Add exceptions for an AppLocker rule

This article for IT professionals describes the steps to specify which apps can or can't run as exceptions to an AppLocker rule.

Rule exceptions allow you to specify files or folders to exclude from the rule. For more information about exceptions, see Understanding AppLocker rule exceptions.

To manage an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To manage an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see Administer AppLocker.

To configure exceptions for a rule

  1. Open the AppLocker console.

  2. Expand the rule collection, right-click the rule that you want to configure exceptions for, and then select Properties.

  3. Select the Exceptions tab.

  4. In the Add exception box, select the rule type that you want to create, and then select Add.

    • For a publisher exception, select Browse, select the file that contains the publisher to exclude, and then select OK.
    • For a path exception, choose the file or folder path to exclude, and then select OK.
    • For a file hash exception, edit the file hash rule, and select Remove.
    • For a packaged apps exception, select Add to create the exceptions based on reference app and rule scope.