I want to run (on a certain computer with Windows 10) only those exe. files, who signed by certificates, which installed on the computer (it can be certificates from CA or my own test certificate).
I already tried this solution (and many others):
How does one configure Windows not to execute tampered binaries?but none of them solved my problem.
I wrote two “HelloWorld” apps (with certificate signing and without certificate signing). But all solutions, which I tried, allow to run both apps.
How to configure Windows10 to execute only .exe with certificate signing?
There is AppLocker configuration:
<AppLockerPolicy Version="1"> <RuleCollection Type="Appx" EnforcementMode="NotConfigured" /> <RuleCollection Type="Dll" EnforcementMode="NotConfigured" /> <RuleCollection Type="Exe" EnforcementMode="Enabled"> <FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"> <Conditions> <FilePathCondition Path="%PROGRAMFILES%\*" /> </Conditions> </FilePathRule> <FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"> <Conditions> <FilePathCondition Path="%WINDIR%\*" /> </Conditions> </FilePathRule> <FilePublisherRule Id="d5c14ef6-5a5e-4863-aa49-a9ebbcab1afc" Name="Only run executables that are signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"> <Conditions> <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> <BinaryVersionRange LowSection="*" HighSection="*" /> </FilePublisherCondition> </Conditions> </FilePublisherRule> </RuleCollection> <RuleCollection Type="Msi" EnforcementMode="NotConfigured" /> <RuleCollection Type="Script" EnforcementMode="NotConfigured" /> </AppLockerPolicy>
Answer
Attribution
Source : Link , Question Author : Eugene Afanasovich , Answer Author : Community