{
	"id": "56904e79-d535-40d6-949b-e4e8c03f8f7f",
	"created_at": "2026-04-06T00:07:11.517657Z",
	"updated_at": "2026-04-10T13:12:07.58994Z",
	"deleted_at": null,
	"sha1_hash": "ac5bcb2d4129bbcce7edb39197fddd7ca6ec9571",
	"title": "Applications that can bypass App Control and how to block them",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 247559,
	"plain_text": "Applications that can bypass App Control and how to block them\r\nBy jsuther1974\r\nArchived: 2026-04-05 22:36:27 UTC\r\nMembers of the security community* continuously collaborate with Microsoft to help protect customers. With the\r\nhelp of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also\r\npotentially use to bypass App Control.\r\nUnless your use scenarios explicitly require them, Microsoft recommends that you block the following\r\napplications. An attacker can use these applications or files to circumvent application allow policies, including\r\nApp Control:\r\naddinprocess.exe\r\naddinprocess32.exe\r\naddinutil.exe\r\naspnet_compiler.exe\r\nbash.exe\r\nbginfo.exe1\r\ncdb.exe\r\ncscript.exe\r\ncsi.exe\r\ndbghost.exe\r\ndbgsvc.exe\r\ndbgsrv.exe\r\ndnx.exe\r\ndotnet.exe\r\nfsi.exe\r\nfsiAnyCpu.exe\r\ninfdefaultinstall.exe\r\nkd.exe\r\nkill.exe\r\nlxssmanager.dll\r\nlxrun.exe\r\nMicrosoft.Build.dll\r\nMicrosoft.Workflow.Compiler.exe\r\nmsbuild.exe2\r\nmsbuild.dll\r\nmshta.exe\r\nntkd.exe\r\nntsd.exe\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 1 of 34\n\npowershellcustomhost.exe\r\nrcsi.exe\r\nrunscripthelper.exe\r\ntexttransform.exe\r\nvisualuiaverifynative.exe\r\nsystem.management.automation.dll\r\nwebclnt.dll/davsvc.dll3\r\nwfc.exe\r\nwindbg.exe\r\nwmic.exe\r\nwscript.exe\r\nwsl.exe\r\nwslconfig.exe\r\nwslhost.exe\r\n1\r\n A vulnerability in bginfo.exe was fixed in version 4.22. If you use BGInfo, for security, make sure to download\r\nand run the latest version of BGInfo. BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.\r\n2\r\n If you're using your reference system in a development context and use msbuild.exe to build managed\r\napplications, we recommend that you allow msbuild.exe in your code integrity policies. Otherwise, we\r\nrecommend that you block msbuild.exe.\r\n3\r\n If you block WebDAV DLLs, we recommend that you also disable the WebClient service using a group policy\r\nor MDM policies.\r\n*\r\n Microsoft recognizes the efforts of people in the security community who help us protect customers through\r\nresponsible vulnerability disclosure, and extends thanks to the following people:\r\nName Twitter\r\nAlex Ionescu @aionescu\r\nBrock Mammen\r\nCasey Smith @subTee\r\nJames Forshaw @tiraniddo\r\nJimmy Bayne @bohops\r\nKim Oppalfens @thewmiguy\r\nLasse Trolle Borup Langkjaer Cyber Defence\r\nLee Christensen @tifkin_\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 2 of 34\n\nName Twitter\r\nMatt Graeber @mattifestation\r\nMatt Nelson @enigma0x3\r\nOddvar Moe @Oddvarmoe\r\nPhilip Tsukerman @PhilipTsukerman\r\nVladas Bulavas Kaspersky Lab\r\nWill Dormann @wdormann\r\nWilliam Easton @Strawgate\r\nNote\r\nThis application list will be updated with the latest vendor information as application vulnerabilities are resolved\r\nand new issues are discovered.\r\nCertain software applications may allow other code to run by design. Unless these applications are business\r\ncritical, you should block them in your App Control policy. In addition, when an application version is upgraded\r\nto fix a security vulnerability or potential App Control bypass, add deny rules to your App Control policies for that\r\napplication's previous, less secure versions.\r\nMicrosoft recommends that you install the latest security updates. For example, updates help resolve several\r\nissues in PowerShell modules that allowed an attacker to bypass App Control. These modules can be blocked by\r\ntheir corresponding hashes.\r\nAs of October 2017, system.management.automation.dll is updated to revoke earlier versions by hash values,\r\ninstead of version rules.\r\nIf you wish to use this blocklist policy on Windows Server 2016, locate the deny rules for the following files, and\r\nchange the comment block to only include the rules for that OS version. Applying the RS5+ rules to Windows\r\nServer 2016 may cause apps to malfunction:\r\nmsxml3.dll\r\nmsxml6.dll\r\njscript9.dll\r\nThe blocklist policy that follows includes \"Allow all\" rules for both kernel and user mode that make it safe to\r\ndeploy as a standalone App Control policy. On Windows versions 1903 and above, Microsoft recommends\r\nconverting this policy to multiple policy formats using the Set-CiPolicyIdInfo cmdlet with the -ResetPolicyId\r\nswitch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To\r\ninstead add these rules to an existing Base policy, you can merge the policy that follows using the Merge-CIPolicy\r\ncmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two\r\n\"Allow all\" rules and their corresponding FileRuleRefs from the blocklist policy.\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 3 of 34\n\nApp Control policy XML:\n10.1.0.2{A244370E-44C9-4C06-B551-F6016E563076}{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}Enabled:Unsigned System Integrity Policy\nEnabled:Audit Mode\nEnabled:Advanced Boot Options Menu\nEnabled:UMCI\nEnabled:Dynamic Code Security\n\n\u003cDeny ID=\"ID_DENY_HVCISCAN_AMD_2\" FriendlyName=\"HVCIScan.exe with missing resources AMD Hash Sha256\" Hash=\"4\r\n \u003cDeny ID=\"ID_DENY_HVCISCAN_AMD_3\" FriendlyName=\"HVCIScan.exe with missing resources AMD Hash Page Sha1\" Hash\r\n \u003cDeny ID=\"ID_DENY_HVCISCAN_AMD_4\" FriendlyName=\"HVCIScan.exe with missing resources AMD Hash Page Sha256\" Ha\r\n \u003cDeny ID=\"ID_DENY_HVCISCAN_ARM_1\" FriendlyName=\"HVCIScan.exe with missing resources ARM Hash Sha1\" Hash=\"A72\r\n \u003cDeny ID=\"ID_DENY_HVCISCAN_ARM_2\" FriendlyName=\"HVCIScan.exe with missing resources ARM Hash Sha256\" Hash=\"A\r\n \u003cDeny ID=\"ID_DENY_HVCISCAN_ARM_3\" FriendlyName=\"HVCIScan.exe with missing resources ARM Hash Page Sha1\" Hash\r\n \u003cDeny ID=\"ID_DENY_HVCISCAN_ARM_4\" FriendlyName=\"HVCIScan.exe with missing resources ARM Hash Page Sha256\" Ha\r\n \u003cDeny ID=\"ID_DENY_INFINSTALL\" FriendlyName=\"infdefaultinstall.exe\" FileName=\"infdefaultinstall.exe\" MinimumF\r\n \u003cDeny ID=\"ID_DENY_INSTALLUTIL\" FriendlyName=\"Microsoft InstallUtil\" FileName=\"InstallUtil.exe\" MinimumFileVe\r\n \u003cDeny ID=\"ID_DENY_KD\" FriendlyName=\"kd.exe\" FileName=\"kd.Exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFileVersio\r\n \u003cDeny ID=\"ID_DENY_KD_KMCI\" FriendlyName=\"kd.exe\" FileName=\"kd.Exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFileV\r\n \u003cDeny ID=\"ID_DENY_KILL\" FriendlyName=\"kill.exe\" FileName=\"kill.exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFile\r\n \u003cDeny ID=\"ID_DENY_LXRUN\" FriendlyName=\"lxrun.exe\" FileName=\"lxrun.exe\" MinimumFileVersion=\"0.0.0.0\" MaximumF\r\n \u003cDeny ID=\"ID_DENY_LXSS\" FriendlyName=\"LxssManager.dll\" FileName=\"LxssManager.dll\" MinimumFileVersion=\"0.0.0.\r\n \u003cDeny ID=\"ID_DENY_INTUNE_AGENT\" FriendlyName=\"IntuneWindowsAgent.exe\" FileName=\"Microsoft.Management.Service\r\n \u003cDeny ID=\"ID_DENY_MFC40\" FriendlyName=\"mfc40.dll\" FileName=\"mfc40.dll\" MinimumFileVersion=\"0.0.0.0\" MaximumF\r\n \u003cDeny ID=\"ID_DENY_MS_BUILD\" FriendlyName=\"Microsoft.Build.dll\" FileName=\"Microsoft.Build.dll\" MinimumFileVer\r\n \u003cDeny ID=\"ID_DENY_MWFC\" FriendlyName=\"Microsoft.Workflow.Compiler.exe\" FileName=\"Microsoft.Workflow.Compiler\r\n \u003cDeny ID=\"ID_DENY_MSBUILD\" FriendlyName=\"MSBuild.exe\" FileName=\"MSBuild.exe\" MinimumFileVersion=\"0.0.0.0\" Ma\r\n \u003cDeny ID=\"ID_DENY_MSBUILD_DLL\" FriendlyName=\"MSBuild.dll\" FileName=\"MSBuild.dll\" MinimumFileVersion=\"0.0.0.0\r\n \u003cDeny ID=\"ID_DENY_MSHTA\" FriendlyName=\"mshta.exe\" FileName=\"mshta.exe\" MinimumFileVersion=\"0.0.0.0\" MaximumF\r\n \u003cDeny ID=\"ID_DENY_NTKD\" FriendlyName=\"ntkd.exe\" FileName=\"ntkd.Exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFile\r\n \u003cDeny ID=\"ID_DENY_NTSD\" FriendlyName=\"ntsd.exe\" FileName=\"ntsd.Exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFile\r\n \u003cDeny ID=\"ID_DENY_PWRSHLCUSTOMHOST\" FriendlyName=\"powershellcustomhost.exe\" FileName=\"powershellcustomhost.e\r\n \u003cDeny ID=\"ID_DENY_RCSI\" FriendlyName=\"rcsi.exe\" FileName=\"rcsi.Exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFile\r\n \u003cDeny ID=\"ID_DENY_RUNSCRIPTHELPER\" FriendlyName=\"runscripthelper.exe\" FileName=\"runscripthelper.exe\" Minimum\r\n \u003cDeny ID=\"ID_DENY_TEXTTRANSFORM\" FriendlyName=\"texttransform.exe\" FileName=\"texttransform.exe\" MinimumFileVe\r\n \u003cDeny ID=\"ID_DENY_VISUALUIAVERIFY\" FriendlyName=\"visualuiaverifynative.exe\" FileName=\"visualuiaverifynative.\r\n \u003cDeny ID=\"ID_DENY_WEBCLNT\" FriendlyName=\"BlockWebDAV WebClnt\" FileName=\"davsvc.dll\" MinimumFileVersion=\"0.0.\r\n \u003cDeny ID=\"ID_DENY_WFC\" FriendlyName=\"WFC.exe\" FileName=\"wfc.exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFileVer\r\n \u003cDeny ID=\"ID_DENY_WINDBG\" FriendlyName=\"windbg.exe\" FileName=\"windbg.Exe\" MinimumFileVersion=\"0.0.0.0\" Maxim\r\n \u003cDeny ID=\"ID_DENY_WMIC\" FriendlyName=\"wmic.exe\" FileName=\"wmic.exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFile\r\n \u003cDeny ID=\"ID_DENY_WSCRIPT\" FriendlyName=\"wscript.exe\" FileName=\"wscript.exe\" MinimumFileVersion=\"5.812.10240\r\n \u003cDeny ID=\"ID_DENY_WSL\" FriendlyName=\"wsl.exe\" FileName=\"wsl.exe\" MinimumFileVersion=\"0.0.0.0\" MaximumFileVer\r\n \u003cDeny ID=\"ID_DENY_WSLCONFIG\" FriendlyName=\"wslconfig.exe\" FileName=\"wslconfig.exe\" MinimumFileVersion=\"0.0.0\r\n \u003cDeny ID=\"ID_DENY_WSLHOST\" FriendlyName=\"wslhost.exe\" FileName=\"wslhost.exe\" MinimumFileVersion=\"0.0.0.0\" Ma\r\n \u003c!-- pick the correct version of msxml3.dll, msxml6.dll, and jscript9.dll based on the release you are suppo\r\n \u003c!-- the versions of these files in the 1903 release have this issue fixed, so they don't need to be blocked\r\n \u003c!-- RS1 Windows 1607\r\n \u003cDeny ID=\"ID_DENY_MSXML3\" FriendlyName=\"msxml3.dll\" FileName=\"msxml3.dll\" MinimumFileVersion\r\n \u003cDeny ID=\"ID_DENY_MSXML6\" FriendlyName=\"msxml6.dll\" FileName=\"msxml6.dll\" MinimumFileVersion\r\n \u003cDeny ID=\"ID_DENY_JSCRIPT9\" FriendlyName=\"jscript9.dll\" FileName=\"jscript9.dll\" MinimumFileVersi\r\n --\u003e\r\n \u003c!-- RS5 Windows 1809 --\u003e\r\n \u003cDeny ID=\"ID_DENY_MSXML3\" FriendlyName=\"msxml3.dll\" FileName=\"msxml3.dll\" MinimumFileVersion\r\n \u003cDeny ID=\"ID_DENY_MSXML6\" FriendlyName=\"msxml6.dll\" FileName=\"msxml6.dll\" MinimumFileVersion\r\n \u003cDeny ID=\"ID_DENY_JSCRIPT9\" FriendlyName=\"jscript9.dll\" FileName=\"jscript9.dll\" MinimumFileVersi\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 5 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 6 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 8 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 10 of 34\n\n\u003cDeny ID=\"ID_DENY_D_319\" FriendlyName=\"PowerShellShell 319\" Hash=\"F0B9D75B53A268C0AC30584738C3A5EC33420A2E\"\r\n \u003cDeny ID=\"ID_DENY_D_320\" FriendlyName=\"PowerShellShell 320\" Hash=\"365A7812DFC448B1FE9CEA83CF55BC62189C4E72BA\r\n \u003cDeny ID=\"ID_DENY_D_321\" FriendlyName=\"PowerShellShell 321\" Hash=\"8ADCDD18EB178B6A43CF5E11EC73212C90B91988\"\r\n \u003cDeny ID=\"ID_DENY_D_322\" FriendlyName=\"PowerShellShell 322\" Hash=\"51BD119BE2FBEFEC560F618DBBBB8203A251F455B1\r\n \u003cDeny ID=\"ID_DENY_D_323\" FriendlyName=\"PowerShellShell 323\" Hash=\"D2011097B6038D8507B26B7618FF07DA0FF01234\"\r\n \u003cDeny ID=\"ID_DENY_D_324\" FriendlyName=\"PowerShellShell 324\" Hash=\"BA3D20A577F355612E53428D573767C48A091AE965\r\n \u003cDeny ID=\"ID_DENY_D_325\" FriendlyName=\"PowerShellShell 325\" Hash=\"57ABBC8E2FE88E04C57CDDD13D58C9CE03455D25\"\r\n \u003cDeny ID=\"ID_DENY_D_326\" FriendlyName=\"PowerShellShell 326\" Hash=\"0280C4714BC806BFC1863BE9E84D38F203942DD35C\r\n \u003cDeny ID=\"ID_DENY_D_327\" FriendlyName=\"PowerShellShell 327\" Hash=\"DEB07053D6059B56109DFF885720D5721EB0F55C\"\r\n \u003cDeny ID=\"ID_DENY_D_328\" FriendlyName=\"PowerShellShell 328\" Hash=\"E374A14871C35DB57D6D67281C16F5F9EF77ABE248\r\n \u003cDeny ID=\"ID_DENY_D_329\" FriendlyName=\"PowerShellShell 329\" Hash=\"AC33BA432B35A662E2D9D015D6283308FD046251\"\r\n \u003cDeny ID=\"ID_DENY_D_330\" FriendlyName=\"PowerShellShell 330\" Hash=\"93B22B0D5369327247DF491AABD3CE78421D0D68FE\r\n \u003cDeny ID=\"ID_DENY_D_331\" FriendlyName=\"PowerShellShell 331\" Hash=\"05126413310F4A1BA2F7D2AD3305E2E3B6A1B00D\"\r\n \u003cDeny ID=\"ID_DENY_D_332\" FriendlyName=\"PowerShellShell 332\" Hash=\"108A73F4AE78786C9955ED71EFD916465A36175F8D\r\n \u003cDeny ID=\"ID_DENY_D_333\" FriendlyName=\"PowerShellShell 333\" Hash=\"B976F316FB5EE6E5A325320E7EE5FBF487DA9CE5\"\r\n \u003cDeny ID=\"ID_DENY_D_334\" FriendlyName=\"PowerShellShell 334\" Hash=\"D54CCD405D3E904CAECA3A6F7BE1737A9ACE20F759\r\n \u003cDeny ID=\"ID_DENY_D_335\" FriendlyName=\"PowerShellShell 335\" Hash=\"F3471DBF534995307AEA230D228BADFDCA9E4021\"\r\n \u003cDeny ID=\"ID_DENY_D_336\" FriendlyName=\"PowerShellShell 336\" Hash=\"2048F33CCD924D224154307C28DDC6AC1C35A1859F\r\n \u003cDeny ID=\"ID_DENY_D_337\" FriendlyName=\"PowerShellShell 337\" Hash=\"1FAC9087885C2FEBD7F57CC9AACE8AF94294C8FB\"\r\n \u003cDeny ID=\"ID_DENY_D_338\" FriendlyName=\"PowerShellShell 338\" Hash=\"942E0D0BA5ECBF64A3B2D0EA1E08C793712A4C89BC\r\n \u003cDeny ID=\"ID_DENY_D_339\" FriendlyName=\"PowerShellShell 339\" Hash=\"5B67EE19AA7E4B42E58127A63520D44A0679C6CE\"\r\n \u003cDeny ID=\"ID_DENY_D_340\" FriendlyName=\"PowerShellShell 340\" Hash=\"2B6A59053953737D345B97FA1AFB23C379809D1532\r\n \u003cDeny ID=\"ID_DENY_D_341\" FriendlyName=\"PowerShellShell 341\" Hash=\"1ABC67650B169E7C437853922805706D488EEEA2\"\r\n \u003cDeny ID=\"ID_DENY_D_342\" FriendlyName=\"PowerShellShell 342\" Hash=\"754CA97A95464F1A1687C83AE3ECC6670B80A50503\r\n \u003cDeny ID=\"ID_DENY_D_343\" FriendlyName=\"PowerShellShell 343\" Hash=\"0E280FF775F406836985ECA66BAA9BA17D12E38B\"\r\n \u003cDeny ID=\"ID_DENY_D_344\" FriendlyName=\"PowerShellShell 344\" Hash=\"19C9A6D1AE90AEA163E35930FAB1B57D3EC78CA5FE\r\n \u003cDeny ID=\"ID_DENY_D_345\" FriendlyName=\"PowerShellShell 345\" Hash=\"4E6081C3BBB2809C417E2D03412E29FF7317DA54\"\r\n \u003cDeny ID=\"ID_DENY_D_346\" FriendlyName=\"PowerShellShell 346\" Hash=\"3AE4505A552EA04C7664C610E81172CA329981BF53\r\n \u003cDeny ID=\"ID_DENY_D_347\" FriendlyName=\"PowerShellShell 347\" Hash=\"61BED1C7CD54B2F60923D26CD2F6E48C063AFED5\"\r\n \u003cDeny ID=\"ID_DENY_D_348\" FriendlyName=\"PowerShellShell 348\" Hash=\"9405CBE91B7519290F90577DCCF5796C514746DE63\r\n \u003cDeny ID=\"ID_DENY_D_349\" FriendlyName=\"PowerShellShell 349\" Hash=\"63AA55C3B46EFAFC8625F8D5562AB504E4CBB78F\"\r\n \u003cDeny ID=\"ID_DENY_D_350\" FriendlyName=\"PowerShellShell 350\" Hash=\"FF54885D30A13008D60F6D0B96CE802209C89A2A7D\r\n \u003cDeny ID=\"ID_DENY_D_351\" FriendlyName=\"PowerShellShell 351\" Hash=\"20845E4440DA2D9AB3559D4B6890691CACD0E93E\"\r\n \u003cDeny ID=\"ID_DENY_D_352\" FriendlyName=\"PowerShellShell 352\" Hash=\"3C9098C4BFD818CE8CFA130F6E6C90876B97D57ABB\r\n \u003cDeny ID=\"ID_DENY_D_353\" FriendlyName=\"PowerShellShell 353\" Hash=\"4A473F14012EB9BF7DCEA80B86C2612A6D9D914E\"\r\n \u003cDeny ID=\"ID_DENY_D_354\" FriendlyName=\"PowerShellShell 354\" Hash=\"1C6914B58F70A9860F67311C32258CD9072A367BF3\r\n \u003cDeny ID=\"ID_DENY_D_355\" FriendlyName=\"PowerShellShell 355\" Hash=\"641871FD5D9875DB75BFC58B7B53672D2C645F01\"\r\n \u003cDeny ID=\"ID_DENY_D_356\" FriendlyName=\"PowerShellShell 356\" Hash=\"C115A974DD2C56574E93A4800247A23B98B9495F6E\r\n \u003cDeny ID=\"ID_DENY_D_357\" FriendlyName=\"PowerShellShell 357\" Hash=\"A21E254C18D3D53B832AD381FF58B36E6737FFB6\"\r\n \u003cDeny ID=\"ID_DENY_D_358\" FriendlyName=\"PowerShellShell 358\" Hash=\"D214AF2AD9204118EB670D08D80D4CB9FFD74A9787\r\n \u003cDeny ID=\"ID_DENY_D_359\" FriendlyName=\"PowerShellShell 359\" Hash=\"102B072F29122BC3A89B924987A7BF1AC3C598DB\"\r\n \u003cDeny ID=\"ID_DENY_D_360\" FriendlyName=\"PowerShellShell 360\" Hash=\"DA444773FE7AD8309FA9A0ABCDD63B302E6FC91E75\r\n \u003cDeny ID=\"ID_DENY_D_361\" FriendlyName=\"PowerShellShell 361\" Hash=\"EAD58EBB00001E678B9698A209308CC7406E1BCC\"\r\n \u003cDeny ID=\"ID_DENY_D_362\" FriendlyName=\"PowerShellShell 362\" Hash=\"34A5F48629F9FDAEBAB9468EF7F1683EFA856AAD32\r\n \u003cDeny ID=\"ID_DENY_D_363\" FriendlyName=\"PowerShellShell 363\" Hash=\"727EDB00C15DC5D3C14368D88023FDD5A74C0B06\"\r\n \u003cDeny ID=\"ID_DENY_D_364\" FriendlyName=\"PowerShellShell 364\" Hash=\"5720BEE5CBE7D724B67E07C53E22FB869F8F9B1EB9\r\n \u003cDeny ID=\"ID_DENY_D_365\" FriendlyName=\"PowerShellShell 365\" Hash=\"A43137EC82721A81C3E05DC5DE74F0549DE6A130\"\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 12 of 34\n\n\u003cDeny ID=\"ID_DENY_D_366\" FriendlyName=\"PowerShellShell 366\" Hash=\"1731118D97F278C18E2C6922A016DA7C55970C6C4C\r\n \u003cDeny ID=\"ID_DENY_D_367\" FriendlyName=\"PowerShellShell 367\" Hash=\"17EC94CB9BF98E605F9352987CA33DCE8F5733CD\"\r\n \u003cDeny ID=\"ID_DENY_D_368\" FriendlyName=\"PowerShellShell 368\" Hash=\"AFE0CC143108BBDBE60771B6894406785C471BA573\r\n \u003cDeny ID=\"ID_DENY_D_369\" FriendlyName=\"PowerShellShell 369\" Hash=\"F6E9C098737F0905E53B92D4AD49C199EC76D24B\"\r\n \u003cDeny ID=\"ID_DENY_D_370\" FriendlyName=\"PowerShellShell 370\" Hash=\"50A57BFCD20380DDEFD2A717D7937D49380D4D5931\r\n \u003cDeny ID=\"ID_DENY_D_371\" FriendlyName=\"PowerShellShell 371\" Hash=\"2118ACC512464EE95946F064560C15C58341B80C\"\r\n \u003cDeny ID=\"ID_DENY_D_372\" FriendlyName=\"PowerShellShell 372\" Hash=\"005990EE785C1CA7EAEC82DA29F5B363049DC117A1\r\n \u003cDeny ID=\"ID_DENY_D_373\" FriendlyName=\"PowerShellShell 373\" Hash=\"54FAE3A389FDD2F5C21293D2317E87766AF0473D\"\r\n \u003cDeny ID=\"ID_DENY_D_374\" FriendlyName=\"PowerShellShell 374\" Hash=\"70F4E503D7484DF5B5F73D9A753E585BFADB8B8EBA\r\n \u003cDeny ID=\"ID_DENY_D_375\" FriendlyName=\"PowerShellShell 375\" Hash=\"B4831AF4B25527EF0C172DAA5E4CA26DE105D30B\"\r\n \u003cDeny ID=\"ID_DENY_D_376\" FriendlyName=\"PowerShellShell 376\" Hash=\"D410A37042A2DC53AD1801EBB2EF507B4AE4758705\r\n \u003cDeny ID=\"ID_DENY_D_377\" FriendlyName=\"PowerShellShell 377\" Hash=\"85BBC0CDC34BD5A56113B0DCB6795BCEBADE63FA\"\r\n \u003cDeny ID=\"ID_DENY_D_378\" FriendlyName=\"PowerShellShell 378\" Hash=\"C6F8E3A3F2C513CEDD2F21D486BF0116BAF2E2EE4D\r\n \u003cDeny ID=\"ID_DENY_D_379\" FriendlyName=\"PowerShellShell 379\" Hash=\"46105ACE7ABEC3A6E6226183F2F7F8E90E3639A5\"\r\n \u003cDeny ID=\"ID_DENY_D_380\" FriendlyName=\"PowerShellShell 380\" Hash=\"F60BE088F226CA1E2308099C3B1C2A54DB4C41D2BE\r\n \u003cDeny ID=\"ID_DENY_D_381\" FriendlyName=\"PowerShellShell 381\" Hash=\"C9478352ACE4BE6D6B70BBE710C2E2128FEFC7FE\"\r\n \u003cDeny ID=\"ID_DENY_D_382\" FriendlyName=\"PowerShellShell 382\" Hash=\"F4A81E7D4BD3B8762FAED760047877E06E40EC991D\r\n \u003cDeny ID=\"ID_DENY_D_383\" FriendlyName=\"PowerShellShell 383\" Hash=\"9E56E910919FF65BCCF5D60A8F9D3EBE27EF1381\"\r\n \u003cDeny ID=\"ID_DENY_D_384\" FriendlyName=\"PowerShellShell 384\" Hash=\"34887B225444A18158B632CAEA4FEF6E7D691FEA3E\r\n \u003cDeny ID=\"ID_DENY_D_385\" FriendlyName=\"PowerShellShell 385\" Hash=\"1FD04D4BD5F9E41FA8278F3F9B05FE8702ADB4C8\"\r\n \u003cDeny ID=\"ID_DENY_D_386\" FriendlyName=\"PowerShellShell 386\" Hash=\"6586176AEBE8307829A1E03D878EF6F500E8C5032E\r\n \u003cDeny ID=\"ID_DENY_D_387\" FriendlyName=\"PowerShellShell 387\" Hash=\"DEBC3DE2AD99FC5E885A358A6994E6BD39DABCB0\"\r\n \u003cDeny ID=\"ID_DENY_D_388\" FriendlyName=\"PowerShellShell 388\" Hash=\"FDF54A4A3089062FFFA4A41FEBF38F0ABC9D502B57\r\n \u003cDeny ID=\"ID_DENY_D_389\" FriendlyName=\"PowerShellShell 389\" Hash=\"6AA06D07D9DE8FE7E13B66EDFA07232B56F7E21D\"\r\n \u003cDeny ID=\"ID_DENY_D_390\" FriendlyName=\"PowerShellShell 390\" Hash=\"DD3E74CFB8ED64FA5BE9136C305584CD2E529D92B3\r\n \u003cDeny ID=\"ID_DENY_D_391\" FriendlyName=\"PowerShellShell 391\" Hash=\"5C858042246FDDDB281C1BFD2FEFC9BAABC3F7AD\"\r\n \u003cDeny ID=\"ID_DENY_D_392\" FriendlyName=\"PowerShellShell 392\" Hash=\"20E65B1BE06A99507412FC0E75D158EE1D9D43AE5F\r\n \u003cDeny ID=\"ID_DENY_D_393\" FriendlyName=\"PowerShellShell 393\" Hash=\"2ABCD0525D31D4BB2D0131364FBE1D94A02A3E2A\"\r\n \u003cDeny ID=\"ID_DENY_D_394\" FriendlyName=\"PowerShellShell 394\" Hash=\"806EC87F1EFA428627989318C882CD695F55F60A1E\r\n \u003cDeny ID=\"ID_DENY_D_395\" FriendlyName=\"PowerShellShell 395\" Hash=\"E2967D755D0F79FA8EA7A8585106926CA87F89CB\"\r\n \u003cDeny ID=\"ID_DENY_D_396\" FriendlyName=\"PowerShellShell 396\" Hash=\"07382BE9D8ACBAFDA953C842BAAE600A82A69183D6\r\n \u003cDeny ID=\"ID_DENY_D_397\" FriendlyName=\"PowerShellShell 397\" Hash=\"75EF6F0B78098FB1766DCC853E004476033499CF\"\r\n \u003cDeny ID=\"ID_DENY_D_398\" FriendlyName=\"PowerShellShell 398\" Hash=\"699A9D17E1247F05767E82BFAFBD96DBE07AE521E2\r\n \u003cDeny ID=\"ID_DENY_D_399\" FriendlyName=\"PowerShellShell 399\" Hash=\"E73178C487AF6B9F182B2CCA25774127B0303093\"\r\n \u003cDeny ID=\"ID_DENY_D_400\" FriendlyName=\"PowerShellShell 400\" Hash=\"0BD1FE62BE97032ADDAAB41B445D00103302D3CE8A\r\n \u003cDeny ID=\"ID_DENY_D_401\" FriendlyName=\"PowerShellShell 401\" Hash=\"EBF20FEECA95F83B9F5C22B97EB44DD7EB2C7B5F\"\r\n \u003cDeny ID=\"ID_DENY_D_402\" FriendlyName=\"PowerShellShell 402\" Hash=\"B5AE0EAA5AF4245AD9B37C8C1FC5220081B92A1395\r\n \u003cDeny ID=\"ID_DENY_D_403\" FriendlyName=\"PowerShellShell 403\" Hash=\"5E53A4235DC549D0195A9DDF607288CEDE7BF115\"\r\n \u003cDeny ID=\"ID_DENY_D_404\" FriendlyName=\"PowerShellShell 404\" Hash=\"FE57195757977E4485BF5E5D72A24EA65E33F8EAA7\r\n \u003cDeny ID=\"ID_DENY_D_405\" FriendlyName=\"PowerShellShell 405\" Hash=\"014BC30E1FC12F270824F01DC7C934497A573124\"\r\n \u003cDeny ID=\"ID_DENY_D_406\" FriendlyName=\"PowerShellShell 406\" Hash=\"65B3B357C356DAE26E5B036820C193989C0F9E8E08\r\n \u003cDeny ID=\"ID_DENY_D_407\" FriendlyName=\"PowerShellShell 407\" Hash=\"128D7D03E4B85DBF95427D72EFF833DAB5E92C33\"\r\n \u003cDeny ID=\"ID_DENY_D_408\" FriendlyName=\"PowerShellShell 408\" Hash=\"EACFC615FDE29BD858088AF42E0917E4B4CA5991EF\r\n \u003cDeny ID=\"ID_DENY_D_409\" FriendlyName=\"PowerShellShell 409\" Hash=\"C7D70B96440D215173F35412D56CF9329886D8D3\"\r\n \u003cDeny ID=\"ID_DENY_D_410\" FriendlyName=\"PowerShellShell 410\" Hash=\"B00C54F1AA77D88335675EAF07ED834E68FD96DD76\r\n \u003cDeny ID=\"ID_DENY_D_411\" FriendlyName=\"PowerShellShell 411\" Hash=\"8287B536E8E63F024DE1248D0FE3E6A759E9ACEE\"\r\n \u003cDeny ID=\"ID_DENY_D_412\" FriendlyName=\"PowerShellShell 412\" Hash=\"B714D4A700A56BC1D4B3F59DFC1F5835CB97CBEF39\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 13 of 34\n\n\u003cDeny ID=\"ID_DENY_D_413\" FriendlyName=\"PowerShellShell 413\" Hash=\"6BC1E70F0EA84E88AC28BEAF74C10F3ABDF99209\"\r\n \u003cDeny ID=\"ID_DENY_D_414\" FriendlyName=\"PowerShellShell 414\" Hash=\"93CB3907D1A9473E8A90593250C4A95EAE3A7066E9\r\n \u003cDeny ID=\"ID_DENY_D_415\" FriendlyName=\"PowerShellShell 415\" Hash=\"AC9F095DD4AE80B124F55541761AA1F35E49A575\"\r\n \u003cDeny ID=\"ID_DENY_D_416\" FriendlyName=\"PowerShellShell 416\" Hash=\"0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABC\r\n \u003cDeny ID=\"ID_DENY_D_417\" FriendlyName=\"PowerShellShell 417\" Hash=\"3C7265C3393C585D32E509B2D2EC048C73AC5EE6\"\r\n \u003cDeny ID=\"ID_DENY_D_418\" FriendlyName=\"PowerShellShell 418\" Hash=\"7F1E03E956CA38CC0C491CB958D6E61A52491269CD\r\n \u003cDeny ID=\"ID_DENY_D_419\" FriendlyName=\"PowerShellShell 419\" Hash=\"89CEAB6518DA4E7F75B3C75BC04A112D3637B737\"\r\n \u003cDeny ID=\"ID_DENY_D_420\" FriendlyName=\"PowerShellShell 420\" Hash=\"6581E491FBFF954A1A4B9CEA69B63951D67EB56DF8\r\n \u003cDeny ID=\"ID_DENY_D_421\" FriendlyName=\"PowerShellShell 421\" Hash=\"4BFB3F95CA1B79DA3C6B0A2ECB432059E686F967\"\r\n \u003cDeny ID=\"ID_DENY_D_422\" FriendlyName=\"PowerShellShell 422\" Hash=\"0C4688AACD02829850DE0F792AC06D3C87895412A9\r\n \u003cDeny ID=\"ID_DENY_D_423\" FriendlyName=\"PowerShellShell 423\" Hash=\"BDBE541D269EC8235563842D024F9E37883DFB57\"\r\n \u003cDeny ID=\"ID_DENY_D_424\" FriendlyName=\"PowerShellShell 424\" Hash=\"441076C7FD0AD481E6AC3198F08BE80EA9EB2926CA\r\n \u003cDeny ID=\"ID_DENY_D_425\" FriendlyName=\"PowerShellShell 425\" Hash=\"BDB3DAC80667A0B931835D5D658C08F236B413D1\"\r\n \u003cDeny ID=\"ID_DENY_D_426\" FriendlyName=\"PowerShellShell 426\" Hash=\"51287BACB692AAC5A8659774D982B304DC0C0B4A4D\r\n \u003cDeny ID=\"ID_DENY_D_427\" FriendlyName=\"PowerShellShell 427\" Hash=\"EA157E01147629D1F59503D8335FB6EBC688B2C1\"\r\n \u003cDeny ID=\"ID_DENY_D_428\" FriendlyName=\"PowerShellShell 428\" Hash=\"14C160DF95736EC1D7C6C55B9D0F81832E8FE0DB6C\r\n \u003cDeny ID=\"ID_DENY_D_429\" FriendlyName=\"PowerShellShell 429\" Hash=\"272EF88BBA9B4B54D242FFE1E96D07DBF53497A0\"\r\n \u003cDeny ID=\"ID_DENY_D_430\" FriendlyName=\"PowerShellShell 430\" Hash=\"AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3E\r\n \u003cDeny ID=\"ID_DENY_D_431\" FriendlyName=\"PowerShellShell 431\" Hash=\"029198F05598109037A0E9E332EC052317E834DA\"\r\n \u003cDeny ID=\"ID_DENY_D_432\" FriendlyName=\"PowerShellShell 432\" Hash=\"70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74\r\n \u003cDeny ID=\"ID_DENY_D_433\" FriendlyName=\"PowerShellShell 433\" Hash=\"5B8E45EECA32C2F0968C2252229D768B0DB796A0\"\r\n \u003cDeny ID=\"ID_DENY_D_434\" FriendlyName=\"PowerShellShell 434\" Hash=\"B4D336B32C27E3D3FEBE4B06252DDE9683814E7E90\r\n \u003cDeny ID=\"ID_DENY_D_435\" FriendlyName=\"PowerShellShell 435\" Hash=\"6792915D3C837A39BD04AD169488009BB1EA372C\"\r\n \u003cDeny ID=\"ID_DENY_D_436\" FriendlyName=\"PowerShellShell 436\" Hash=\"23B10EC5FC7EAEB9F8D147163463299328FAED4B97\r\n \u003cDeny ID=\"ID_DENY_D_437\" FriendlyName=\"PowerShellShell 437\" Hash=\"EC41A3FB8D6E3B0F55F6583C14C45B6238753019\"\r\n \u003cDeny ID=\"ID_DENY_D_438\" FriendlyName=\"PowerShellShell 438\" Hash=\"76CA6B396796351685198D6189E865AFD7FB9E6C5C\r\n \u003cDeny ID=\"ID_DENY_D_439\" FriendlyName=\"PowerShellShell 439\" Hash=\"A15964475D213FB752B42E7DCDDBF4B14D623D14\"\r\n \u003cDeny ID=\"ID_DENY_D_440\" FriendlyName=\"PowerShellShell 440\" Hash=\"61A68B436D828193E0C7B44D2AF83D22A9CB557B90\r\n \u003cDeny ID=\"ID_DENY_D_441\" FriendlyName=\"PowerShellShell 441\" Hash=\"24F9CF6C5E9671A295AD0DEED74737FB6E9146DE\"\r\n \u003cDeny ID=\"ID_DENY_D_442\" FriendlyName=\"PowerShellShell 442\" Hash=\"C2E862CC578F54A53496EEE2DCB534A106AFD55C72\r\n \u003cDeny ID=\"ID_DENY_D_443\" FriendlyName=\"PowerShellShell 443\" Hash=\"F87C726CCB5E64C6F363C21255935D5FEA9E4A0E\"\r\n \u003cDeny ID=\"ID_DENY_D_444\" FriendlyName=\"PowerShellShell 444\" Hash=\"B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E\r\n \u003cDeny ID=\"ID_DENY_D_445\" FriendlyName=\"PowerShellShell 445\" Hash=\"4EB2C3A4B551FC028E00F2E7DA9D0F1E38728571\"\r\n \u003cDeny ID=\"ID_DENY_D_446\" FriendlyName=\"PowerShellShell 446\" Hash=\"30EAC589069FB79D540080B04B7FDBB8A9B1DF4E96\r\n \u003cDeny ID=\"ID_DENY_D_447\" FriendlyName=\"PowerShellShell 447\" Hash=\"2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8\"\r\n \u003cDeny ID=\"ID_DENY_D_448\" FriendlyName=\"PowerShellShell 448\" Hash=\"015CE571E8503A353E2250D4D0DA19493B3311F343\r\n \u003cDeny ID=\"ID_DENY_D_449\" FriendlyName=\"PowerShellShell 449\" Hash=\"993425279D204D1D14C3EB989DEB4805ADC558CF\"\r\n \u003cDeny ID=\"ID_DENY_D_450\" FriendlyName=\"PowerShellShell 450\" Hash=\"BDADDD710E47EB8D24B78E542F3996B0EA2CA577AB\r\n \u003cDeny ID=\"ID_DENY_D_451\" FriendlyName=\"PowerShellShell 451\" Hash=\"1A16008D330330182AA555B1D3E9BE0B2D6BECBF\"\r\n \u003cDeny ID=\"ID_DENY_D_452\" FriendlyName=\"PowerShellShell 452\" Hash=\"D7685E259D0328937487856A3AB68B6D9D420DD4E0\r\n \u003cDeny ID=\"ID_DENY_D_453\" FriendlyName=\"PowerShellShell 453\" Hash=\"2CB781B3BD79FD277D92332ACA22C04430F9D692\"\r\n \u003cDeny ID=\"ID_DENY_D_454\" FriendlyName=\"PowerShellShell 454\" Hash=\"92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA69\r\n \u003cDeny ID=\"ID_DENY_D_455\" FriendlyName=\"PowerShellShell 455\" Hash=\"BA4B3A92123FBCE66398020AFBCC0BCA1D1AAAD7\"\r\n \u003cDeny ID=\"ID_DENY_D_456\" FriendlyName=\"PowerShellShell 456\" Hash=\"D8D361E3690676C7FDC483003BFC5C0C39FB16B42D\r\n \u003cDeny ID=\"ID_DENY_D_457\" FriendlyName=\"PowerShellShell 457\" Hash=\"D5A9460A941FB5B49EAFDD57575CFB23F27779D3\"\r\n \u003cDeny ID=\"ID_DENY_D_458\" FriendlyName=\"PowerShellShell 458\" Hash=\"4BDAAC1654328E4D37B6ED89DA351155438E558F51\r\n \u003cDeny ID=\"ID_DENY_D_459\" FriendlyName=\"PowerShellShell 459\" Hash=\"3E5294910C59394DA93962128968E6C23016A028\"\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 14 of 34\n\n\u003cDeny ID=\"ID_DENY_D_460\" FriendlyName=\"PowerShellShell 460\" Hash=\"DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA4\r\n \u003cDeny ID=\"ID_DENY_D_461\" FriendlyName=\"PowerShellShell 461\" Hash=\"C30355B5E6FA3F793A3CC0A649945829723DD85C\"\r\n \u003cDeny ID=\"ID_DENY_D_462\" FriendlyName=\"PowerShellShell 462\" Hash=\"4EB14099165177F0F3A1FACE32E72CF2DD221DB441\r\n \u003cDeny ID=\"ID_DENY_D_463\" FriendlyName=\"PowerShellShell 463\" Hash=\"C647D17850941CFB5B9C8AF49A48569B52230274\"\r\n \u003cDeny ID=\"ID_DENY_D_464\" FriendlyName=\"PowerShellShell 464\" Hash=\"0BCBDE8791E3D6D7A7C8FC6F25E14383014E6B43D9\r\n \u003cDeny ID=\"ID_DENY_D_465\" FriendlyName=\"PowerShellShell 465\" Hash=\"CA6E0BAB6B28E1592D0FC5940023C7A81E2568F8\"\r\n \u003cDeny ID=\"ID_DENY_D_466\" FriendlyName=\"PowerShellShell 466\" Hash=\"366E00E2F517D4D404133AEFEF6F917DFA156E3E46\r\n \u003cDeny ID=\"ID_DENY_D_467\" FriendlyName=\"PowerShellShell 467\" Hash=\"7D9FFFA86DDCD227A3B4863D995456308BAC2403\"\r\n \u003cDeny ID=\"ID_DENY_D_468\" FriendlyName=\"PowerShellShell 468\" Hash=\"4439BBF61DC012AFC8190199AF5722C3AE26F365DE\r\n \u003cDeny ID=\"ID_DENY_D_469\" FriendlyName=\"PowerShellShell 469\" Hash=\"8FFDD4576F2B6D4999326CFAF67727BFB471FA21\"\r\n \u003cDeny ID=\"ID_DENY_D_470\" FriendlyName=\"PowerShellShell 470\" Hash=\"94630AB6F60A7193A6E27E312AF9B71DA265D42AD4\r\n \u003cDeny ID=\"ID_DENY_D_471\" FriendlyName=\"PowerShellShell 471\" Hash=\"78B8454F78E216B629E43B4E40765F73BFE0D6C6\"\r\n \u003cDeny ID=\"ID_DENY_D_472\" FriendlyName=\"PowerShellShell 472\" Hash=\"498BB1688410EE243D61FB5C7B37457FA6C0A9A32D\r\n \u003cDeny ID=\"ID_DENY_D_473\" FriendlyName=\"PowerShellShell 473\" Hash=\"B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5\"\r\n \u003cDeny ID=\"ID_DENY_D_474\" FriendlyName=\"PowerShellShell 474\" Hash=\"095B79953F9E3E2FB721693FBFAD5841112D592B6C\r\n \u003cDeny ID=\"ID_DENY_D_475\" FriendlyName=\"PowerShellShell 475\" Hash=\"8AF579DE1D7E590A13BD1DAE5BFDB39476068A05\"\r\n \u003cDeny ID=\"ID_DENY_D_476\" FriendlyName=\"PowerShellShell 476\" Hash=\"9917A3055D194F47AB295FA3F917E4BD2F08DDF45C\r\n \u003cDeny ID=\"ID_DENY_D_477\" FriendlyName=\"PowerShellShell 477\" Hash=\"DD64046BAB221CF4110FF230FA5060310A4D9610\"\r\n \u003cDeny ID=\"ID_DENY_D_478\" FriendlyName=\"PowerShellShell 478\" Hash=\"A55AF37229D7E249C8CAFED3432E595AA77FAF8B62\r\n \u003cDeny ID=\"ID_DENY_D_479\" FriendlyName=\"PowerShellShell 479\" Hash=\"421D1142105358B8360454E43FD15767DA111DBA\"\r\n \u003cDeny ID=\"ID_DENY_D_480\" FriendlyName=\"PowerShellShell 480\" Hash=\"692CABD40C1EDFCB6DC50591F31FAE30848E579D6E\r\n \u003cDeny ID=\"ID_DENY_D_481\" FriendlyName=\"PowerShellShell 481\" Hash=\"720D826A84284E18E0003526A0CD9B7FF0C4A98A\"\r\n \u003cDeny ID=\"ID_DENY_D_482\" FriendlyName=\"PowerShellShell 482\" Hash=\"CB5DF9D0D25571948C3D257882E07C7FA5E768448E\r\n \u003cDeny ID=\"ID_DENY_D_483\" FriendlyName=\"PowerShellShell 483\" Hash=\"2F587293F16DFCD06F3BF8B8348FF68827ECD307\"\r\n \u003cDeny ID=\"ID_DENY_D_484\" FriendlyName=\"PowerShellShell 484\" Hash=\"B2F4A5FE21D5961F464CAB3E88C0ED88154B0C1A42\r\n \u003cDeny ID=\"ID_DENY_D_485\" FriendlyName=\"PowerShellShell 485\" Hash=\"6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A\"\r\n \u003cDeny ID=\"ID_DENY_D_486\" FriendlyName=\"PowerShellShell 486\" Hash=\"432F666CCE8CD222484E263AE02F63E0038143DD6A\r\n \u003cDeny ID=\"ID_DENY_D_487\" FriendlyName=\"PowerShellShell 487\" Hash=\"CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F\"\r\n \u003cDeny ID=\"ID_DENY_D_488\" FriendlyName=\"PowerShellShell 488\" Hash=\"FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440A\r\n \u003cDeny ID=\"ID_DENY_D_489\" FriendlyName=\"PowerShellShell 489\" Hash=\"4F5D66B449C4D2FDEA532F9B5DBECA5ACA8195EF\"\r\n \u003cDeny ID=\"ID_DENY_D_490\" FriendlyName=\"PowerShellShell 490\" Hash=\"39F2F19A5C6708CE8CE4E1ABBEBA8D3D1A6220391C\r\n \u003cDeny ID=\"ID_DENY_D_491\" FriendlyName=\"PowerShellShell 491\" Hash=\"A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE\"\r\n \u003cDeny ID=\"ID_DENY_D_492\" FriendlyName=\"PowerShellShell 492\" Hash=\"3246A0CB329B030DA104E04B1A0728DE83724B08C7\r\n \u003cDeny ID=\"ID_DENY_D_493\" FriendlyName=\"PowerShellShell 493\" Hash=\"E180486F0CC90AF4FB8283ADCF571884894513C8\"\r\n \u003cDeny ID=\"ID_DENY_D_494\" FriendlyName=\"PowerShellShell 494\" Hash=\"3800E38275E6BB3B4645CDAD14CD756239BB9A87EF\r\n \u003cDeny ID=\"ID_DENY_D_495\" FriendlyName=\"PowerShellShell 495\" Hash=\"AC53AE4C8AB56D84393D67D820BEBDC3218739D3\"\r\n \u003cDeny ID=\"ID_DENY_D_496\" FriendlyName=\"PowerShellShell 496\" Hash=\"49580C9459C3917E6F982C8E0D753D293DFA2E4FD1\r\n \u003cDeny ID=\"ID_DENY_D_497\" FriendlyName=\"PowerShellShell 497\" Hash=\"00419E981EDC8613E600C939677F7B460855BF7E\"\r\n \u003cDeny ID=\"ID_DENY_D_498\" FriendlyName=\"PowerShellShell 498\" Hash=\"61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE\r\n \u003cDeny ID=\"ID_DENY_D_499\" FriendlyName=\"PowerShellShell 499\" Hash=\"25F52340199A0EA352C8B1A7014BCB610B232523\"\r\n \u003cDeny ID=\"ID_DENY_D_500\" FriendlyName=\"PowerShellShell 500\" Hash=\"64D6D1F3A053908C5635BD6BDA36BC8E72D518C7EC\r\n \u003cDeny ID=\"ID_DENY_D_501\" FriendlyName=\"PowerShellShell 501\" Hash=\"F4DB0CDF3A3FD163A9B90789CC6D14D326AD609C\"\r\n \u003cDeny ID=\"ID_DENY_D_502\" FriendlyName=\"PowerShellShell 502\" Hash=\"5D249D8366077713024552CA8D08F164E975AFF89E\r\n \u003cDeny ID=\"ID_DENY_D_503\" FriendlyName=\"PowerShellShell 503\" Hash=\"231A02EAB7EB192638BC89AB61A5077346FF22B9\"\r\n \u003cDeny ID=\"ID_DENY_D_504\" FriendlyName=\"PowerShellShell 504\" Hash=\"4D544170DE5D9916678EA43A7C6F796FC02EFA9197\r\n \u003cDeny ID=\"ID_DENY_D_505\" FriendlyName=\"PowerShellShell 505\" Hash=\"A9745E20419EC1C90B23FE965D3C2DF028AF39DC\"\r\n \u003cDeny ID=\"ID_DENY_D_506\" FriendlyName=\"PowerShellShell 506\" Hash=\"71B5B58EAA0C90397BC9546BCCA8C657500499CD20\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 15 of 34\n\n\u003cDeny ID=\"ID_DENY_D_507\" FriendlyName=\"PowerShellShell 507\" Hash=\"15EF1F7DBC474732E122A0147640ACBD9DA1775C\"\r\n \u003cDeny ID=\"ID_DENY_D_508\" FriendlyName=\"PowerShellShell 508\" Hash=\"04724BF232D5F169FBB0DB6821E35D772619FB4F24\r\n \u003cDeny ID=\"ID_DENY_D_509\" FriendlyName=\"PowerShellShell 509\" Hash=\"7959AB2B34A5F490AD54782D135BF155592DF13F\"\r\n \u003cDeny ID=\"ID_DENY_D_510\" FriendlyName=\"PowerShellShell 510\" Hash=\"DD03CD6B5655B4EB9DD259F26E1585389804C23DB3\r\n \u003cDeny ID=\"ID_DENY_D_511\" FriendlyName=\"PowerShellShell 511\" Hash=\"CCA8C8FB699496BD50AE296B20CC9ADC3496DECE\"\r\n \u003cDeny ID=\"ID_DENY_D_512\" FriendlyName=\"PowerShellShell 512\" Hash=\"75E6C2DD81FE2664DF466C9C2EB0F923B0C6D992FF\r\n \u003cDeny ID=\"ID_DENY_D_513\" FriendlyName=\"PowerShellShell 513\" Hash=\"080DEC3B15AD5AFE9BF3B0943A36285E92BAF469\"\r\n \u003cDeny ID=\"ID_DENY_D_514\" FriendlyName=\"PowerShellShell 514\" Hash=\"F1391E78F17EA6097906B99C6F4F0AE8DD2E519856\r\n \u003cDeny ID=\"ID_DENY_D_515\" FriendlyName=\"PowerShellShell 515\" Hash=\"B3B7A653DD1A10EE9A3D35C818D227E2E3C3B5FB\"\r\n \u003cDeny ID=\"ID_DENY_D_516\" FriendlyName=\"PowerShellShell 516\" Hash=\"43E2D91C0C6A8473BE178F1793E5E34966D700F713\r\n \u003cDeny ID=\"ID_DENY_D_517\" FriendlyName=\"PowerShellShell 517\" Hash=\"D82583F7D5EA477C94630AC5AAEB771C85BD4B0A\"\r\n \u003cDeny ID=\"ID_DENY_D_518\" FriendlyName=\"PowerShellShell 518\" Hash=\"9B0F39AB233628A971ACEC53029C9B608CAB99868F\r\n \u003cDeny ID=\"ID_DENY_D_519\" FriendlyName=\"PowerShellShell 519\" Hash=\"AAE22FD137E8B7217222974DCE60B9AD4AF2A512\"\r\n \u003cDeny ID=\"ID_DENY_D_520\" FriendlyName=\"PowerShellShell 520\" Hash=\"DAC9E963A3897D7F7AB2B4FEBBD4894A1544124663\r\n \u003cDeny ID=\"ID_DENY_D_521\" FriendlyName=\"PowerShellShell 521\" Hash=\"8DAB1D74CAEDBAA8D17805CF00D64A44F5831C12\"\r\n \u003cDeny ID=\"ID_DENY_D_522\" FriendlyName=\"PowerShellShell 522\" Hash=\"AC1CE3AA9023E23F2F63D5A3536294B91468605733\r\n \u003cDeny ID=\"ID_DENY_D_523\" FriendlyName=\"PowerShellShell 523\" Hash=\"266896FD257AD8EE9FC73B3A50306A573714EA8A\"\r\n \u003cDeny ID=\"ID_DENY_D_524\" FriendlyName=\"PowerShellShell 524\" Hash=\"8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7\r\n \u003cDeny ID=\"ID_DENY_D_525\" FriendlyName=\"PowerShellShell 525\" Hash=\"2AB804E1FF982AE0EDB591BC61AA909CF32E99C5\"\r\n \u003cDeny ID=\"ID_DENY_D_526\" FriendlyName=\"PowerShellShell 526\" Hash=\"253120422B0DD987C293CAF5928FA820414C0A0162\r\n \u003cDeny ID=\"ID_DENY_D_527\" FriendlyName=\"PowerShellShell 527\" Hash=\"25CA971D7EDFAA7A48FA19B8399301853809D7CC\"\r\n \u003cDeny ID=\"ID_DENY_D_528\" FriendlyName=\"PowerShellShell 528\" Hash=\"0A10C71CB5CC8A801F84F2CCD8041D13DB55711435\r\n \u003cDeny ID=\"ID_DENY_D_529\" FriendlyName=\"PowerShellShell 529\" Hash=\"46E05FD4D62451C1DCB0287B32B3D77AD41544EA\"\r\n \u003cDeny ID=\"ID_DENY_D_530\" FriendlyName=\"PowerShellShell 530\" Hash=\"D86F930445F0715D0D7E4C3B089399280FBA2ACE0E\r\n \u003cDeny ID=\"ID_DENY_D_531\" FriendlyName=\"PowerShellShell 531\" Hash=\"479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA\"\r\n \u003cDeny ID=\"ID_DENY_D_532\" FriendlyName=\"PowerShellShell 532\" Hash=\"2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5\r\n \u003cDeny ID=\"ID_DENY_D_533\" FriendlyName=\"PowerShellShell 533\" Hash=\"FF205856A3209227D571EAD4B8C1E611E7FF9924\"\r\n \u003cDeny ID=\"ID_DENY_D_534\" FriendlyName=\"PowerShellShell 534\" Hash=\"A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC\r\n \u003cDeny ID=\"ID_DENY_D_535\" FriendlyName=\"PowerShellShell 535\" Hash=\"7FCB424E67DDAC49413B45D7DCD636AD70E23B41\"\r\n \u003cDeny ID=\"ID_DENY_D_536\" FriendlyName=\"PowerShellShell 536\" Hash=\"7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE\r\n \u003cDeny ID=\"ID_DENY_D_537\" FriendlyName=\"PowerShellShell 537\" Hash=\"46936F4F0AFE4C87D2E55595F74DDDFFC9AD94EE\"\r\n \u003cDeny ID=\"ID_DENY_D_538\" FriendlyName=\"PowerShellShell 538\" Hash=\"9843DC862BC7491A279A09EFD8FF122EB23C57CA\"\r\n \u003cDeny ID=\"ID_DENY_D_539\" FriendlyName=\"PowerShellShell 539\" Hash=\"11F11FB1E57F299383A615D6A28436E02A1C1A83\"\r\n \u003cDeny ID=\"ID_DENY_D_540\" FriendlyName=\"PowerShellShell 540\" Hash=\"C593ABE79DFFB1504CFCDB1A6AD65D24996E7B97\"\r\n \u003cDeny ID=\"ID_DENY_D_541\" FriendlyName=\"PowerShellShell 541\" Hash=\"93E22F2BA6C8B1C09F100F9C0E3B06FAF2D1DDB6\"\r\n \u003cDeny ID=\"ID_DENY_D_542\" FriendlyName=\"PowerShellShell 542\" Hash=\"5A8D9712CF7893C335FFB7414748625D524227FE\"\r\n \u003cDeny ID=\"ID_DENY_D_543\" FriendlyName=\"PowerShellShell 543\" Hash=\"B5FFFEE20F25691A59F3894644AEF088B4845761\"\r\n \u003cDeny ID=\"ID_DENY_D_544\" FriendlyName=\"PowerShellShell 544\" Hash=\"3334059FF4484C43A5D08CEC3E43E2D27EDB927B\"\r\n \u003cDeny ID=\"ID_DENY_D_545\" FriendlyName=\"PowerShellShell 545\" Hash=\"00B6993F59990C3DFEA33584BDB050F91313B17A\"\r\n \u003cDeny ID=\"ID_DENY_D_546\" FriendlyName=\"PowerShellShell 546\" Hash=\"7518F60A0B33011D19873908559961F96A9B4FC0\"\r\n \u003cDeny ID=\"ID_DENY_D_547\" FriendlyName=\"PowerShellShell 547\" Hash=\"A1D1AF7675C2596D0DF977F57B54372298A56EE0F3\r\n \u003cDeny ID=\"ID_DENY_D_548\" FriendlyName=\"PowerShellShell 548\" Hash=\"3C1743CBC43B80F5AF5B17239B03A8727B4BE81F14\r\n \u003cDeny ID=\"ID_DENY_D_549\" FriendlyName=\"PowerShellShell 549\" Hash=\"C7DC8B00F0BDA000D1F3CF0FBC7AB32D443C377C01\r\n \u003cDeny ID=\"ID_DENY_D_550\" FriendlyName=\"PowerShellShell 550\" Hash=\"ED5A4747C8AEEB1AC2F4FDB8EB0B9BFC240F2B3C00\r\n \u003cDeny ID=\"ID_DENY_D_551\" FriendlyName=\"PowerShellShell 551\" Hash=\"939C291D4A2592209EC7664EC832670FA0AC1009F9\r\n \u003cDeny ID=\"ID_DENY_D_552\" FriendlyName=\"PowerShellShell 552\" Hash=\"497A2D4207B2AE6EF09424591624A86A64A2C8E451\r\n \u003cDeny ID=\"ID_DENY_D_553\" FriendlyName=\"PowerShellShell 553\" Hash=\"732BC385B191C8436B42CD1441DC234FFDD5EC1BD1\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 16 of 34\n\n\u003cDeny ID=\"ID_DENY_D_554\" FriendlyName=\"PowerShellShell 554\" Hash=\"CBD19FDB6338DB02299A3F3FFBBEBF216B18013B33\r\n \u003cDeny ID=\"ID_DENY_D_555\" FriendlyName=\"PowerShellShell 555\" Hash=\"3A316A0A470744EB7D18339B76E786564D1E961307\r\n \u003cDeny ID=\"ID_DENY_D_556\" FriendlyName=\"PowerShellShell 556\" Hash=\"68A4A1E8F4E1B903408ECD24608659B390B9E7154E\r\n \u003cDeny ID=\"ID_DENY_D_557\" FriendlyName=\"PowerShellShell 557\" Hash=\"45F948AF27F4E698A8546027717901B5F70368EE\"\r\n \u003cDeny ID=\"ID_DENY_D_558\" FriendlyName=\"PowerShellShell 558\" Hash=\"2D63C337961C6CF2660C5DB906D9070CA38BCE8285\r\n \u003cDeny ID=\"ID_DENY_D_559\" FriendlyName=\"PowerShellShell 559\" Hash=\"DA4CD4B0158B774CE55721718F77ED91E3A42EB3\"\r\n \u003cDeny ID=\"ID_DENY_D_560\" FriendlyName=\"PowerShellShell 560\" Hash=\"7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6\r\n \u003cDeny ID=\"ID_DENY_D_561\" FriendlyName=\"PowerShellShell 561\" Hash=\"C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408\"\r\n \u003cDeny ID=\"ID_DENY_D_562\" FriendlyName=\"PowerShellShell 562\" Hash=\"1DCAD0BBCC036B85875CC0BAF1B65027933624C1A2\r\n \u003cDeny ID=\"ID_DENY_D_563\" FriendlyName=\"PowerShellShell 563\" Hash=\"7D8CAB8D9663926E29CB810B42C5152E8A1E947E\"\r\n \u003cDeny ID=\"ID_DENY_D_564\" FriendlyName=\"PowerShellShell 564\" Hash=\"2E0203370E6E5437CE2CE1C20895919F806B4E5FEB\r\n \u003cDeny ID=\"ID_DENY_D_565\" FriendlyName=\"PowerShellShell 565\" Hash=\"20E7156E348912C20D35BD4BE2D52C996BF5535E\"\r\n \u003cDeny ID=\"ID_DENY_D_566\" FriendlyName=\"PowerShellShell 566\" Hash=\"EB26078544BDAA34733AA660A1A2ADE98523DAFD9D\r\n \u003cDeny ID=\"ID_DENY_D_567\" FriendlyName=\"PowerShellShell 567\" Hash=\"B9DD16FC0D02EA34613B086307C9DBEAC30546AF\"\r\n \u003cDeny ID=\"ID_DENY_D_568\" FriendlyName=\"PowerShellShell 568\" Hash=\"DE5B012C4DC3FE3DD432AF9339C36EFB8D54E88644\r\n \u003cDeny ID=\"ID_DENY_D_569\" FriendlyName=\"PowerShellShell 569\" Hash=\"6397AB5D664CDB84A867BC7E22ED0789060C6276\"\r\n \u003cDeny ID=\"ID_DENY_D_570\" FriendlyName=\"PowerShellShell 570\" Hash=\"B660F6CA0788DA18375602537095C378990E8229B1\r\n \u003cDeny ID=\"ID_DENY_D_571\" FriendlyName=\"PowerShellShell 571\" Hash=\"3BF717645AC3986AAD0B4EA9D196B18D05199DA9\"\r\n \u003cDeny ID=\"ID_DENY_D_572\" FriendlyName=\"PowerShellShell 572\" Hash=\"364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB\r\n \u003cDeny ID=\"ID_DENY_D_573\" FriendlyName=\"PowerShellShell 573\" Hash=\"3A1B06680F119C03C60D12BAC682853ABE430D21\"\r\n \u003cDeny ID=\"ID_DENY_D_574\" FriendlyName=\"PowerShellShell 574\" Hash=\"850759BCE4B66997CF84E84683A2C1980D4B498821\r\n \u003cDeny ID=\"ID_DENY_D_575\" FriendlyName=\"PowerShellShell 575\" Hash=\"654C54AA3F2C74FBEB55B961FB1924A7B2737E61\"\r\n \u003cDeny ID=\"ID_DENY_D_576\" FriendlyName=\"PowerShellShell 576\" Hash=\"B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100\r\n \u003cDeny ID=\"ID_DENY_D_577\" FriendlyName=\"PowerShellShell 577\" Hash=\"496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52\"\r\n \u003cDeny ID=\"ID_DENY_D_578\" FriendlyName=\"PowerShellShell 578\" Hash=\"E430485B577774825CEF53E5125B618A2608F7BE36\r\n \u003cDeny ID=\"ID_DENY_D_579\" FriendlyName=\"PowerShellShell 579\" Hash=\"6EA8CEEA0D2879989854E8C86CECA26EF79F7B19\"\r\n \u003cDeny ID=\"ID_DENY_D_580\" FriendlyName=\"PowerShellShell 580\" Hash=\"8838FE3D8E2505F3D3D8B98C64739115838A0B443B\r\n \u003cDeny ID=\"ID_DENY_D_581\" FriendlyName=\"PowerShellShell 581\" Hash=\"28C5E53DE197E872F7E4772BF40F728F56FE3ACC\"\r\n \u003cDeny ID=\"ID_DENY_D_582\" FriendlyName=\"PowerShellShell 582\" Hash=\"3493DAEC6EC03E56ECC4A15432C750735F75F9CB38\r\n \u003cDeny ID=\"ID_DENY_D_585\" FriendlyName=\"PowerShellShell 585\" Hash=\"DBB5A6F5388C574A3B5B63E65F7810AB271E9A77\"\r\n \u003cDeny ID=\"ID_DENY_D_586\" FriendlyName=\"PowerShellShell 586\" Hash=\"6DB24D174CCF06C9138B5A9320AE4261CA0CF30535\r\n \u003cDeny ID=\"ID_DENY_D_587\" FriendlyName=\"PowerShellShell 587\" Hash=\"757626CF5D444F5A4AF79EDE38E9EF65FA2C9802\"\r\n \u003cDeny ID=\"ID_DENY_D_588\" FriendlyName=\"PowerShellShell 588\" Hash=\"1E17D036EBB5E82BF2FD5BDC3ABAB08B5EA9E4504D\r\n \u003cDeny ID=\"ID_DENY_D_589\" FriendlyName=\"PowerShellShell 589\" Hash=\"2965DC840B8F5F7ED2AEC979F21EADA664E3CB70\"\r\n \u003cDeny ID=\"ID_DENY_D_590\" FriendlyName=\"PowerShellShell 590\" Hash=\"5449560095D020687C268BD34D9425E7A2739E1B9B\r\n \u003cDeny ID=\"ID_DENY_D_591\" FriendlyName=\"PowerShellShell 591\" Hash=\"BB47C1251866F87723A7EDEC9A01D3B955BAB846\"\r\n \u003cDeny ID=\"ID_DENY_D_592\" FriendlyName=\"PowerShellShell 592\" Hash=\"B05F3BE23DE6AE2557D6661C6FE35E114E8A69B326\r\n \u003cDeny ID=\"ID_DENY_D_593\" FriendlyName=\"PowerShellShell 593\" Hash=\"2F3D30827E02D5FEF051E54C74ECA6AD4CC4BAD2\"\r\n \u003cDeny ID=\"ID_DENY_D_594\" FriendlyName=\"PowerShellShell 594\" Hash=\"F074589A1FAA76A751B05AD61B968683134F3FFC10\r\n \u003cDeny ID=\"ID_DENY_D_595\" FriendlyName=\"PowerShellShell 595\" Hash=\"10096BD0A359142A13F2B8023A341C79A4A97975\"\r\n \u003cDeny ID=\"ID_DENY_D_596\" FriendlyName=\"PowerShellShell 596\" Hash=\"A271D72CDE48F69EB694B753BF9417CD6A72F7DA06\r\n \u003cDeny ID=\"ID_DENY_D_597\" FriendlyName=\"PowerShellShell 597\" Hash=\"F8E803E1623BA66EA2EE0751A648834130B8BE5D\"\r\n \u003cDeny ID=\"ID_DENY_D_598\" FriendlyName=\"PowerShellShell 598\" Hash=\"E70DB033B773FE01B1D4464CAC112AF41C09E75D25\r\n \u003cDeny ID=\"ID_DENY_D_599\" FriendlyName=\"PowerShellShell 599\" Hash=\"665BE52329F9CECEC1CD548A1B4924C9B1F79BD8\"\r\n \u003cDeny ID=\"ID_DENY_D_600\" FriendlyName=\"PowerShellShell 600\" Hash=\"24CC5B946D9469A39CF892DD4E92117E0E144DC7C6\r\n \u003cDeny ID=\"ID_DENY_D_601\" FriendlyName=\"PowerShellShell 601\" Hash=\"C4627F2CF69A8575D7BF7065ADF5354D96707DFD\"\r\n \u003cDeny ID=\"ID_DENY_D_602\" FriendlyName=\"PowerShellShell 602\" Hash=\"7F1DF759C050E0EF4F9F96FF43904B418C674D4830\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 17 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 19 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 20 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 21 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 22 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 23 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 24 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 25 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 26 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 27 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 28 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 29 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 30 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 31 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 32 of 34\n\n0 https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\nPage 33 of 34\n\n\u003cSetting Provider=\"PolicyInfo\" Key=\"Information\" ValueName=\"Name\"\u003e\r\n \u003cValue\u003e\r\n \u003cString\u003eMicrosoft Windows Recommended User Mode BlockList\u003c/String\u003e\r\n \u003c/Value\u003e\r\n \u003c/Setting\u003e\r\n \u003cSetting Provider=\"PolicyInfo\" Key=\"Information\" ValueName=\"Id\"\u003e\r\n \u003cValue\u003e\r\n \u003cString\u003e10.1.0.2\u003c/String\u003e\r\n \u003c/Value\u003e\r\n \u003c/Setting\u003e\r\n \u003c/Settings\u003e\r\n\u003c/SiPolicy\u003e\r\nMerge App Control policies\r\nSource: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-r\r\nules\r\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules\r\nPage 34 of 34\n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules   \n\u003cDeny ID=\"ID_DENY_D_93\" FriendlyName=\"PowerShell 93\" Hash=\"91C0F76798A9679188C7D93FDEBAF797BDBE41B2\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_94\" FriendlyName=\"PowerShell 94\" Hash=\"1D9244EAFEDFBFC02E13822E24A476C36FFD362B9D18F6CD1 \n\u003cDeny ID=\"ID_DENY_D_95\" FriendlyName=\"PowerShell 95\" Hash=\"7FCB424E67DDAC49413B45D7DCD636AD70E23B41\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_96\" FriendlyName=\"PowerShell 96\" Hash=\"7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE7C2937B \n\u003cDeny ID=\"ID_DENY_D_97\" FriendlyName=\"PowerShell 97\" Hash=\"A9745E20419EC1C90B23FE965D3C2DF028AF39DC\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_98\" FriendlyName=\"PowerShell 98\" Hash=\"71B5B58EAA0C90397BC9546BCCA8C657500499CD2087CD7D7 \n\u003cDeny ID=\"ID_DENY_D_99\" FriendlyName=\"PowerShell 99\" Hash=\"3E5294910C59394DA93962128968E6C23016A028\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_100\" FriendlyName=\"PowerShell 100\" Hash=\"DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA40E4F8 \n\u003cDeny ID=\"ID_DENY_D_101\" FriendlyName=\"PowerShell 101\" Hash=\"266896FD257AD8EE9FC73B3A50306A573714EA8A\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_102\" FriendlyName=\"PowerShell 102\" Hash=\"8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7B3400 \n\u003cDeny ID=\"ID_DENY_D_103\" FriendlyName=\"PowerShell 103\" Hash=\"2CB781B3BD79FD277D92332ACA22C04430F9D692\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_104\" FriendlyName=\"PowerShell 104\" Hash=\"92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA699FA30 \n\u003cDeny ID=\"ID_DENY_D_105\" FriendlyName=\"PowerShell 105\" Hash=\"D82583F7D5EA477C94630AC5AAEB771C85BD4B0A\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_106\" FriendlyName=\"PowerShell 106\" Hash=\"9B0F39AB233628A971ACEC53029C9B608CAB99868F1A1C5 \n\u003cDeny ID=\"ID_DENY_D_107\" FriendlyName=\"PowerShell 107\" Hash=\"2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_108\" FriendlyName=\"PowerShell 108\" Hash=\"015CE571E8503A353E2250D4D0DA19493B3311F3437527E \n\u003cDeny ID=\"ID_DENY_D_109\" FriendlyName=\"PowerShell 109\" Hash=\"080DEC3B15AD5AFE9BF3B0943A36285E92BAF469\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_110\" FriendlyName=\"PowerShell 110\" Hash=\"F1391E78F17EA6097906B99C6F4F0AE8DD2E519856F837A \n\u003cDeny ID=\"ID_DENY_D_111\" FriendlyName=\"PowerShell 111\" Hash=\"F87C726CCB5E64C6F363C21255935D5FEA9E4A0E\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_112\" FriendlyName=\"PowerShell 112\" Hash=\"B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E94764 \n\u003cDeny ID=\"ID_DENY_D_113\" FriendlyName=\"PowerShell 113\" Hash=\"25F52340199A0EA352C8B1A7014BCB610B232523\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_114\" FriendlyName=\"PowerShell 114\" Hash=\"64D6D1F3A053908C5635BD6BDA36BC8E72D518C7ECE8DA7 \n\u003cDeny ID=\"ID_DENY_D_115\" FriendlyName=\"PowerShell 115\" Hash=\"029198F05598109037A0E9E332EC052317E834DA\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_116\" FriendlyName=\"PowerShell 116\" Hash=\"70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74F9145 \n\u003cDeny ID=\"ID_DENY_D_117\" FriendlyName=\"PowerShell 117\" Hash=\"A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_118\" FriendlyName=\"PowerShell 118\" Hash=\"3246A0CB329B030DA104E04B1A0728DE83724B08C724FD0 \n\u003cDeny ID=\"ID_DENY_D_119\" FriendlyName=\"PowerShell 119\" Hash=\"89CEAB6518DA4E7F75B3C75BC04A112D3637B737\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_120\" FriendlyName=\"PowerShell 120\" Hash=\"6581E491FBFF954A1A4B9CEA69B63951D67EB56DF871ED8 \n\u003cDeny ID=\"ID_DENY_D_121\" FriendlyName=\"PowerShell 121\" Hash=\"00419E981EDC8613E600C939677F7B460855BF7E\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_122\" FriendlyName=\"PowerShell 122\" Hash=\"61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE91E58 \n\u003cDeny ID=\"ID_DENY_D_123\" FriendlyName=\"PowerShell 123\" Hash=\"272EF88BBA9B4B54D242FFE1E96D07DBF53497A0\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_124\" FriendlyName=\"PowerShell 124\" Hash=\"AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3ECBB52 \n\u003cDeny ID=\"ID_DENY_D_125\" FriendlyName=\"PowerShell 125\" Hash=\"CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_126\" FriendlyName=\"PowerShell 126\" Hash=\"FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440AC0316 \n\u003cDeny ID=\"ID_DENY_D_127\" FriendlyName=\"PowerShell 127\" Hash=\"941D0FD47887035A04E17F46DE6C4004D7FD8871\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_128\" FriendlyName=\"PowerShell 128\" Hash=\"4AD6DC7FF0A2E776CE7F27B4E3D3C1C380CA3548DFED565 \n\u003cDeny ID=\"ID_DENY_D_129\" FriendlyName=\"PowerShell 129\" Hash=\"421D1142105358B8360454E43FD15767DA111DBA\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_130\" FriendlyName=\"PowerShell 130\" Hash=\"692CABD40C1EDFCB6DC50591F31FAE30848E579D6EF4D2C \n\u003cDeny ID=\"ID_DENY_D_131\" FriendlyName=\"PowerShell 131\" Hash=\"AC9F095DD4AE80B124F55541761AA1F35E49A575\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_132\" FriendlyName=\"PowerShell 132\" Hash=\"0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABCE6859 \n\u003cDeny ID=\"ID_DENY_D_133\" FriendlyName=\"PowerShell 133\" Hash=\"B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_134\" FriendlyName=\"PowerShell 134\" Hash=\"095B79953F9E3E2FB721693FBFAD5841112D592B6CA7EB2 \n\u003cDeny ID=\"ID_DENY_D_135\" FriendlyName=\"PowerShell 135\" Hash=\"128D7D03E4B85DBF95427D72EFF833DAB5E92C33\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_136\" FriendlyName=\"PowerShell 136\" Hash=\"EACFC615FDE29BD858088AF42E0917E4B4CA5991EFB4394 \n\u003cDeny ID=\"ID_DENY_D_137\" FriendlyName=\"PowerShell 137\" Hash=\"47D2F87F2D2D516D712A156421F0C2BD285200E9\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_138\" FriendlyName=\"PowerShell 138\" Hash=\"8CACA1828E7770DADF21D558976D415AC7BDA16D5892630 \n\u003cDeny ID=\"ID_DENY_D_139\" FriendlyName=\"PowerShell 139\" Hash=\"CD9D70B0107801567EEADC4ECD74511A1A6FF4FE\" /\u003e\n  Page 8 of 34 \n\nhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules   \n\u003cDeny ID=\"ID_DENY_D_187\" FriendlyName=\"PowerShell 187\" Hash=\"C1E08AD32F680100C51F138C6C095139E7230C3B\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_188\" FriendlyName=\"PowerShell 188\" Hash=\"A5D5C1F79CD26216194D4C72DBAA3E48CB4A143D9E1F788 \n\u003cDeny ID=\"ID_DENY_D_189\" FriendlyName=\"PowerShell 189\" Hash=\"BACA825D0852E2D8F3D92381D112B99B5DD56D9F\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_190\" FriendlyName=\"PowerShell 190\" Hash=\"ABA28E0FC251E1D7FE5E264E1B36EC5E482D70AA434E75A \n\u003cDeny ID=\"ID_DENY_D_191\" FriendlyName=\"PowerShell 191\" Hash=\"E89C29D38F554F6CB73B5FD3D0A783CC12FFEBC3\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_192\" FriendlyName=\"PowerShell 192\" Hash=\"4C93CBDCF4328D27681453D8DFD7495955A07EE6A0EFB9A \n\u003cDeny ID=\"ID_DENY_D_193\" FriendlyName=\"PowerShell 193\" Hash=\"5B5E7942233D7C8A325A429FC4F4AE281325E8F9\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_194\" FriendlyName=\"PowerShell 194\" Hash=\"40DA20086ED76A5EA5F62901D110216EE206E7EEB2F2BFF \n\u003cDeny ID=\"ID_DENY_D_195\" FriendlyName=\"PowerShell 195\" Hash=\"926DCACC6983F85A8ABBCB5EE13F3C756705A1D5\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_196\" FriendlyName=\"PowerShell 196\" Hash=\"A22761E2BF18F02BB630962E3C5E32738770AAEA77F8EDA \n\u003cDeny ID=\"ID_DENY_D_197\" FriendlyName=\"PowerShell 197\" Hash=\"6FE6723A355DEB4BC6B8637A634D1B43AFA64112\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_198\" FriendlyName=\"PowerShell 198\" Hash=\"9BCC55A97A275F7D81110877F1BB5B41F86A848EA02B4EE \n\u003cDeny ID=\"ID_DENY_D_199\" FriendlyName=\"PowerShell 199\" Hash=\"8D5599B34BED4A660DACC0922F6C2F112F264758\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_200\" FriendlyName=\"PowerShell 200\" Hash=\"F375014915E5E027F697B29201362B56F2D9E598247C96F \n\u003cDeny ID=\"ID_DENY_D_201\" FriendlyName=\"PowerShell 201\" Hash=\"CCFB247A3BCA9C64D82F647F3D30A3172E645F13\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_202\" FriendlyName=\"PowerShell 202\" Hash=\"5E52ABBC051368315F078D31F01B0C1B904C1DDB6D1C1E4 \n\u003cDeny ID=\"ID_DENY_D_203\" FriendlyName=\"PowerShell 203\" Hash=\"E8EB859531F426CC45A3CB9118F399C92054563E\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_204\" FriendlyName=\"PowerShell 204\" Hash=\"CD9E1D41F8D982F4AA6C610A2EFEAEBA5B0CDD883DF4A86 \n\u003cDeny ID=\"ID_DENY_D_205\" FriendlyName=\"PowerShell 205\" Hash=\"C92D4EAC917EE4842A437C54F96D87F003199DE8\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_206\" FriendlyName=\"PowerShell 206\" Hash=\"3A270242EB49E06405FD654FA4954B166297BBC886891C6 \n\u003cDeny ID=\"ID_DENY_D_207\" FriendlyName=\"PowerShell 207\" Hash=\"66681D9171981216B31996429695931DA2A638B9\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_208\" FriendlyName=\"PowerShell 208\" Hash=\"7A2DF7D56912CB4EB5B36D071496EDC97661086B0E4C9CC \n\u003cDeny ID=\"ID_DENY_D_209\" FriendlyName=\"PowerShell 209\" Hash=\"9DCA54C85E4C645CB296FE3055E90255B6506A95\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_210\" FriendlyName=\"PowerShell 210\" Hash=\"8C9C58AD12FE61CBF021634EC6A4B3094750FC002DA2244 \n\u003cDeny ID=\"ID_DENY_D_211\" FriendlyName=\"PowerShell 211\" Hash=\"3AF2587E8B62F88DC363D7F5308EE4C1A6147338\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_212\" FriendlyName=\"PowerShell 212\" Hash=\"D32D88F158FD341E32708CCADD48C426D227D0EC8465FF4 \n\u003cDeny ID=\"ID_DENY_D_213\" FriendlyName=\"PowerShell 213\" Hash=\"D3D453EBC368DF7CC2200474035E5898B58D93F1\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_214\" FriendlyName=\"PowerShell 214\" Hash=\"BBE569BCC282B3AF682C1528D4E3BC53C1A0C6B5905FA34 \n\u003cDeny ID=\"ID_DENY_D_215\" FriendlyName=\"PowerShell 215\" Hash=\"D147CE5C7E7037D1BE3C0AF67EDB6F528C77DB0A\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_216\" FriendlyName=\"PowerShell 216\" Hash=\"11F936112832738AD9B3A1C67537D5542DE8E86856CF2A5 \n\u003cDeny ID=\"ID_DENY_D_217\" FriendlyName=\"PowerShell 217\" Hash=\"7DBB41B87FAA887DE456C8E6A72E09D2839FA1E7\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_218\" FriendlyName=\"PowerShell 218\" Hash=\"3741F3D2F264E047339C95A66085599A49766DEF1C5BD0C \n\u003cDeny ID=\"ID_DENY_D_219\" FriendlyName=\"PowerShell 219\" Hash=\"5F3AECC89BAF094EAFA3C25E6B883EE68A6F00B0\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_220\" FriendlyName=\"PowerShell 220\" Hash=\"AA085BE6498D2E3F527F3D72A5D1C604508133F0CDC05AD \n\u003cDeny ID=\"ID_DENY_D_221\" FriendlyName=\"PowerShell 221\" Hash=\"DDE4D9A08514347CDE706C42920F43523FC74DEA\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_222\" FriendlyName=\"PowerShell 222\" Hash=\"81835C6294B96282A4D7D70383BBF797C2E4E7CEF99648F \n\u003cDeny ID=\"ID_DENY_D_223\" FriendlyName=\"PowerShell 223\" Hash=\"48092864C96C4BF9B68B5006EAEDAB8B57B3738C\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_224\" FriendlyName=\"PowerShell 224\" Hash=\"36EF3BED9A5D0D563BCB354BFDD2931F6256759D1D905BA \n\u003cDeny ID=\"ID_DENY_D_225\" FriendlyName=\"PowerShell 225\" Hash=\"7F6725BA8CCD2DAEEFD0C9590A5DF9D98642CCEA\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_226\" FriendlyName=\"PowerShell 226\" Hash=\"DB68DB3AE32A8A662AA6EE16CF459124D2701719D019B61 \n\u003cDeny ID=\"ID_DENY_D_227\" FriendlyName=\"PowerShell 227\" Hash=\"FF205856A3209227D571EAD4B8C1E611E7FF9924\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_228\" FriendlyName=\"PowerShell 228\" Hash=\"A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC9E121 \n\u003cDeny ID=\"ID_DENY_D_229\" FriendlyName=\"PowerShell 229\" Hash=\"479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_230\" FriendlyName=\"PowerShell 230\" Hash=\"2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5BCFCF \n\u003cDeny ID=\"ID_DENY_D_231\" FriendlyName=\"PowerShell 231\" Hash=\"C7D70B96440D215173F35412D56CF9329886D8D3\" /\u003e\n\u003cDeny ID=\"ID_DENY_D_232\" FriendlyName=\"PowerShell 232\" Hash=\"B00C54F1AA77D88335675EAF07ED834E68FD96DD7606914 \n\u003cDeny ID=\"ID_DENY_D_233\" FriendlyName=\"PowerShell 233\" Hash=\"2AB804E1FF982AE0EDB591BC61AA909CF32E99C5\" /\u003e\n  Page 10 of 34",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules"
	],
	"report_names": [
		"microsoft-recommended-block-rules"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434031,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ac5bcb2d4129bbcce7edb39197fddd7ca6ec9571.pdf",
		"text": "https://archive.orkl.eu/ac5bcb2d4129bbcce7edb39197fddd7ca6ec9571.txt",
		"img": "https://archive.orkl.eu/ac5bcb2d4129bbcce7edb39197fddd7ca6ec9571.jpg"
	}
}