3dacc02208
Fifth batch of Windows 11 Inclusion updates under Windows-defender-application-control folder. (I've also made some changes to few words as per Acrolinx suggestions to meet the PR criteria).
2.3 KiB
title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.collection, ms.topic, ms.date, ms.technology
| title | description | ms.assetid | ms.reviewer | ms.author | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.localizationpriority | author | manager | audience | ms.collection | ms.topic | ms.date | ms.technology |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Understanding AppLocker rule behavior (Windows) | This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker. | 3e2738a3-8041-4095-8a84-45c1894c97d0 | macapara | m365-security | deploy | library | security | medium | mjcaparas | dansimp | ITPro | M365-security-compliance | conceptual | 09/21/2017 | mde |
Understanding AppLocker rule behavior
Applies to
- Windows 10
- Windows 11
- Windows Server 2016 and above
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Defender App Guard feature availability.
This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For example, if you create an executable rule that allows .exe files in %SystemDrive%\FilePath to run, only executable files located in that path are allowed to run.
A rule can be configured to use either an allow or deny action:
- Allow. You can specify which files are allowed to run in your environment and for which users or groups of users. You can also configure exceptions to identify files that are excluded from the rule.
- Deny. You can specify which files are not allowed to run in your environment and for which users or groups of users. You can also configure exceptions to identify files that are excluded from the rule.
Important: You can use a combination of allow actions and deny actions. However, we recommend using allow actions with exceptions because deny actions override allow actions in all cases. Deny actions can also be circumvented. For example, if you configure a deny action for a file or folder path, the user can still run the file from any other path.