Forum Discussion
ASR rule "Block Win32 API calls from Office macro Block XLS
Hi All, we have deploy defender for Endpoint in customer organization and the rule "ASR rule "Block Win32 API calls from Office macro" block old version of Excel with macro, we set exclusion for a pa...
- Have a look in the Defender logs - i found that once you've unblocked the original file location, Excel starts processing the macros using the local user profile 'Content.MSO' folder, so then you have to consider whether you feel you can unblock that location as well. Not ideal from a security perspective.
Interesting that you found that upgrading the Excel file version made a difference, do you have more details on that?
Have a look in the Defender logs - i found that once you've unblocked the original file location, Excel starts processing the macros using the local user profile 'Content.MSO' folder, so then you have to consider whether you feel you can unblock that location as well. Not ideal from a security perspective.
Interesting that you found that upgrading the Excel file version made a difference, do you have more details on that?
Interesting that you found that upgrading the Excel file version made a difference, do you have more details on that?
- Onen
- Hello, nice of "Content.MSO" folder, tomorrow i check with customer and defender log and report to this post.
I let you know.
Many Thanks
Guido
