Use this operation to manage file path and application exceptions for Defender Attack Surface Reduction (ASR) rules.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: Device Security
Domain: Attack Surface Reduction Management
Modifies: Defender Attack Surface Reduction Per-Rule File Path Exception, Defender Attack Surface Reduction All-Rule File Path Exception, Defender Controlled Folder Access Application Exception
When to Perform this Operation
As Needed: Proactive or in Response to User/Security
Technical Description and Importance
Managing Defender Attack Surface Reduction (ASR) exceptions ensures that security controls remain effective while allowing necessary applications and files to function without disruption. Per-rule file path exemptions enable specific files to bypass only selected ASR rules, maintaining protection under others, while all-rule exemptions remove ASR enforcement entirely and should be used cautiously. Controlled Folder Access (CFA) application exceptions grant authorized programs access to protected folders, preventing unnecessary restrictions on critical processes. By carefully managing these exceptions, organizations can reduce operational friction while maintaining a strong security posture. Regularly reviewing and adjusting these exemptions helps minimize potential security gaps and supports alignment with potential compliance or organizational requirements.
Management Options
- Exempt a File Path Per-Rule
- Exempt a File Path from All Rules
- Controlled Folder Access Application Exception
Exempt a File Path Per-Rule:
Purpose
Adds an ASR exception for a specific file path under selected rules.
Use Case
A custom business application is flagged under a single ASR rule but needs to be allowed without disabling protection entirely.
Exempt a File Path from All Rules:
Purpose
Removes a file path from all ASR rules, bypassing ASR enforcement entirely.
Use Case
A critical system file necessary for operations is consistently blocked by ASR rules and requires full exemption.
Controlled Folder Access Application Exception:
Purpose
Allows an application to write to protected folders under Controlled Folder Access.
Use Case
A legitimate application needs access to a protected folder but is being blocked by CFA.
| Operation | Action | Target |
| Exempt a File Path Per-Rule | Addition | Defender Attack Surface Reduction Per-Rule File Path Exception |
| Exempt a File Path from All Rules | Addition | Defender Attack Surface Reduction All-Rule File Path Exception |
| Controlled Folder Access Application Exemption | Addition | Defender Controlled Folder Access Application Exception |
Exempt a File Path Per-Rule
This operation adds an exception for a specific file path under selected ASR rules, allowing necessary files to function while maintaining other protections.
1. Defender Attack Surface Reduction Per-Rule Exception Addition
Exempt a File Path from All Rules
This operation fully exempts a file path from all ASR rules, effectively removing all Defender ASR protections from the specified file.
1. Defender Attack Surface Reduction All-Rule Exception Addition
Controlled Folder Access Application Exception
This operation allows an application to access and modify files in protected folders under Defender’s Controlled Folder Access feature.
1. Defender Controlled Folder Access Application Exception
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.