Currently our organization has a batch file that runs at login, it copies a SCR file and all images (JPEG) into the computers C:\System32 folder. We then have a group policy that forces the specified screensaver. We are converting over to using
applocker and currently running in Audit mode to ensure we have as seamless of a transition as possible when we switch to enforce. That being said the one event that keeps popping as "was allowed to run but would have been prevented from running
if the AppLocker Policy were enforced" is the screensaver.scr file that is located in the computers system32 folder. Please note this is showing in the Applocker "EXE and DLL" Audit logs. I tried creating a new rule (both manual
and automatic) to add the specified file (by file hash or publisher) but it will only allow me to add EXE or COM file types. Short of creating a rule that allows everything in the System32 directory to run (which I am not going to do for security vulnerability
reasons) how do I get my screensaver SCR file to be allowed run using applocker?
↧