This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 96%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK5%3C/text%3E%3C/svg%3E)
Hello there
We've deployed ASR Rules via Sec. Basline for our customer. We've also installed an Outlook Plug-in (officeatwork) for managing Signatures in Outlook. On one device the ASR-Rule blocks the Outlook Add-In via "msedgewebview2.exe".
On the other device in the same tenant, same configuration everything is fine, no blocks.
How does it come? Any ideas?
Best regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
KW-5111, Hope the things are going well. I am writing to see if we have the opportunity to try the following suggestions. if there's any update, feel free to let us know.
You can try to track ASR audit report in M365, which ASR rule causes that block and then remove that single ASR rule.
Well, I know which Rule (Block all Office applications from creating child processes) it is. I want to understand the behaviour. I don't want to remove the Rule.
I know which Rule blocks -> Block all Office applications from creating child processes
Indeed it is strange, if you have 50/50 behavior. Can you doublecheck, are exactly policies and configurations applying to both computers?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 83%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
I would deploy ASR rules via an Endpoint security Attack Surface Reduction Rules Policy. This allows you to put every rule on audit to begin with and monitor them to detect valid behaviors that shouldn't be blocked by the policy. Once you detect them, you can add per rule exclusions to each ASR rule. See screenshots below for instuctions.
If the response is helpful, please click "Accept Answer" and upvote it.