deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #10620 from michaelAngeloEgypt/patch-14

Browse Source 
#10364
This commit is contained in:
Aaron Czechowski
2022-07-12 16:41:45 -07:00
committed by GitHub
parent 32125f67c1 eea3f1f959
commit e759032182
1 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
View File

@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/21/2017 ms.date: 06/15/2022
ms.technology: windows-sec ms.technology: windows-sec
--- ---
@ -29,23 +29,27 @@ ms.technology: windows-sec
> [!NOTE] > [!NOTE]
> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
This topic describes the file formats and available default rules for the script rule collection.
This article describes the file formats and available default rules for the script rule collection.
AppLocker defines script rules to include only the following file formats: AppLocker defines script rules to include only the following file formats:
- .ps1 - `.ps1`
- .bat - `.bat`
- .cmd - `.cmd`
- .vbs - `.vbs`
- .js - `.js`
The following table lists the default rules that are available for the script rule collection. The following table lists the default rules that are available for the script rule collection.
| Purpose | Name | User | Rule condition type | | Purpose | Name | User | Rule condition type |
| - | - | - | - | | - | - | - | - |
| Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: *| | Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: `*\` |
| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: %windir%\*| | Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: `%windir%\*` |
| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: %programfiles%\*| | Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`|
## Related topics > [!NOTE]
> Windows Defender Application Control cannot be used to block PowerShell scripts. AppLocker just forces PowerShell scripts to be run in Constrained Language mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event, which states that the script will be blocked, but then the script runs.
## Related articles
- [Understanding AppLocker default rules](understanding-applocker-default-rules.md) - [Understanding AppLocker default rules](understanding-applocker-default-rules.md)