deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
a3de97efb29178d04f53f388b70f813769eb9c20
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md
Alekhya Jupudi 3dacc02208 TASK 5358645 : Batch 05, Windows 11 Inclusion updates 
Fifth batch of Windows 11 Inclusion updates under Windows-defender-application-control folder. (I've also made some changes to few words as per Acrolinx suggestions to meet the PR criteria).
2021-08-24 16:46:48 +05:30

2.0 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.collection, ms.topic, ms.date, ms.technology
title description ms.assetid ms.reviewer ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author manager audience ms.collection ms.topic ms.date ms.technology
Understanding AppLocker rule collections (Windows) This topic explains the five different types of AppLocker rules used to enforce AppLocker policies. 03c05466-4fb3-4880-8d3c-0f6f59fc5579 macapara m365-security deploy library security medium mjcaparas dansimp ITPro M365-security-compliance conceptual 09/21/2017 mde

Understanding AppLocker rule collections

Applies to

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Defender App Guard feature availability.

This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.

An AppLocker rule collection is a set of rules that apply to one of five types:

  • Executable files: .exe and .com
  • Windows Installer files: .msi, mst, and .msp
  • Scripts: .ps1, .bat, .cmd, .vbs, and .js
  • DLLs: .dll and .ocx
  • Packaged apps and packaged app installers: .appx

If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed apps.

Important:  Each app can load several DLLs, and AppLocker must check each DLL before it is allowed to run. Therefore, creating DLL rules might cause performance problems on some computers. Denying some DLLs from running can also create app compatibility problems. As a result, the DLL rule collection is not enabled by default.

For info about how to enable the DLL rule collection, see Enable the DLL rule collection.

Related topics