Share via

Can we block StandAlone Executables using Windows Software Restriction Policy

checkingrandom 226 Reputation points
2023-04-11T14:02:57.43+00:00

I was exploring windows Software Restriction Policy, while using that I created a Path Rule for an application and It works well, also I have read the documentation to find what are the file type that can be controlled. then I tried blocking the Windows store apps and standalone executables using path rule, but both executables are not blocking though the rule is created successfully. does have I created the rule wrongly or windows does not block Store apps and Standalone application. Standalone exe example - ADExplorer.exe from windows sysinternals.

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments
Accepted answer
  1. Khaled Elsayed Mohamed 1,335 Reputation points
    2023-07-24T09:58:25.1033333+00:00

    Hi C we have two answers: 1. The Windows Software Restriction Policy (SRP) is a powerful feature that allows you to control which applications can run on a Windows system. However, there are some limitations to what can be controlled using SRP, especially when it comes to Windows Store apps and some standalone executables.

    1. Windows Store Apps: Starting from Windows 8 and later versions, SRP does not have direct control over Windows Store apps. Windows Store apps are installed and run using the Windows Store infrastructure, and SRP does not apply to them. To restrict Windows Store apps, you would need to use other methods, such as Group Policy settings specifically designed for Windows Store app control.
    2. Standalone Executables: Standalone executables, like the ADExplorer.exe from Windows Sysinternals, should be subject to SRP rules as long as you have correctly defined the path rule for the executable's location. Ensure that you have added the correct path and selected the "Disallowed" option for the rule to block the application from running.

    If you have created a path rule to block ADExplorer.exe and it is not working, here are some troubleshooting steps you can follow:

    1. Check the Rule Configuration: Double-check the path rule you created for ADExplorer.exe. Make sure the path is correct and that the rule is set to "Disallowed." If you are using a network path, ensure that it is accessible and correctly defined in the rule.
    2. Group Policy Refresh: If you are using SRP through Group Policy, ensure that the Group Policy settings have been applied to the target machines. You can force a Group Policy refresh using the gpupdate /force command on the client machines.
    3. Verify Enforcement: Verify that the Software Restriction Policy is enabled and enforced on the client machine. You can check this in the Local Security Policy or Group Policy Management Console, depending on how you have configured SRP.
    4. Event Viewer Logs: Check the Windows Event Viewer logs for any related events or error messages that might indicate why the rule is not being applied or enforced.

    If you have confirmed that the rule is correctly configured, applied, and enforced, but the application is still running, it's possible that there might be other factors affecting the behavior. Some applications may have built-in mechanisms to bypass SRP or use specific execution methods that are not restricted by SRP.

    If you are looking for more advanced application control and security features, you might consider using AppLocker, which provides more granular control over application execution and is available in Windows Enterprise editions.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Khaled Elsayed Mohamed 1,335 Reputation points
    2023-07-24T09:59:51.0166667+00:00

    You are correct that Windows does not block Store apps and standalone executables using Path Rules. This is because Store apps are installed in a special directory called %programfiles%\WindowsApps, and standalone executables are not subject to Software Restriction Policies.

    If you want to block Store apps and standalone executables, you will need to use AppLocker. AppLocker is a more powerful tool than Software Restriction Policies, and it allows you to block apps by name, publisher, or hash.

    To block Store apps and standalone executables using AppLocker, you will need to create a new Packaged app rule. In the rule, you will need to specify the name of the Store app or the publisher of the standalone executable.

    Here are the steps on how to block Store apps and standalone executables using AppLocker:

    Open the Group Policy Editor. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker > Packaged app Rules. Right-click on a blank space on the right-hand side and select Create New Rule. Click the Next button in the Before You Begin screen. Select the Packaged app radio button and click the Next button. In the Packaged app name or publisher box, type the name of the Store app or the publisher of the standalone executable. Select the Deny permission option and click the Next button. In the Exceptions box, you can specify any exceptions to the rule. Click the Finish button to create the rule. Once the rule is created, Store apps and standalone executables will be blocked from running.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.