deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 06:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md
Alekhya Jupudi 7d543c500b TASK 5358645 : Batch 04, Windows 11 Inclusion updates 
Fourth batch of Windows 11 Inclusion updates under Windows-defender-application-control folder. (I've also made some changes to few words as per Acrolinx suggestions to meet the PR criteria).
2021-08-24 15:00:19 +05:30

2.0 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.collection, ms.topic, ms.date, ms.technology
title description ms.assetid ms.reviewer ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author manager audience ms.collection ms.topic ms.date ms.technology
Optimize AppLocker performance (Windows) This topic for IT professionals describes how to optimize AppLocker policy enforcement. a20efa20-bc98-40fe-bd81-28ec4905e0f6 dansimp m365-security deploy library security medium dansimp dansimp ITPro M365-security-compliance conceptual 09/21/2017 mde

Optimize AppLocker performance

Applies to

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Defender App Guard feature availability.

This topic for IT professionals describes how to optimize AppLocker policy enforcement.

Optimization of Group Policy

AppLocker policies can be implemented by organization unit (OU) using Group Policy. If so, your Group Policy infrastructure should be optimized and retested for performance when AppLocker policies are added to existing Group Policy Objects (GPOs) or new GPOs are created, as you do with adding any policies to your GPOs.

For more info, see the Optimizing Group Policy Performance article in TechNet Magazine.

AppLocker rule limitations

The more rules per GPO, the longer AppLocker requires for evaluation. There is no set limitation on the number of rules per GPO, but the number of rules that can fit into a 100 MB GPO varies based on the complexity of the rule, such as the number of file hashes included in a single file hash condition.

Using the DLL rule collection

When the DLL rule collection is enabled, AppLocker must check each DLL that an application loads. The more DLLs, the longer AppLocker requires to complete the evaluation.