This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 11%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
hi
we activated in block mode after audit the ASR rule "Block all office application from creating child process"
But exclusions does not seems to work (for testing)
In deed we work with Factset software that add a plugin in Excel that inject data in Excel but they are all blocked
Even excel does not open when launching the Factset plugin
Factset is well know legitimate software its so strange that MS does not have a whitelist but anyway, exclusion are not working at all
thanks for, your help
Try removing the * after factset\ . Check if the exclusions are actually applying on the machine. Get-mpprefence run with admin privileges should get you the list.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Guillaume AMGAR, Thanks for posting in Q&A.
Based on my research, it seems the asterisk replaces a single folder. For our situation, I think we can change the value to C:\Program Files (x86)\Factset*.exe. Here is a link with more details for your reference:
Meanwhile, I notice per-rule exclusions cannot be added to the existing policy. As it is currently implemented, in order to configure per-rule exclusions, you must create a new policy in MEM to replace the existing policy. Please create a new policy with the new setting value to see if it works:
Hope it can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
hi
thanks
sorry i do not understand what MS mean for the per rule exclusions .. i need to create a dedicated policy for the "Block all office application from creating child process" only with the exclusion?
@Guillaume AMGAR, Thanks for the reply.
Based on my understanding, if the previoud policy does not include the exclustion, we need to create a same policy as the previous one and add the exlcusion. If the previous policy already include the exclusion, maybe we can change it directly.
thanks, i ll check also with the support, ill keep you updated
for now i m using global ASR exclusion which are working
@Guillaume AMGAR, Thanks for letting us know the status. If there's any more update, feel free to let us know.
Have a nice day!