AppLocker
This was posted to http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/d91363df-44fb-4c15-ad75-3779e3ed35ab
AppLocker not behaving as expect when file has Alternate Data Streams and rule is not applied to everyone.
I have a publisher rule setup for MS Office 2010 as in the picture
When this is set to Allow for Everyone Office works as expected.
However if I set the rule to Allow for Domain Users I have an issue.
I’ll use an Excel document as an example.
If the file I am using has Alternate Data Streams attached with ZoneID=3 then I get this error
And inside the Event Viewer I see
If I remove the Data Stream or set it to ZoneID=0 then the application works fine. The application also works if the Everyone groups is given allow on the AppLocker rule.
So the question is: What is happening between AppLocker and Office when it comes to ADS that is preventing Office from running correctly?
Oh by the way the normal AppLocker is blocking this application is never seen.
Write a comment
You need to login to post comments!