problem or we need to convert all files into new version ?
Many Thanks
Guido
- Have a look in the Defender logs - i found that once you've unblocked the original file location, Excel starts processing the macros using the local user profile 'Content.MSO' folder, so then you have to consider whether you feel you can unblock that location as well. Not ideal from a security perspective.
Interesting that you found that upgrading the Excel file version made a difference, do you have more details on that?
3 Replies
- Have a look in the Defender logs - i found that once you've unblocked the original file location, Excel starts processing the macros using the local user profile 'Content.MSO' folder, so then you have to consider whether you feel you can unblock that location as well. Not ideal from a security perspective.
Interesting that you found that upgrading the Excel file version made a difference, do you have more details on that?- Onen
