Skip to main content
Skip table of contents

Windows Defender is blocking Outlook COM add-in

Problem/Situation

Can’t use the Outlook COM add-in due to error messages relating to the Windows Defender popping up which is blocking or deleting some/all files inside the local add-in-folder. The following symptoms can be related to this issue:

  • Jira buttons in Outlook are missing after an update

  • Jira buttons in Outlook do not work on click

  • Windows defender is showing “action has been blocked” error notifications when working with the COM add-in

  • Event viewer entries for Windows defender with the following content

CODE 
Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
 For more information please contact your IT administrator.
 	ID: BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
 	Detection time: 2023-01-26T13:15:11.906Z
 	User: AzureAD\****
 	Path: C:\Users\****\AppData\Local\OutlookEmailForJira\update\jira_for_outlook.dll

Cause

The cause for this issue is one or more Windows Defender / Microsoft Endpoint Manager policies (ASR rules), disallowing software from executing certain commands from Outlook. The following rule in particular is causing many problems:

  • Block executable content from email client and webmail

  • Block Office applications from creating executable content

  • Block Office communication application from creating child processes

These rules are overeager in blocking content from legitimate, signed Outlook add-ins.

Solution

There a different solutions to this issue, depending on what your options are.

Solution #1

Switch to our Office add-in - this is a web based, more lightweight version of our add-in, that supports a wide variety of systems & platforms already. It’s much easier to deploy as well. Learn more about the differences.

Solution #2

In case you want to continue using the COM add-in, you have different options.

  • Turn off the relevant ASR rules in Microsoft Endpoint Manager (see above), or set them to “Warn”

  • Configure an exception for the Outlook add-in folder, centrally

    • The machine-wide installer installs to %ProgramFiles%\Outlook Email for Jira

    • The per-user installer installs to %LocalAppData%\OutlookEmailForJira

  • Manually exclude the Outlook add-in folder on a machine

    • Go to Windows Security → Virus & threat protection → Virus & threat protection settings → Manage settings → Exclusions → add or remove an exclusion → add an exclusion

    • When hitting the button choose “folder” and fill in: %LOCALAPPDATA%\OutlookEmailForJira

    • Now click on “select folder”

    • The following screen should appear (the username is of course individual)

References

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/asr-behavior-changes-blocking-under-user-context-now/td-p/3589618

https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close