Export (0) Print
Expand All

Understanding AppLocker Rule Collections

Updated: June 21, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.

An AppLocker rule collection is a set of rules that apply to one of five types:

  • Executable files: .exe and .com

  • Windows Installer files: .msi, mst and .msp

  • Scripts: .ps1, .bat, .cmd, .vbs, and .js

  • DLLs: .dll and .ocx

  • Packaged apps and Packaged app installers: .appx

If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed applications.

ImportantImportant
Each application can load several DLLs, and AppLocker must check each DLL before it is allowed to run. Therefore, creating DLL rules might cause performance problems on some computers. Denying some DLLs from running can also create application compatibility problems. As a result, the DLL rule collection is not enabled by default.

For information about how to enable the DLL rule collection, see Enable the DLL Rule Collection.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft