3,954 questions
Does the actiontype actually say block? Where are you configuring the exclusions in ASR? Per rule or all?
Windows Defender ASR blocking msedgewebview2.exe for an EXCEL plugin
Zach
106
Reputation points
We have an issue where an ASR rule "Block all Office applications from creating child processes" keeps blocking this S&P CapIQ plugin that Excel uses and prevents the user from being able to leverage the app properly.
here are some screenshots of the timeline section in the defender portal:
we have tried to add it as an exclusion as below, but no matter what type of exclusion even if we do the directory, it still fails.... and blocks the plugin.
any suggestions on how we can get this to work? why does ASR so sensitive and not as friendly when it comes to the excludes, it doesn't really seem to make much sense.
Microsoft 365 and Office | Excel | For business | Windows
Windows for business | Windows Client for IT Pros | User experience | Other
{count} vote
-
Ziggy Kowalski 1 Reputation point2023-07-06T18:24:14.58+00:00 We have this same issue, were you able to find a resolution?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 61%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Paul Costello 0 Reputation points2023-07-06T18:39:50.42+00:00 I’ve had the same problem with an outlook plugin. Tried per ASR rule and global exception. The ASR rule still blocks it but not for everyone. I have about 700 users currently and it happens to some but not all and all use the application the same. In the end I had to put the ASR rule into audit mode… MS any answer? Been going on for months!
-
Ziggy Kowalski 1 Reputation point
2023-07-12T17:31:55.22+00:00 I was able to get to this to work by using the ASR Only Per Rule Exclusions
For Block all Office applications from creating child processes I added:
- C:\Program Files\SP Global Market Intelligence\SP Capital IQ Office\MSEdge*\msedgewebview2.exe
For Block Office applications from injecting code into other processes I added:
- C:\Program Files\SP Global Market Intelligence\SP Capital IQ Office\MSEdge*\msedgewebview2.exe
- C:\Program Files\SP Global Market Intelligence\SP Capital IQ Office\SNL.Clients.Office.Host.exe
That has allowed the add-in to work without issue
Sign in to comment
1 answer
Sort by: Most helpful
-
Rahul Jindal [MVP] 10,911 Reputation points MVP2023-01-28T08:10:47.0933333+00:00 -
Zach 106 Reputation points
2023-01-30T15:34:25.6033333+00:00 yup action type says block since we have our ASR rule set to block.
we are configuring the ASR exception under Microsoft Endpoint Manager, Endpoint Security section
-
Zach 106 Reputation points
2023-02-10T16:24:57.1166667+00:00 any further ideas?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 11%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Guillaume AMGAR 6 Reputation points2023-02-17T09:20:38.4966667+00:00 Hi did you find a solution (same issue with our Factset Excel plugin that is blocking Excel from running
Sign in to comment -