There's an ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" . I find this quite vague.
This is effectively a form of cloud whitelisting. Per Rule: Block executable files from running unless they meet a prevalence, age, or trusted list criteria · Issue #1593 · MicrosoftDocs/windows-itpro-docs this is controlled by Microsoft.
But is there a place where we can see what's allowed and what's blocked? what are the criteria?
Recently I updated a perfectly legit executable that I need ( the update also being perfectly legit ) and after wasting time on why it didn't work anymore, it turned out disabling this did the trick.
Does anyone have more info on what's in the list, what are the criteria used to enter the list etc?
Also does this even work when offline ?
This is effectively a form of cloud whitelisting. Per Rule: Block executable files from running unless they meet a prevalence, age, or trusted list criteria · Issue #1593 · MicrosoftDocs/windows-itpro-docs this is controlled by Microsoft.
But is there a place where we can see what's allowed and what's blocked? what are the criteria?
Recently I updated a perfectly legit executable that I need ( the update also being perfectly legit ) and after wasting time on why it didn't work anymore, it turned out disabling this did the trick.
Does anyone have more info on what's in the list, what are the criteria used to enter the list etc?
Also does this even work when offline ?