Software Restriction Policies: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
Line 13: Line 13:
=Additional DENY Rules=
=Additional DENY Rules=
==Path Rules==
==Path Rules==
* C:\Program Files (x86)\Belgium Identity Card\log\
* C:\Program Files (x86)\Steam\
* C:\Program Files\Log\
* C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
* C:\Windows\debug\WIA\
* C:\Windows\servicing\Packages\
* C:\Windows\servicing\Sessions\
* C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
* C:\Windows\System32\spool\drivers\color\
* C:\Windows\System32\Tasks\
* C:\Windows\System32\Tasks_Migrated\
* C:\Windows\SysWOW64\Tasks\
* C:\Windows\Tasks\
* C:\Windows\Temp\




Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!





Revision as of 12:57, 5 January 2017

Additional ALLOW Rules

Known exceptions

Path Rules

  • C:\Program Files - all installed applications
  • C:\Program Files (x86) - all installed applications
  • %localappdata%\Microsoft\VisualStudio\14.0\Designer\ShadowCache\ - Visual Studio shadow cache (designer)

Certificate Rules

  • Microsoft Corporation - OneDrive executes from %localappdata%\Microsoft\OneDrive
  • Cisco - WebExt executes from %temp%
  • Teamviewer - Teamviewer executes from %temp%

Additional DENY Rules

Path Rules

  • C:\Program Files (x86)\Belgium Identity Card\log\
  • C:\Program Files (x86)\Steam\
  • C:\Program Files\Log\
  • C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
  • C:\Windows\debug\WIA\
  • C:\Windows\servicing\Packages\
  • C:\Windows\servicing\Sessions\
  • C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
  • C:\Windows\System32\spool\drivers\color\
  • C:\Windows\System32\Tasks\
  • C:\Windows\System32\Tasks_Migrated\
  • C:\Windows\SysWOW64\Tasks\
  • C:\Windows\Tasks\
  • C:\Windows\Temp\


Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!




SRP, AppLocker