AppLocker-BlockPolicies - Consider updating
fsacer opened this issue · 0 comments
fsacer commented
AppLocker policies here seem to be a bit outdated. Consider updating it according to
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Currently https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb (Workflows compiler) bypasses that ruleset.