Forum Discussion
ASR Rule Blocking ms-teams.exe
Hi, We have seen the ASR Rule for, 'Block Office communication application from creating child processes' start to block ms-teams.exe, this morning which is causing quite a lot of issues in the e...
We had the same issue, but now everything it is working again. In case you have Defender XDR, via advanced hunting you can see how big the impact was.
Query:
DeviceEvents
| where ActionType startswith 'Asr' and ActionType startswith "AsrOffice" and FileName == "ms-teams.exe"
| order by Timestamp
Query end.
Personally I think it was a bad Endpoint protection signature update. But now everything is back to normal.
Regards Raphi
Query:
DeviceEvents
| where ActionType startswith 'Asr' and ActionType startswith "AsrOffice" and FileName == "ms-teams.exe"
| order by Timestamp
Query end.
Personally I think it was a bad Endpoint protection signature update. But now everything is back to normal.
Regards Raphi