ASR Only Per Rule Exclusion not working on Azure Arc Onboarded VM

Hi all! We are having difficulty understanding the logic of ASR Only Per Rule Exclusions in Intune.

We have an on-premise Azure Arc Onboarded VM including Microsoft Defender for Servers.

Via Intune we have configured an Attack Surface Reduction policy that sets ASR rule 'Block executable files from running unless they meet a prevalence, age, or trusted list criteria' to WARN. Together with this settings we have configured 1 exception based on an executable path (C:\path\executable.exe). This policy set is applied correctly to the VM, based on these checks we performed:

• Intune: ASR Policies > ASR Policy > Report > 'VM' > ASR Only Per Rule Exclusions: Setting Status Succeeded

• 'VM' > Powershell > get-mpprefence: Path of excluded executable is shown in the overview.

However, the strange part is that we still see this executable being blocked with an option to override the block (WARN) by ASR rule 'Block executable files from running unless they meet a prevalence, age, or trusted list criteria'. The block is also shown in the Timeline of events (in security.microsoft.com).

Does this sound familiar? Are we missing something? Any help is appreciated, thanks in advance!