Our VSTO add-in is blocked at startup by Windows Defender attack surface reduction rules
Our add-in is developed in .NET C# / VSTO and signed with an up-to-date standard signing certificate.
However we start to have clients complaining about Windows Defender attack surface reduction rules preventing the add-in to start (on Excel startup).
In particular when Excel tries to use a e.g: %localappdata%Temp\2\Deployment\9CNA55QQ.ZA6\WVJ7LGP0.26A.application (the folder is actually random), the rules reject and prompt.
How can we solve this issue, without asking the client to exclude the whole %localappdata%Temp\2\Deployment\ folder from the surface attack rules ?
Should we use an EV signing certificate ?
Is there any others explanations ?