Software Restriction Policies

From WikiWiki

Revision as of 11:28, 28 February 2017 by Mendel (talk | contribs)

(change visibility) (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Additional ALLOW Rules

Known exceptions

Path Rules

C:\Program Files - all installed applications
C:\Program Files (x86) - all installed applications
%localappdata%\Microsoft\VisualStudio\14.0\Designer\ShadowCache\ - Visual Studio shadow cache (designer)

Certificate Rules

Microsoft Corporation - OneDrive executes from %localappdata%\Microsoft\OneDrive
Cisco - WebExt executes from %temp%
Teamviewer - Teamviewer executes from %temp%

Additional DENY Rules

Path Rules

C:\Program Files (x86)\Belgium Identity Card\log\
C:\Program Files (x86)\Steam\
C:\Program Files\Log\
C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
C:\Windows\debug\WIA\
C:\Windows\servicing\Packages\
C:\Windows\servicing\Sessions\
C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
C:\Windows\System32\spool\drivers\color\
C:\Windows\System32\Tasks\
C:\Windows\System32\Tasks_Migrated\
C:\Windows\SysWOW64\Tasks\
C:\Windows\Tasks\
C:\Windows\Temp\

Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!

Designated File Types

hta
jar
js
jse
ps1
wsf
vba
vbs
wsh
sct
...

SRP, AppLocker

Retrieved from "https://mendelonline.be/wiki/index.php?title=Software_Restriction_Policies&oldid=469"