"AaronLocker" updates (22 May 2019)
Always handles Portable Executable files even with non-standard extensions such as .tmp and determines whether it's an EXE or DLL. (Ignores files with extensions that should never be PE files such as .txt).
Ignores .js files by default; switches on scripts enable overriding to build rules for .js. (AppLocker enforced on .js files only through Windows Script Host; most .js files are processed by other tools that do not enforce AppLocker rules).
Added -SearchNonDefaultRootDirs to Scan-Directories.ps1; makes it quicker to identify files that might need AppLocker rule customization.
Improved optimization to lead to more publisher rules and fewer hash rules, where possible.
Download here: AaronLocker