Try replicating this rule inside of 'User-defined Rules.' I have found that to be needed as well. Though I have not had a problem with DNS getting blocked, so the problem could be elsewhere. Make sure to look in High/Low Risk policies if you have implemented them, not just in the default policy.
I'm interested to know what you find for an answer.
Hi Attila, I think VSE 8.8 (without patches) had some problem by excluding files with more than 8 or 10 characters. If you try to just exclude dns.exe does it work?
Ulyses31, that was a bull's eye, I think, there has been no blocking since this morning when I changed the exclusion to a simple "dns.exe" string.
Ron, Ulyses, thank you!
I'm glad it worked