Share via

AppLocker issue

Anonymous
2025-02-18T09:58:47+00:00

Hello, i have a problem with Applocker, i created a policy to deny an app(located in appdata folder) from being runned and it works but it block also other apps like slack or screenpresso

executable rules

User's image

Packaged app rules

User's image

*** Moved from Windows / Windows 11 / Security and privacy ***

Windows for business | Windows Client for IT Pros | Directory services | Deploy group policy objects

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-02-19T13:21:20+00:00

    Hello ceccos83,

    Thank you for posting in Microsoft Community forum.

    This is a common issue when AppLocker rules are too broadly defined. Often what happens is that if you create a deny rule based solely on a directory (for example, anything under %APPDATA%), then any executable that happens to reside there—even if it isn’t the one you intended to block—will also be denied.

    Here are some suggestions to help narrow your rule:

    1. Use a More Specific Rule:  

    • Instead of denying the entire folder, target the specific file or folder path where your unwanted application resides. For example, if the unwanted app is in %APPDATA%\UnwantedApp\app.exe, write the rule that specifically targets that full path rather than %APPDATA%\*.  

    • Alternatively, use a file hash rule that only matches that one application's executable. This is more specific but note that if the app is updated, its hash will change so you will need to update the rule.

    1. Use Publisher Conditions:  

    • If the unwanted application is digitally signed, you can create a publisher rule that targets only executables from that specific publisher (or with specific version or product name) rather than blocking based solely on the folder.  

    • You can then allow other executables that don’t match those publisher details to run.

    1. Add Exceptions:  

    • If you must create a rule that covers a broader area (like the AppData folder), use exceptions to explicitly allow applications such as Slack or Screenpresso.  

    • AppLocker allows you to specify exceptions so that even if a general deny rule exists, those specific applications are exempted from being blocked.

    1. Check Rule Precedence and Conflicts:  

    • AppLocker evaluates rules in a specific order. Generally, explicit allow rules (and exceptions) are processed before deny rules. Make sure that if you have existing allow rules for Slack and Screenpresso, they are not being overridden by a broader deny rule.  

    • Review your overall policy to see if multiple rules might be interacting in unintended ways.

    You can try to set it based on the steps in the link below. https://www.tenforums.com/tutorials/124008-use-applocker-allow-block-executable-files-windows-10-a.html

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments