Software Restriction Policies

From WikiWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Additional ALLOW Rules

Known exceptions

Path Rules

  • C:\Program Files - all installed applications
  • C:\Program Files (x86) - all installed applications
  • %localappdata%\Microsoft\VisualStudio\14.0\Designer\ShadowCache\ - Visual Studio shadow cache (designer)

Certificate Rules

  • Microsoft Corporation - OneDrive executes from %localappdata%\Microsoft\OneDrive
  • Cisco - WebExt executes from %temp%
  • Teamviewer - Teamviewer executes from %temp%

Additional DENY Rules

Path Rules

  • C:\Program Files (x86)\Belgium Identity Card\log\
  • C:\Program Files (x86)\Steam\
  • C:\Program Files\Log\
  • C:\Program Files\Microsoft SQL Server\130\Shared\ErrorDumps\
  • C:\Windows\debug\WIA\
  • C:\Windows\servicing\Packages\
  • C:\Windows\servicing\Sessions\
  • C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys\
  • C:\Windows\System32\spool\drivers\color\
  • C:\Windows\System32\Tasks\
  • C:\Windows\System32\Tasks_Migrated\
  • C:\Windows\SysWOW64\Tasks\
  • C:\Windows\Tasks\
  • C:\Windows\Temp\


Do run https://mssec.wordpress.com/2015/10/22/applocker-bypass-checker/ on your environment!


Designated File Types

  • hta
  • jar
  • js
  • jse
  • ps1
  • wsf
  • vba
  • vbs
  • wsh
  • sct
  • ...


SRP, AppLocker