Software Restriction Policies
Jump to navigation
Jump to search
Additional ALLOW Rules
Known exceptions
Path Rules
- C:\Program Files - all installed applications
- C:\Program Files (x86) - all installed applications
- %localappdata%\Microsoft\VisualStudio\14.0\Designer\ShadowCache\ - Visual Studio shadow cache (designer)
Certificate Rules
- Microsoft Corporation - OneDrive executes from %localappdata%\Microsoft\OneDrive
- Cisco - WebExt executes from %temp%
- Teamviewer - Teamviewer executes from %temp%
Additional DENY Rules
Path Rules
- C:\Program Files (x86)\Belgium Identity Card\log\
- C:\Program Files (x86)\Steam\
- C:\Program Files\Log\
- C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
- C:\Windows\debug\WIA\
- C:\Windows\servicing\Packages\
- C:\Windows\servicing\Sessions\
- C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
- C:\Windows\System32\spool\drivers\color\
- C:\Windows\System32\Tasks\
- C:\Windows\System32\Tasks_Migrated\
- C:\Windows\SysWOW64\Tasks\
- C:\Windows\Tasks\
- C:\Windows\Temp\
Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!
Designated File Types
- hta
- jar
- js
- jse
- ps1
- wsf
- vba
- vbs
- wsh
- sct
- ...
SRP, AppLocker