- Jul 3, 2015
I always had success in the past when disabling this particular ASR rule.Does everything work well when this ASR rule is disabled (reboot is necessary) in ConfigureDefender and mshta.exe is unblocked in H_C?
I am asking, because something else interferes with this issue, too. The driver/software actions are not fully blocked or something prevents the proper logging.
What Enforcement setting do you have?
Yesterday I disabled a lot of ASR rules, and did not test that one in particular.
As for MSHTA, I used to run the program as admin, to get around the problem. The program is not installed right now.