Defender ASR Per-Rule Process Exclusion

This guide will allow administrators to prevent a granular block or check being enforced on a specified directory path for the ASR rule.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: Device Security

Domain: Attack Surface Reduction Management

Modifies: Attack Surface Reduction Per Rule Process Exclusions

Defender ASR Per-Rule Process Exclusion

  1. Navigate to Attack Surface Reduction – Intune, locate the Security Essentials Attack Surface Reduction configuration item.
  2. Scroll down to Configuration Settings and select Edit.
  3. The default rules will be displayed. Each rule (with the exception of one; Block Persistence Through WMI Event Subscription) will have an ASR Only Per Rule Exclusions toggle; click the Not Configured toggle. It will turn to Configured.
  4. In the text box below, input the full file path to the application requiring exemption as shown.
  5. Click Review and Save on the next page, followed by Save. Rule changes propagate in less than 24 hours.

Need Assistance?

Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.