Merge pull request #4344 from lindspea/patch-22

Update understanding-applocker-allow-and-deny-actions-on-rules.md
2025-05-13 22:07:22 +00:00 · 2019-07-14 18:37:24 -07:00 · 2019-07-14 18:37:24 -07:00 · 49cfffea20
commit 49cfffea20
parent 142f44d70f 16df00c5ec
1 changed files with 1 additions and 1 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@ -27,7 +27,7 @@ This topic explains the differences between allow and deny actions on AppLocker

 ## Allow action versus deny action on rules

-Unlike Software Restriction Policies (SRP), each AppLocker rule collection functions as an allowed list of files. Only the files that are listed within the rule collection are allowed to run. This configuration makes it easier to determine what will occur when an AppLocker rule is applied.
+Unlike Software Restriction Policies (SRP), each AppLocker rule collection functions as an allowed list of files. Only the files that are listed within the rule collection are allowed to run. This **block by default, allow by exception** configuration makes it easier to determine what will occur when an AppLocker rule is applied.

 You can also create rules that use the deny action. When applying rules, AppLocker first checks whether any explicit deny actions are specified in the rule list. If you have denied a file from running in a rule collection, the deny action will take precedence over any allow action, regardless of which Group Policy Object (GPO) the rule was originally applied in. Because AppLocker functions as an allowed list by default, if no rule explicitly allows or denies a file from running, AppLocker's default deny action will block the file.