-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aztfexport.exe blocked by ASR rules #489
Labels
Comments
@AaronHorn Can you try to install the tool via |
I tried this, it seems to work. However the version Go installed also now seems to work, even with the ASR exclusions removed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've just installed aztfexport using
go install github.com/Azure/aztfexport@latest
When I try to run the binary, it is being blocked by Microsoft Defender's Attack Surface Reduction (ASR) rules.
In event log:
In Windows Security:
Defender log file:
MPLog.log
The problem is because I have the ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" 01443614-cd74-433a-b99e-2ecdc07bfc25 (https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) set.
Fix is
But is there anything that can be done from the project side to prevent this happening?
The text was updated successfully, but these errors were encountered: