Software Restriction Policies: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
(One intermediate revision by the same user not shown) | |||
Line 13: | Line 13: | ||
=Additional DENY Rules= | =Additional DENY Rules= | ||
==Path Rules== | ==Path Rules== | ||
* C:\Program Files (x86)\Belgium Identity Card\log\ | |||
* C:\Program Files (x86)\Steam\ | |||
* C:\Program Files\Log\ | |||
* C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\ | |||
* C:\Windows\debug\WIA\ | |||
* C:\Windows\servicing\Packages\ | |||
* C:\Windows\servicing\Sessions\ | |||
* C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\ | |||
* C:\Windows\System32\spool\drivers\color\ | |||
* C:\Windows\System32\Tasks\ | |||
* C:\Windows\System32\Tasks_Migrated\ | |||
* C:\Windows\SysWOW64\Tasks\ | |||
* C:\Windows\Tasks\ | |||
* C:\Windows\Temp\ | |||
Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment! | |||
= Designated File Types = | |||
* hta | |||
* jar | |||
* js | |||
* jse | |||
* ps1 | |||
* wsf | |||
* vba | |||
* vbs | |||
* wsh | |||
* sct | |||
* ... | |||
SRP, AppLocker | SRP, AppLocker |
Latest revision as of 11:28, 28 February 2017
Additional ALLOW Rules
Known exceptions
Path Rules
- C:\Program Files - all installed applications
- C:\Program Files (x86) - all installed applications
- %localappdata%\Microsoft\VisualStudio\14.0\Designer\ShadowCache\ - Visual Studio shadow cache (designer)
Certificate Rules
- Microsoft Corporation - OneDrive executes from %localappdata%\Microsoft\OneDrive
- Cisco - WebExt executes from %temp%
- Teamviewer - Teamviewer executes from %temp%
Additional DENY Rules
Path Rules
- C:\Program Files (x86)\Belgium Identity Card\log\
- C:\Program Files (x86)\Steam\
- C:\Program Files\Log\
- C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
- C:\Windows\debug\WIA\
- C:\Windows\servicing\Packages\
- C:\Windows\servicing\Sessions\
- C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
- C:\Windows\System32\spool\drivers\color\
- C:\Windows\System32\Tasks\
- C:\Windows\System32\Tasks_Migrated\
- C:\Windows\SysWOW64\Tasks\
- C:\Windows\Tasks\
- C:\Windows\Temp\
Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!
Designated File Types
- hta
- jar
- js
- jse
- ps1
- wsf
- vba
- vbs
- wsh
- sct
- ...
SRP, AppLocker