ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

Steel Contributor

An Excel Addin in our organization is blocked on some user devices by the rule: Block Office applications from creating executable content

 

The ASR rules report shows that many folders with many *.dll files are blocked from:

 

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\*

 

Is it safe to include the GAC folder as an exclusion?

3 Replies
I will advise against it unless the addin is dependent on the dlls and there is no other option. Did you check event logs or run advanced hunting queries to pull data on the addin? Maybe this can help.https://rahuljindalmyit.blogspot.com/2021/11/bloomberg-and-defender-exclusions-using.html
I'll try using Advanced Hunting to figure out if there is more data. However, you're problem seems to the ransom protection. The rule stopping me is the prevention of office applications from creating executable content.
The same exclusions will apply for both ransomware and ASR. Unfortunately there is no way to setup separately as of now. Advanced hunting queries should give you events for ASR.