deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixes to AppLocker topics

Browse Source
This commit is contained in:
jsuther1974 2023-12-21 15:01:39 -08:00
parent 5655d38867
commit 8f2f407fd6
3 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
View File

@ -14,7 +14,7 @@ After AppLocker rules are created within the rule collection, you can configure
When AppLocker policy enforcement mode is set to **Enforce rules**, rules are enforced for the rule collection and all events are logged to the AppLocker event logs for that rule collection. When AppLocker policy enforcement mode is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker event logs. When AppLocker policy enforcement mode is set to **Enforce rules**, rules are enforced for the rule collection and all events are logged to the AppLocker event logs for that rule collection. When AppLocker policy enforcement mode is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker event logs.
To create an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To create an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker). To manage an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To manage an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker).
## To audit rule collections ## To audit rule collections

2
windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md
View File

@ -15,7 +15,7 @@ This article for IT professionals describes the steps to enable the AppLocker po
For info about how AppLocker policies are applied within a GPO structure, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md). For info about how AppLocker policies are applied within a GPO structure, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md).
To create an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To create an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker). To manage an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To manage an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker).
## To enable the Enforce rules enforcement setting ## To enable the Enforce rules enforcement setting

29
windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md
View File

@ -1,30 +1,27 @@
--- ---
title: Add exceptions for an AppLocker rule title: Add exceptions for an AppLocker rule
description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule. description: This article for IT professionals describes the steps to specify which apps can or can't run as exceptions to an AppLocker rule.
ms.localizationpriority: medium ms.localizationpriority: medium
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/21/2017 ms.date: 12/21/2023
--- ---
# Add exceptions for an AppLocker rule # Add exceptions for an AppLocker rule
>[!NOTE] This article for IT professionals describes the steps to specify which apps can or can't run as exceptions to an AppLocker rule.
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
Rule exceptions allow you to specify files or folders to exclude from the rule. For more information about exceptions, see [Understanding AppLocker rule exceptions](understanding-applocker-rule-exceptions.md). Rule exceptions allow you to specify files or folders to exclude from the rule. For more information about exceptions, see [Understanding AppLocker rule exceptions](understanding-applocker-rule-exceptions.md).
You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). To manage an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To manage an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker).
**To configure exceptions for a rule** ## To configure exceptions for a rule
1. Open the AppLocker console. 1. Open the AppLocker console.
2. Expand the rule collection, right-click the rule that you want to configure exceptions for, and then click **Properties**. 2. Expand the rule collection, right-click the rule that you want to configure exceptions for, and then select **Properties**.
3. Click the **Exceptions** tab. 3. Select the **Exceptions** tab.
4. In the **Add exception** box, select the rule type that you want to create, and then click **Add**. 4. In the **Add exception** box, select the rule type that you want to create, and then select **Add**.
- For a publisher exception, click **Browse**, select the file that contains the publisher to exclude, and then click **OK**. - For a publisher exception, select **Browse**, select the file that contains the publisher to exclude, and then select **OK**.
- For a path exception, choose the file or folder path to exclude, and then click **OK**. - For a path exception, choose the file or folder path to exclude, and then select **OK**.
- For a file hash exception, edit the file hash rule, and click **Remove**. - For a file hash exception, edit the file hash rule, and select **Remove**.
- For a packaged apps exception, click **Add** to create the exceptions based on reference app and rule scope. - For a packaged apps exception, select **Add** to create the exceptions based on reference app and rule scope.