Forum Discussion
Solved
ASR - Behavior Changes - Blocking under User Context Now?
Since July 7-27-2022 I have been seeing around 40 of 1800 machines in my work environment that are showing blocks under %userprofile% or usercontext for .dll blocks. This is new behavior and is rece...
- I've so far only managed to check on one endpoint that was having the issue, However it's Security Intelligence Version updated to 1.373.383.0 this morning and it is no longer showing any symptoms of the problem. So early signs are encouraging that this may be fixed.
Affecting us too and Microsoft have confirmed there is unexpected behaviour from their side with the rule, so hopefully they provide a fix asap brink668
This ASR issue is affecting our existing Outlook add-ins, we haven't deployed any new Outlook add-ins MikePalmer75
- Interesting as we have not heard anything yet regarding the existing ones. Do we know if this is an platform or anti-malware or definition update issue?
Some of our users are also experiencing the similar problems. It started in last 2-3 days and number is growing it seems like.
For us, the issue occurs when a user creates a new Teams Meeting in Outlook and click on the Meeting Options. The meeting options dialog box opens but shows nothing, then a Defender notifications pop up stating that risky action blocked.
Upon further investigation, it seems that Attach Surface Reduction (ASR) feature is blocking the addin files. When a user clicks on "meeting options", it creates a temporary folder and few .js files in C:\Users\<username>\AppData\Local\Microsoft\Windows\INetCache\IE\UDA76Y7T
The ASR considers that a potential threat and blocks it.
We tried to clear the cache, delete temporary files but that didn't fix the issue. We also tried to use Microsoft Support and Recovery Assistant (MSRA) but that didn't fix the issue either.
