Forum Discussion

Branesh's avatar
Branesh
Copper Contributor
Dec 08, 2022

Block unwanted apps using AppLocker, It block all apps (including Approved apps)

We are blocking unwanted apps using App locker XML which i given below using custom OMA-URI Settings. Some error in our XML which blocking All our apps, can anyone guide me here.

XML CODE

<RuleCollection Type="Exe" EnforcementMode="Enabled">
<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%PROGRAMFILES%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%WINDIR%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
<FilePublisherRule Id="3bf977dc-73a4-4801-85d8-b781c679f6d6" Name="Signed by O=AUTODESK, INC., L=SAN RAFAEL, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=AUTODESK, INC., L=SAN RAFAEL, S=CALIFORNIA, C=US" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="fe6d3a57-b0d5-414d-8c37-feb90ecadef8" Name="Signed by O=ANALOG DEVICES, INC., L=TAMPA, S=FLORIDA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=ANALOG DEVICES, INC., L=TAMPA, S=FLORIDA, C=US" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="624d4de1-c522-4a86-936e-1b12b3ad43ee" Name="Signed by O=AUTODESK, INC., L=SAN RAFAEL, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=AUTODESK, INC., L=SAN RAFAEL, S=CALIFORNIA, C=US" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="c8a6d695-af03-4420-a20c-599435e59fe5" Name="Signed by O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="d50d7fca-9f6c-42b4-8dba-06a643adb1fc" Name="Signed by Advanced Micro Devices Inc." Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="ba49526f-c1a2-4017-86f5-f7b97a6fea15" Name="OPERA INTERNET BROWSER, from O=OPERA SOFTWARE AS, L=OSLO, C=NO" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=OPERA SOFTWARE AS, L=OSLO, C=NO" ProductName="OPERA INTERNET BROWSER" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="5f2c6cba-3011-408a-b876-024414133441" Name="BRAVE.EXE, version 103.1.0.0 and above, in BRAVE BROWSER, from O=BRAVE SOFTWARE, INC., L=SAN FRANCISCO, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=BRAVE SOFTWARE, INC., L=SAN FRANCISCO, S=CALIFORNIA, C=US" ProductName="BRAVE BROWSER" BinaryName="BRAVE.EXE">
<BinaryVersionRange LowSection="103.1.0.0" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="c64cc217-38ec-4170-abef-25a968af7add" Name="Signed by WhatsApp Inc." Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=24803D75-212C-471A-BC57-9EF86AB91435" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7c29836c-c4d2-4a86-ab2f-4f26e3e1e603" Name="TELEGRAM DESKTOP, from O=TELEGRAM FZ-LLC, L=DUBAI, S=DUBAI, C=AE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=TELEGRAM FZ-LLC, L=DUBAI, S=DUBAI, C=AE" ProductName="TELEGRAM DESKTOP" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="b5dca3cd-d6b1-411f-815c-920a5b5abb5e" Name="CHROME.EXE, in GOOGLE CHROME, from O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US" ProductName="GOOGLE CHROME" BinaryName="CHROME.EXE">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="04e1ad9b-c486-4d67-b025-969830887180" Name="IEXPLORE.EXE, in INTERNET EXPLORER, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="INTERNET EXPLORER" BinaryName="IEXPLORE.EXE">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>

Conditional Access
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
Software Management
No RepliesBe the first to reply

Resources