Software Restriction Policies: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
 
(One intermediate revision by the same user not shown)
Line 13: Line 13:
=Additional DENY Rules=
=Additional DENY Rules=
==Path Rules==
==Path Rules==
* C:\Program Files (x86)\Belgium Identity Card\log\
* C:\Program Files (x86)\Steam\
* C:\Program Files\Log\
* C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
* C:\Windows\debug\WIA\
* C:\Windows\servicing\Packages\
* C:\Windows\servicing\Sessions\
* C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
* C:\Windows\System32\spool\drivers\color\
* C:\Windows\System32\Tasks\
* C:\Windows\System32\Tasks_Migrated\
* C:\Windows\SysWOW64\Tasks\
* C:\Windows\Tasks\
* C:\Windows\Temp\




Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!




 
= Designated File Types =
* hta
* jar
* js
* jse
* ps1
* wsf
* vba
* vbs
* wsh
* sct
* ...






SRP, AppLocker
SRP, AppLocker

Latest revision as of 11:28, 28 February 2017

Additional ALLOW Rules

Known exceptions

Path Rules

  • C:\Program Files - all installed applications
  • C:\Program Files (x86) - all installed applications
  • %localappdata%\Microsoft\VisualStudio\14.0\Designer\ShadowCache\ - Visual Studio shadow cache (designer)

Certificate Rules

  • Microsoft Corporation - OneDrive executes from %localappdata%\Microsoft\OneDrive
  • Cisco - WebExt executes from %temp%
  • Teamviewer - Teamviewer executes from %temp%

Additional DENY Rules

Path Rules

  • C:\Program Files (x86)\Belgium Identity Card\log\
  • C:\Program Files (x86)\Steam\
  • C:\Program Files\Log\
  • C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
  • C:\Windows\debug\WIA\
  • C:\Windows\servicing\Packages\
  • C:\Windows\servicing\Sessions\
  • C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
  • C:\Windows\System32\spool\drivers\color\
  • C:\Windows\System32\Tasks\
  • C:\Windows\System32\Tasks_Migrated\
  • C:\Windows\SysWOW64\Tasks\
  • C:\Windows\Tasks\
  • C:\Windows\Temp\


Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!


Designated File Types

  • hta
  • jar
  • js
  • jse
  • ps1
  • wsf
  • vba
  • vbs
  • wsh
  • sct
  • ...


SRP, AppLocker

Retrieved from "https://mendelonline.be/wiki/index.php?title=Software_Restriction_Policies&oldid=469"