Understanding AppLocker Rule Collections
Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
An AppLocker rule collection is a set of rules that apply to one of five types:
Executable files: .exe and .com
Windows Installer files: .msi, mst and .msp
Scripts: .ps1, .bat, .cmd, .vbs, and .js
DLLs: .dll and .ocx
Packaged apps and Packaged app installers: .appx
If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed applications.
Each application can load several DLLs, and AppLocker must check each DLL before it is allowed to run. Therefore, creating DLL rules might cause performance problems on some computers. Denying some DLLs from running can also create application compatibility problems. As a result, the DLL rule collection is not enabled by default.
For information about how to enable the DLL rule collection, see Enable the DLL Rule Collection.