Question from a security admin here: Is there a way to make the Swift tooling on Windows to use a different folder than "C:\Users[username]\AppData\Local\Temp" to create executables?
Unknown executables that run in a predictable folder is exactly what I want to prevent using Defender Attack Surface Reduction. So currently, our developers need to use a dedicated vm without access to our company infrastructure to develop Swift programs (execution of unknown programs in "...\Temp" will be blocked). That's not really an optimal experience (neither not having access to company resources, nor developing swift on a vm).
Because we fully understand that a developer does create unknown executables (that's her/his job), we have a special path for development where we don't apply some of the security rules - but excluding the temp folder from blocking unknown executables to run (even with a specific name) is not an option for us.