Hello @Phil M !
I will ask you a maybe obvious thing but bare with me !
Did you read this :
Block executable files from running unless they meet a prevalence, age, or trusted list criterion
This rule blocks executable files, such as .exe, .dll, or .scr, from launching. Thus, launching untrusted or unknown executable files can be risky, as it might not be initially clear if the files are malicious.
You must enable cloud-delivered protection to use this rule.
The rule Block executable files from running unless they meet a prevalence, age, or trusted list criterion with GUID
01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. This rule uses cloud-delivered protection to update its trusted list regularly.
You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to.
Executables that don't meet a prevalence, age, or trusted list criteria
Configuration Manager name:
Block executable files from running unless they meet a prevalence, age, or trusted list criteria
Advanced hunting action type:
Dependencies: Microsoft Defender Antivirus, Cloud Protection
Could you verify the config and if possible send some screenshots or info ?
Thank you !
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!