I appreciate the information Sean, thanks! -Aakash Shah
From: [email protected] [mailto:[email protected]] On Behalf Of Sean Chapman Sent: Tuesday, July 11, 2017 5:36 AM To: [email protected] Subject: [NTSysADM] RE: Enabling DLL Rules In AppLocker - Any Real-World Advice? I have an SRP whitelist set up for the last few years which includes DLLs. Besides having to whitelist a few application locations and writing a script which disables SRP that can be run on demand so our techs can install software its been pretty solid. In fact now that we are moving to Windows 10 Enterprise im looking to move to Applocker as well and expect no problems with the transition. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Aakash Shah Sent: Monday, July 10, 2017 3:00 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Enabling DLL Rules In AppLocker - Any Real-World Advice? Hello! Has anyone enabled and enforced DLL rules in your environment? If so, have you noticed anyone complaining about performance issues that Microsoft indicates may occur<https://docs.microsoft.com/en-us/windows/device-security/applocker/dll-rules-in-applocker>? I am considering enabling DLL rules for a new round of deployments with the default AppLocker DLL ruleset (minus the writable folders in the Windows directory) and would love to hear from anyone who has successfully enforced the AppLocker DLL ruleset to see if there were any lessons learned with this, or if anyone had to turn off DLL rules due to problems that came up. Thanks! -Aakash Shah ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The information contained in this communication and all accompanying documents from Coilcraft may be confidential and/or legally privileged, and is intended only for the use of the recipient(s) named above. If you are not the intended recipient you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance on the contents of this transmitted information is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and destroy the original message or accompanying materials and any copy thereof. If you have any questions concerning this message, please contact the sender.
