AppLocker

For severs look at https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls
https://dailysysadmin.com/KB/Article/6773/configuring-windows-applocker-to-protect-against-ransomware-attacks/

GitHub – microsoft/AaronLocker: Robust and practical application control for Windows

<AppLockerPolicy Version=”1?>
<RuleCollection Type=”Appx” EnforcementMode=”Enabled”>
<FilePublisherRule Id=”041c480f-6af0-44b6-b712-ebc33913a055? Name=”All signed packaged apps” Description=”Allows members of the Everyone group to run packaged apps that are signed.” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”*” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”0.0.0.0? HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
<RuleCollection Type=”Dll” EnforcementMode=”Enabled”>
<FilePublisherRule Id=”077ff552-89db-4a1b-b96f-69a2029a87c5? Name=”Allow TeamViewer Signed DLLs” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=TEAMVIEWER GMBH, L=GÖPPINGEN, S=BADEN-WÜRTTEMBERG, C=DE” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id=”0b988045-bfc3-4743-af15-15befe6481ac” Name=”Allow Google Chome SWReport” Description=”Allow Google Chome SWReport” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=ESET, SPOL. S R.O., L=BRATISLAVA, C=SK” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id=”162b11dc-5354-45b5-bffb-c5cf90e80ed6? Name=”Signed by O=LOGMEIN, INC., L=BOSTON, S=MASSACHUSETTS, C=US” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=LOGMEIN, INC., L=BOSTON, S=MASSACHUSETTS, C=US” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id=”fefe4e2f-ffdd-41af-a6db-3c76cfd1258d” Name=”Allow Microsoft Teams DLL” Description=”” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US” ProductName=”MICROSOFT TEAMS” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePathRule Id=”005965d8-fab3-4cfb-9abe-d5275b4590dc” Name=”Allow Webroot DLLs located in Programdata” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\PROGRAMDATA\WRDATA\PKG\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”09beea3d-5937-4385-b20d-b3c986099728? Name=”All DLLs located in the Program Files folder” Description=”Allows members of the Everyone group to load DLLs that are located in the Program Files folder.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%PROGRAMFILES%\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”23087465-767b-4c19-8ec4-b9a2906a2dd6? Name=”Allow TeamViewer DLLs” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\TEMP\*\TVGETVERSION.DLL” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”53d22ff2-8117-41de-8997-e352abab4ea4? Name=”All DLLs in Windows Defender folder” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%OSDRIVE%\ProgramData\Microsoft\Windows Defender\platform\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”56e2719d-6f11-4380-a728-d9602272a3d7? Name=”Allow Custom GOTOMEETING G2M.DLL” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\GOTOMEETING\*\G2M.DLL” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”5b88a1bc-ac98-4fb1-b91b-a61a254f27f4? Name=”Allow GoToMeeting G2MOUTLOOKADDIN” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\GOTOMEETING\*\G2MOUTLOOKADDIN*.DLL” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”d4ccb108-e99c-401a-ab56-3dbe9689ef2b” Name=”Microsoft Windows DLLs” Description=”Allows members of the Everyone group to load DLLs located in the Windows folder.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%WINDIR%\*” />
</Conditions>
<Exceptions>
<FilePathCondition Path=”%SYSTEM32%\catroot2\*” />
<FilePathCondition Path=”%SYSTEM32%\com\dmp\*” />
<FilePathCondition Path=”%SYSTEM32%\Debug\*” />
<FilePathCondition Path=”%SYSTEM32%\FxsTmp\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\drivers\color\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\PRINTERS\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\SERVERS\*” />
<FilePathCondition Path=”%SYSTEM32%\tasks\*” />
<FilePathCondition Path=”%WINDIR%\PCHEALTH\ERRORREP\*” />
<FilePathCondition Path=”%WINDIR%\Registration\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\com\dmp\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\FxsTmp\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\TEMP\*” />
<FilePathCondition Path=”%WINDIR%\Tracing\*” />
</Exceptions>
</FilePathRule>
<FilePathRule Id=”d8cf414d-4874-45e1-95b6-dd5fcfab14bb” Name=”Allow Custom DEVEXPRESS LIBJPEGTURBO.DLL” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\ROAMING\DEVEXPRESS\*\LIBJPEGTURBO.DLL” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”fe64f59f-6fca-45e5-a731-0f6715327c38? Name=”(Default Rule) All DLLs” Description=”Allows members of the local Administrators group to load all DLLs.” UserOrGroupSid=”S-1-5-32-544? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”*” />
</Conditions>
</FilePathRule>
</RuleCollection>
<RuleCollection Type=”Exe” EnforcementMode=”Enabled”>
<FilePublisherRule Id=”1dff3373-4c7b-4859-a5e8-389ce7df7e70? Name=”Allow Microsoft Teams” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id=”3d98c373-77c0-478a-97cc-671834ba3891? Name=”Allow Google Signed executables” Description=”Allow Google Signed exxcutables” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id=”702f2b86-afca-46d4-a4ab-c5d994ddd995? Name=”Allow LogMeIn Signed certificate” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=LOGMEIN, INC., L=BOSTON, S=MASSACHUSETTS, C=US” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id=”e69c0dde-bfd0-4361-93b3-b45355bed6d4? Name=”Allow TeamViewer Signed executables” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”O=TEAMVIEWER GMBH, L=GÖPPINGEN, S=BADEN-WÜRTTEMBERG, C=DE” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”*” HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePathRule Id=”193aeb68-2beb-40a2-a422-dba103a2bb0b” Name=”Allow GoToMeeting G2MINSTALLER” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\GOTOMEETING\*\*G2MINSTALLER*.EXE” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”1be4f25f-9183-4f05-a5de-519ced4dd49a” Name=”Allow GoToMeeting Opener” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\MICROSOFT\WINDOWS\*\GOTOMEETING*OPENER*.exe” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”37e7b76f-ad3c-4725-a9cf-b1a2ed1d5a94? Name=”All files in Peak Case Manager folder” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%OSDRIVE%\CASEMANAGER\PEAK\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”39c2cc79-1283-420d-977a-c81e4748995e” Name=”Allow GoToMeeting G2MCOREINSTEXTRACTOR” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\TEMP\*\*G2MCOREINSTEXTRACTOR*.EXE” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”46ecf224-d5c3-40e0-8411-4be995e25d5c” Name=”All files in Pinnacle Case Manager folder” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%OSDRIVE%\CASEMANAGER\PINNACLE\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”5180cd73-9ea8-4928-9d5f-66e81c557d29? Name=”All files located in the Program Files folder” Description=”Allows members of the Everyone group to run applications that are located in the Program Files folder.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%PROGRAMFILES%\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”5d592aaa-b3c0-4b4b-9759-84d0050dc6bc” Name=”Allow Case manager Test in User profile direcotry” Description=”Requested by Roman 4/12/2020? UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\Users\*\Desktop\*\casemanager\casemanager.exe” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”6e7eb7c8-b6b7-4c40-8fb1-a51bec0c4474? Name=”All files located in the Windows folder” Description=”Allows members of the Everyone group to run applications that are located in the Windows folder.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%WINDIR%\*” />
</Conditions>
<Exceptions>
<FilePathCondition Path=”%SYSTEM32%\catroot2\*” />
<FilePathCondition Path=”%SYSTEM32%\com\dmp\*” />
<FilePathCondition Path=”%SYSTEM32%\FxsTmp\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\drivers\color\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\PRINTERS\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\SERVERS\*” />
<FilePathCondition Path=”%SYSTEM32%\tasks\*” />
<FilePathCondition Path=”%WINDIR%\Debug\*” />
<FilePathCondition Path=”%WINDIR%\PCHEALTH\ERRORREP\*” />
<FilePathCondition Path=”%WINDIR%\Registration\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\com\dmp\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\FxsTmp\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\TEMP\*” />
<FilePathCondition Path=”%WINDIR%\tracing\*” />
</Exceptions>
</FilePathRule>
<FilePathRule Id=”73ef62fd-9cb5-4887-8e04-7a4c08aa4d56? Name=”Allow GRAMMARLY executable” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\ROAMING\GRAMMARLY\UPDATES\GRAMMARLY*.EXE” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”93b3da8c-5e5f-4074-804e-57a4ca4af866? Name=”Allow GoToMeeting G2MUPLOAD” Description=”Allows Users to RUn GoToMeeting” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\GOTOMEETING\15939\G2MUPLOAD.EXE” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”9d49c931-5766-4510-b8de-47a81d38988d” Name=”Allow GoToMeeting G2MCOMM” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\GOTOMEETING\*\G2MCOMM*.EXE” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”c893e557-3ee2-42a8-a512-86105f35f27a” Name=”Allow GoToMeeting G2MSTART” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\GOTOMEETING\*\G2MSTART*.EXE” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”fd686d83-a829-4351-8ff4-27c7de5755d2? Name=”(Default Rule) All files” Description=”Allows members of the local Administrators group to run all applications.” UserOrGroupSid=”S-1-5-32-544? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”*” />
</Conditions>
</FilePathRule>
</RuleCollection>
<RuleCollection Type=”Msi” EnforcementMode=”Enabled”>
<FilePublisherRule Id=”2db49047-d2d2-4468-bd68-02abfedee6d2? Name=”All digitally signed Windows Installer files” Description=”Allows members of the Everyone group to run digitally signed Windows Installer files.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePublisherCondition PublisherName=”*” ProductName=”*” BinaryName=”*”>
<BinaryVersionRange LowSection=”0.0.0.0? HighSection=”*” />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePathRule Id=”09866951-f7e1-4208-8a7e-2819cc95a1b7? Name=”All Windows Installer files in %systemdrive%\Windows\Installer” Description=”Allows members of the Everyone group to run all Windows Installer files located in %systemdrive%\Windows\Installer.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%WINDIR%\Installer\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”64ad46ff-0d71-4fa0-a30b-3f3d30c5433d” Name=”(Default Rule) All Windows Installer files” Description=”Allows members of the local Administrators group to run all Windows Installer files.” UserOrGroupSid=”S-1-5-32-544? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”*.*” />
</Conditions>
</FilePathRule>
</RuleCollection>
<RuleCollection Type=”Script” EnforcementMode=”Enabled”>
<FilePathRule Id=”0095abbc-984c-45fb-91e6-d417362e55e6? Name=”Allow scripts from NETLOGON-Teams” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”\\aha.local\NETLOGON\Teams” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”2f4f4c88-d1af-4b39-8122-c0e16e12b370? Name=”Allow Batch file in GPO” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”\\AHA.LOCAL\SYSVOL\AHA.LOCAL\POLICIES\{F88EDDB1-7AB8-4100-9A48-5DF9593332D8}\USER\SCRIPTS\LOGON\WINDOWSSHELL-CORTANAPACKAGE.BAT” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”2f76f808-26ba-4e27-971f-009f676e47e8? Name=”All scripts located in the Program Files folder” Description=”Allows members of the Everyone group to run scripts that are located in the Program Files folder.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%PROGRAMFILES%\*” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”3d0ac270-2034-4d78-9162-fff433181327? Name=”Allow getpaths.cmd” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%OSDRIVE%\users\*\temp\*\getpaths.cmd” />
</Conditions>
</FilePathRule>
<FilePathRule Id=”488e53c2-bfbd-4f7c-8589-fc468f614860? Name=”All scripts located in the Windows folder” Description=”Allows members of the Everyone group to run scripts that are located in the Windows folder.” UserOrGroupSid=”S-1-1-0? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%WINDIR%\*” />
</Conditions>
<Exceptions>
<FilePathCondition Path=”%SYSTEM32%\catroot2\*” />
<FilePathCondition Path=”%SYSTEM32%\com\dmp\*” />
<FilePathCondition Path=”%SYSTEM32%\FxsTmp\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\drivers\color\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\PRINTERS\*” />
<FilePathCondition Path=”%SYSTEM32%\spool\SERVERS\*” />
<FilePathCondition Path=”%SYSTEM32%\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\Debug\*” />
<FilePathCondition Path=”%WINDIR%\PCHEALTH\ERRORREP\*” />
<FilePathCondition Path=”%WINDIR%\Registration\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\com\dmp\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\FxsTmp\*” />
<FilePathCondition Path=”%WINDIR%\SysWOW64\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\Tasks\*” />
<FilePathCondition Path=”%WINDIR%\TEMP\*” />
<FilePathCondition Path=”%WINDIR%\Tracing\*” />
</Exceptions>
</FilePathRule>
<FilePathRule Id=”4dc7e394-c5e3-49e8-a407-073fb2b666a4? Name=”Allow WNDOWSSHELL.PS1? Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”\\AHA-FILE-01\STARTMENUFIX$\WNDOWSSHELL.PS1? />
</Conditions>
</FilePathRule>
<FilePathRule Id=”7575089f-a7ac-442d-89a9-90a327d5e954? Name=”Allow CORTANAPACKAGE.PS1? Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”\\AHA-FILE-01\STARTMENUFIX$\CORTANAPACKAGE.PS1? />
</Conditions>
</FilePathRule>
<FilePathRule Id=”8261561e-7e4a-4b91-b5c0-2e0b8ccf4d86? Name=”Allow NETWORKDIAGNOSTICSTROUBLESHOOT Script” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”C:\USERS\*\APPDATA\LOCAL\TEMP\*\NETWORKDIAGNOSTICSTROUBLESHOOT.PS1? />
</Conditions>
</FilePathRule>
<FilePathRule Id=”defca77e-cc0e-4cd7-a439-46fc0d1946ee” Name=”Allow Powershell Script to run in non-contrained mode” Description=”” UserOrGroupSid=”S-1-5-21-1552540602-1968448591-1667663741-513? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”%OSDRIVE%\USERS\*\TEMP\*PSSCRIPTPOLICYTEST*.ps1? />
</Conditions>
</FilePathRule>
<FilePathRule Id=”ed97d0cb-15ff-430f-b82c-8d7832957725? Name=”(Default Rule) All scripts” Description=”Allows members of the local Administrators group to run all scripts.” UserOrGroupSid=”S-1-5-32-544? Action=”Allow”>
<Conditions>
<FilePathCondition Path=”*” />
</Conditions>
</FilePathRule>
</RuleCollection>
</AppLockerPolicy>

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...