Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
ASR Rule: Block executable files from running unless they meet a prevalence, age, or trusted list criteria
Message
<blockquote data-quote="Andy Ful" data-source="post: 842908" data-attributes="member: 32260"><p>My freshly compiled applications (before submitting to Microsoft) often trigger the WD ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria". Sometimes they are also detected as trojans by WD Cloud delivered protection.</p><p>I can usually avoid the false positive alarms by running the executables offline, just after finishing the compilation. After this, the file is ignored both by this rule and also by the Cloud delivered protection.</p><p></p><p>The same can be done for application updaters with very low prevalence, after checking them by other methods to be sure that they are safe.</p><p>Otherwise, if the file was run online and was blocked by this ASR rule, I simply turn off the rule, reboot, run the file once, and turn the ASR rule again. The rule requires restarting Windows to work properly again, but the file is ignored afterward.</p><p></p><p>Normally, there is no need to bypass this ASR rule, just wait a day or two and most updaters will be allowed again.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 842908, member: 32260"] My freshly compiled applications (before submitting to Microsoft) often trigger the WD ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria". Sometimes they are also detected as trojans by WD Cloud delivered protection. I can usually avoid the false positive alarms by running the executables offline, just after finishing the compilation. After this, the file is ignored both by this rule and also by the Cloud delivered protection. The same can be done for application updaters with very low prevalence, after checking them by other methods to be sure that they are safe. Otherwise, if the file was run online and was blocked by this ASR rule, I simply turn off the rule, reboot, run the file once, and turn the ASR rule again. The rule requires restarting Windows to work properly again, but the file is ignored afterward. Normally, there is no need to bypass this ASR rule, just wait a day or two and most updaters will be allowed again. [/QUOTE]
Insert quotes…
Verification
Post reply
Top