Forum Discussion
Solved
ASR - Behavior Changes - Blocking under User Context Now?
Since July 7-27-2022 I have been seeing around 40 of 1800 machines in my work environment that are showing blocks under %userprofile% or usercontext for .dll blocks. This is new behavior and is rece...
- I've so far only managed to check on one endpoint that was having the issue, However it's Security Intelligence Version updated to 1.373.383.0 this morning and it is no longer showing any symptoms of the problem. So early signs are encouraging that this may be fixed.
We are also facing the issue on several computers. The strange thing is, that all the version (Defender Engine, Signatures, Outlook and Windows) are reporting the same on affected and non-affected machines. Even the outlook internal help (press F1) is blocked.
We have also created a Microsoft case.
We provision the rules using Configuration Manager.
we received the answer that it is indeed a known issue that has to be solved by the ms product team
we use intune to deliver
AsrExecutableEmailContentBlocked
If you get a response to say it has been fixed or if we are required to make any changes it would be great if you could post them here.
Thanks
- same for us. we had tech support adding hash based indicators in defender365 -> settings -> indicators
first we used hash from loaded plugin dll -> did not help
today we added all dll from the plugin (condeco) -> didnt help
currently we are waiting for additional microsoft support callback - Microsoft Support have talked us through adding the file hash of each blocked Outlook add-in DLLs to "Indicators" in the security.microsoft.com portal. We're waiting for more info on how we can check it has applied to a device (Event Viewer, reg key(s), etc), does anyone know please?
- we also added an indicator based on condeco hash. did not fix it.
or problem plugin no1 is condeco
