References mentioned to stuff, no info on where to find it.

[povlhp]

trafficstars

You write: In cases in which blocks aren't self resolved in a timely manner, customers can - at their own risk - make use of either the self-service mechanism or an Indicator of Compromise (IOC)-based "allow list" capability to unblock the files themselves.

But you do not refer how to do this up front. We have multiple apps that I would exempt based on SHA1 - which I possible could do if I had an alert. But how to I exempt file checksums without getting a block alert first ? And what is the self-service ? A

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 00912431-041e-9578-d5c9-08b376d7474f
• Version Independent ID: 00912431-041e-9578-d5c9-08b376d7474f
• Content: ASR rules deployment phase 3 - implement
• Content Source: microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-3.md
• Product: m365-security
• Technology: mde
• GitHub Login: @jweston-1
• Microsoft Alias: v-jweston

[yogkumgit]

@jweston-1 Please help us in resolving this issue. Thanks

[jweston-1]

Working with product team to resolve

[jweston-1]

in progress

[jweston-1]

Sent a follow up mail requesting details to answer the customers 3 questions.