cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

Kiril
Iron Contributor

‎Apr 11 2022 09:19 AM

‎Apr 11 2022 09:19 AM

ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

An Excel Addin in our organization is blocked on some user devices by the rule: Block Office applications from creating executable content

 

The ASR rules report shows that many folders with many *.dll files are blocked from:

 

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\*

 

Is it safe to include the GAC folder as an exclusion?

Labels:
1,206 Views
0 Likes
3 Replies
Reply
3 Replies
rahuljindal-MVP

‎Apr 11 2022 02:32 PM

‎Apr 11 2022 02:32 PM

Re: ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

I will advise against it unless the addin is dependent on the dlls and there is no other option. Did you check event logs or run advanced hunting queries to pull data on the addin? Maybe this can help.https://rahuljindalmyit.blogspot.com/2021/11/bloomberg-and-defender-exclusions-using.html
1 Like
Reply
Kiril

‎Apr 12 2022 09:02 AM

‎Apr 12 2022 09:02 AM

Re: ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

I'll try using Advanced Hunting to figure out if there is more data. However, you're problem seems to the ransom protection. The rule stopping me is the prevention of office applications from creating executable content.
0 Likes
Reply
rahuljindal-MVP

‎Apr 12 2022 09:31 AM

‎Apr 12 2022 09:31 AM

Re: ASR Exclusion: is it ok to add *.dll from GAC to the exclusion list?

The same exclusions will apply for both ransomware and ASR. Unfortunately there is no way to setup separately as of now. Advanced hunting queries should give you events for ASR.
1 Like
Reply