Am 10.07.2017 um 22:00 schrieb Aakash Shah:
Hello! Has anyone enabled and enforced DLL rules in your environment?
I am considering enabling DLL rules for a new round of deployments with
the default AppLocker DLL ruleset
We enforce DLL rules with Software Restriction Policies, and needed a
few more entries in the whitelist.
First surprisingly these
C:\Windows
C:\Program Files
which are usually covered by default entries like
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
but some drivers fail to load their DLLs when these entries are missing.
And this one
C:\ProgramData\Sophos
otherwise Sophos Antivirus breaks DNS resolving.
Unfortunately these were *not* all logged in event viewer, and thus hard
to find.
We have not checked for speed difference.
