Applications that can bypass App Control and how to block them
By jsuther1974
Archived: 2026-04-05 22:36:27 UTC
Members of the security community* continuously collaborate with Microsoft to help protect customers. With the
help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also
potentially use to bypass App Control.
Unless your use scenarios explicitly require them, Microsoft recommends that you block the following
applications. An attacker can use these applications or files to circumvent application allow policies, including
App Control:
addinprocess.exe
addinprocess32.exe
addinutil.exe
aspnet_compiler.exe
bash.exe
bginfo.exe1
cdb.exe
cscript.exe
csi.exe
dbghost.exe
dbgsvc.exe
dbgsrv.exe
dnx.exe
dotnet.exe
fsi.exe
fsiAnyCpu.exe
infdefaultinstall.exe
kd.exe
kill.exe
lxssmanager.dll
lxrun.exe
Microsoft.Build.dll
Microsoft.Workflow.Compiler.exe
msbuild.exe2
msbuild.dll
mshta.exe
ntkd.exe
ntsd.exe
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 1 of 34

powershellcustomhost.exe
rcsi.exe
runscripthelper.exe
texttransform.exe
visualuiaverifynative.exe
system.management.automation.dll
webclnt.dll/davsvc.dll3
wfc.exe
windbg.exe
wmic.exe
wscript.exe
wsl.exe
wslconfig.exe
wslhost.exe
1
 A vulnerability in bginfo.exe was fixed in version 4.22. If you use BGInfo, for security, make sure to download
and run the latest version of BGInfo. BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
2
 If you're using your reference system in a development context and use msbuild.exe to build managed
applications, we recommend that you allow msbuild.exe in your code integrity policies. Otherwise, we
recommend that you block msbuild.exe.
3
 If you block WebDAV DLLs, we recommend that you also disable the WebClient service using a group policy
or MDM policies.
*
 Microsoft recognizes the efforts of people in the security community who help us protect customers through
responsible vulnerability disclosure, and extends thanks to the following people:
Name Twitter
Alex Ionescu @aionescu
Brock Mammen
Casey Smith @subTee
James Forshaw @tiraniddo
Jimmy Bayne @bohops
Kim Oppalfens @thewmiguy
Lasse Trolle Borup Langkjaer Cyber Defence
Lee Christensen @tifkin_
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 2 of 34

Name Twitter
Matt Graeber @mattifestation
Matt Nelson @enigma0x3
Oddvar Moe @Oddvarmoe
Philip Tsukerman @PhilipTsukerman
Vladas Bulavas Kaspersky Lab
Will Dormann @wdormann
William Easton @Strawgate
Note
This application list will be updated with the latest vendor information as application vulnerabilities are resolved
and new issues are discovered.
Certain software applications may allow other code to run by design. Unless these applications are business
critical, you should block them in your App Control policy. In addition, when an application version is upgraded
to fix a security vulnerability or potential App Control bypass, add deny rules to your App Control policies for that
application's previous, less secure versions.
Microsoft recommends that you install the latest security updates. For example, updates help resolve several
issues in PowerShell modules that allowed an attacker to bypass App Control. These modules can be blocked by
their corresponding hashes.
As of October 2017, system.management.automation.dll is updated to revoke earlier versions by hash values,
instead of version rules.
If you wish to use this blocklist policy on Windows Server 2016, locate the deny rules for the following files, and
change the comment block to only include the rules for that OS version. Applying the RS5+ rules to Windows
Server 2016 may cause apps to malfunction:
msxml3.dll
msxml6.dll
jscript9.dll
The blocklist policy that follows includes "Allow all" rules for both kernel and user mode that make it safe to
deploy as a standalone App Control policy. On Windows versions 1903 and above, Microsoft recommends
converting this policy to multiple policy formats using the Set-CiPolicyIdInfo cmdlet with the -ResetPolicyId
switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To
instead add these rules to an existing Base policy, you can merge the policy that follows using the Merge-CIPolicy
cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two
"Allow all" rules and their corresponding FileRuleRefs from the blocklist policy.
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 3 of 34

App Control policy XML:
10.1.0.2{A244370E-44C9-4C06-B551-F6016E563076}{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}Enabled:Unsigned System Integrity Policy
Enabled:Audit Mode
Enabled:Advanced Boot Options Menu
Enabled:UMCI
Enabled:Dynamic Code Security

<Deny ID="ID_DENY_HVCISCAN_AMD_2" FriendlyName="HVCIScan.exe with missing resources AMD Hash Sha256" Hash="4
 <Deny ID="ID_DENY_HVCISCAN_AMD_3" FriendlyName="HVCIScan.exe with missing resources AMD Hash Page Sha1" Hash
 <Deny ID="ID_DENY_HVCISCAN_AMD_4" FriendlyName="HVCIScan.exe with missing resources AMD Hash Page Sha256" Ha
 <Deny ID="ID_DENY_HVCISCAN_ARM_1" FriendlyName="HVCIScan.exe with missing resources ARM Hash Sha1" Hash="A72
 <Deny ID="ID_DENY_HVCISCAN_ARM_2" FriendlyName="HVCIScan.exe with missing resources ARM Hash Sha256" Hash="A
 <Deny ID="ID_DENY_HVCISCAN_ARM_3" FriendlyName="HVCIScan.exe with missing resources ARM Hash Page Sha1" Hash
 <Deny ID="ID_DENY_HVCISCAN_ARM_4" FriendlyName="HVCIScan.exe with missing resources ARM Hash Page Sha256" Ha
 <Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumF
 <Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVe
 <Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersio
 <Deny ID="ID_DENY_KD_KMCI" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileV
 <Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="0.0.0.0" MaximumFile
 <Deny ID="ID_DENY_LXRUN" FriendlyName="lxrun.exe" FileName="lxrun.exe" MinimumFileVersion="0.0.0.0" MaximumF
 <Deny ID="ID_DENY_LXSS" FriendlyName="LxssManager.dll" FileName="LxssManager.dll" MinimumFileVersion="0.0.0.
 <Deny ID="ID_DENY_INTUNE_AGENT" FriendlyName="IntuneWindowsAgent.exe" FileName="Microsoft.Management.Service
 <Deny ID="ID_DENY_MFC40" FriendlyName="mfc40.dll" FileName="mfc40.dll" MinimumFileVersion="0.0.0.0" MaximumF
 <Deny ID="ID_DENY_MS_BUILD" FriendlyName="Microsoft.Build.dll" FileName="Microsoft.Build.dll" MinimumFileVer
 <Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler
 <Deny ID="ID_DENY_MSBUILD" FriendlyName="MSBuild.exe" FileName="MSBuild.exe" MinimumFileVersion="0.0.0.0" Ma
 <Deny ID="ID_DENY_MSBUILD_DLL" FriendlyName="MSBuild.dll" FileName="MSBuild.dll" MinimumFileVersion="0.0.0.0
 <Deny ID="ID_DENY_MSHTA" FriendlyName="mshta.exe" FileName="mshta.exe" MinimumFileVersion="0.0.0.0" MaximumF
 <Deny ID="ID_DENY_NTKD" FriendlyName="ntkd.exe" FileName="ntkd.Exe" MinimumFileVersion="0.0.0.0" MaximumFile
 <Deny ID="ID_DENY_NTSD" FriendlyName="ntsd.exe" FileName="ntsd.Exe" MinimumFileVersion="0.0.0.0" MaximumFile
 <Deny ID="ID_DENY_PWRSHLCUSTOMHOST" FriendlyName="powershellcustomhost.exe" FileName="powershellcustomhost.e
 <Deny ID="ID_DENY_RCSI" FriendlyName="rcsi.exe" FileName="rcsi.Exe" MinimumFileVersion="0.0.0.0" MaximumFile
 <Deny ID="ID_DENY_RUNSCRIPTHELPER" FriendlyName="runscripthelper.exe" FileName="runscripthelper.exe" Minimum
 <Deny ID="ID_DENY_TEXTTRANSFORM" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVe
 <Deny ID="ID_DENY_VISUALUIAVERIFY" FriendlyName="visualuiaverifynative.exe" FileName="visualuiaverifynative.
 <Deny ID="ID_DENY_WEBCLNT" FriendlyName="BlockWebDAV WebClnt" FileName="davsvc.dll" MinimumFileVersion="0.0.
 <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="0.0.0.0" MaximumFileVer
 <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="0.0.0.0" Maxim
 <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="0.0.0.0" MaximumFile
 <Deny ID="ID_DENY_WSCRIPT" FriendlyName="wscript.exe" FileName="wscript.exe" MinimumFileVersion="5.812.10240
 <Deny ID="ID_DENY_WSL" FriendlyName="wsl.exe" FileName="wsl.exe" MinimumFileVersion="0.0.0.0" MaximumFileVer
 <Deny ID="ID_DENY_WSLCONFIG" FriendlyName="wslconfig.exe" FileName="wslconfig.exe" MinimumFileVersion="0.0.0
 <Deny ID="ID_DENY_WSLHOST" FriendlyName="wslhost.exe" FileName="wslhost.exe" MinimumFileVersion="0.0.0.0" Ma
 <!-- pick the correct version of msxml3.dll, msxml6.dll, and jscript9.dll based on the release you are suppo
 <!-- the versions of these files in the 1903 release have this issue fixed, so they don't need to be blocked
 <!-- RS1 Windows 1607
 <Deny ID="ID_DENY_MSXML3" FriendlyName="msxml3.dll" FileName="msxml3.dll" MinimumFileVersion
 <Deny ID="ID_DENY_MSXML6" FriendlyName="msxml6.dll" FileName="msxml6.dll" MinimumFileVersion
 <Deny ID="ID_DENY_JSCRIPT9" FriendlyName="jscript9.dll" FileName="jscript9.dll" MinimumFileVersi
 -->
 <!-- RS5 Windows 1809 -->
 <Deny ID="ID_DENY_MSXML3" FriendlyName="msxml3.dll" FileName="msxml3.dll" MinimumFileVersion
 <Deny ID="ID_DENY_MSXML6" FriendlyName="msxml6.dll" FileName="msxml6.dll" MinimumFileVersion
 <Deny ID="ID_DENY_JSCRIPT9" FriendlyName="jscript9.dll" FileName="jscript9.dll" MinimumFileVersi
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 5 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 6 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 8 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 10 of 34

<Deny ID="ID_DENY_D_319" FriendlyName="PowerShellShell 319" Hash="F0B9D75B53A268C0AC30584738C3A5EC33420A2E"
 <Deny ID="ID_DENY_D_320" FriendlyName="PowerShellShell 320" Hash="365A7812DFC448B1FE9CEA83CF55BC62189C4E72BA
 <Deny ID="ID_DENY_D_321" FriendlyName="PowerShellShell 321" Hash="8ADCDD18EB178B6A43CF5E11EC73212C90B91988"
 <Deny ID="ID_DENY_D_322" FriendlyName="PowerShellShell 322" Hash="51BD119BE2FBEFEC560F618DBBBB8203A251F455B1
 <Deny ID="ID_DENY_D_323" FriendlyName="PowerShellShell 323" Hash="D2011097B6038D8507B26B7618FF07DA0FF01234"
 <Deny ID="ID_DENY_D_324" FriendlyName="PowerShellShell 324" Hash="BA3D20A577F355612E53428D573767C48A091AE965
 <Deny ID="ID_DENY_D_325" FriendlyName="PowerShellShell 325" Hash="57ABBC8E2FE88E04C57CDDD13D58C9CE03455D25"
 <Deny ID="ID_DENY_D_326" FriendlyName="PowerShellShell 326" Hash="0280C4714BC806BFC1863BE9E84D38F203942DD35C
 <Deny ID="ID_DENY_D_327" FriendlyName="PowerShellShell 327" Hash="DEB07053D6059B56109DFF885720D5721EB0F55C"
 <Deny ID="ID_DENY_D_328" FriendlyName="PowerShellShell 328" Hash="E374A14871C35DB57D6D67281C16F5F9EF77ABE248
 <Deny ID="ID_DENY_D_329" FriendlyName="PowerShellShell 329" Hash="AC33BA432B35A662E2D9D015D6283308FD046251"
 <Deny ID="ID_DENY_D_330" FriendlyName="PowerShellShell 330" Hash="93B22B0D5369327247DF491AABD3CE78421D0D68FE
 <Deny ID="ID_DENY_D_331" FriendlyName="PowerShellShell 331" Hash="05126413310F4A1BA2F7D2AD3305E2E3B6A1B00D"
 <Deny ID="ID_DENY_D_332" FriendlyName="PowerShellShell 332" Hash="108A73F4AE78786C9955ED71EFD916465A36175F8D
 <Deny ID="ID_DENY_D_333" FriendlyName="PowerShellShell 333" Hash="B976F316FB5EE6E5A325320E7EE5FBF487DA9CE5"
 <Deny ID="ID_DENY_D_334" FriendlyName="PowerShellShell 334" Hash="D54CCD405D3E904CAECA3A6F7BE1737A9ACE20F759
 <Deny ID="ID_DENY_D_335" FriendlyName="PowerShellShell 335" Hash="F3471DBF534995307AEA230D228BADFDCA9E4021"
 <Deny ID="ID_DENY_D_336" FriendlyName="PowerShellShell 336" Hash="2048F33CCD924D224154307C28DDC6AC1C35A1859F
 <Deny ID="ID_DENY_D_337" FriendlyName="PowerShellShell 337" Hash="1FAC9087885C2FEBD7F57CC9AACE8AF94294C8FB"
 <Deny ID="ID_DENY_D_338" FriendlyName="PowerShellShell 338" Hash="942E0D0BA5ECBF64A3B2D0EA1E08C793712A4C89BC
 <Deny ID="ID_DENY_D_339" FriendlyName="PowerShellShell 339" Hash="5B67EE19AA7E4B42E58127A63520D44A0679C6CE"
 <Deny ID="ID_DENY_D_340" FriendlyName="PowerShellShell 340" Hash="2B6A59053953737D345B97FA1AFB23C379809D1532
 <Deny ID="ID_DENY_D_341" FriendlyName="PowerShellShell 341" Hash="1ABC67650B169E7C437853922805706D488EEEA2"
 <Deny ID="ID_DENY_D_342" FriendlyName="PowerShellShell 342" Hash="754CA97A95464F1A1687C83AE3ECC6670B80A50503
 <Deny ID="ID_DENY_D_343" FriendlyName="PowerShellShell 343" Hash="0E280FF775F406836985ECA66BAA9BA17D12E38B"
 <Deny ID="ID_DENY_D_344" FriendlyName="PowerShellShell 344" Hash="19C9A6D1AE90AEA163E35930FAB1B57D3EC78CA5FE
 <Deny ID="ID_DENY_D_345" FriendlyName="PowerShellShell 345" Hash="4E6081C3BBB2809C417E2D03412E29FF7317DA54"
 <Deny ID="ID_DENY_D_346" FriendlyName="PowerShellShell 346" Hash="3AE4505A552EA04C7664C610E81172CA329981BF53
 <Deny ID="ID_DENY_D_347" FriendlyName="PowerShellShell 347" Hash="61BED1C7CD54B2F60923D26CD2F6E48C063AFED5"
 <Deny ID="ID_DENY_D_348" FriendlyName="PowerShellShell 348" Hash="9405CBE91B7519290F90577DCCF5796C514746DE63
 <Deny ID="ID_DENY_D_349" FriendlyName="PowerShellShell 349" Hash="63AA55C3B46EFAFC8625F8D5562AB504E4CBB78F"
 <Deny ID="ID_DENY_D_350" FriendlyName="PowerShellShell 350" Hash="FF54885D30A13008D60F6D0B96CE802209C89A2A7D
 <Deny ID="ID_DENY_D_351" FriendlyName="PowerShellShell 351" Hash="20845E4440DA2D9AB3559D4B6890691CACD0E93E"
 <Deny ID="ID_DENY_D_352" FriendlyName="PowerShellShell 352" Hash="3C9098C4BFD818CE8CFA130F6E6C90876B97D57ABB
 <Deny ID="ID_DENY_D_353" FriendlyName="PowerShellShell 353" Hash="4A473F14012EB9BF7DCEA80B86C2612A6D9D914E"
 <Deny ID="ID_DENY_D_354" FriendlyName="PowerShellShell 354" Hash="1C6914B58F70A9860F67311C32258CD9072A367BF3
 <Deny ID="ID_DENY_D_355" FriendlyName="PowerShellShell 355" Hash="641871FD5D9875DB75BFC58B7B53672D2C645F01"
 <Deny ID="ID_DENY_D_356" FriendlyName="PowerShellShell 356" Hash="C115A974DD2C56574E93A4800247A23B98B9495F6E
 <Deny ID="ID_DENY_D_357" FriendlyName="PowerShellShell 357" Hash="A21E254C18D3D53B832AD381FF58B36E6737FFB6"
 <Deny ID="ID_DENY_D_358" FriendlyName="PowerShellShell 358" Hash="D214AF2AD9204118EB670D08D80D4CB9FFD74A9787
 <Deny ID="ID_DENY_D_359" FriendlyName="PowerShellShell 359" Hash="102B072F29122BC3A89B924987A7BF1AC3C598DB"
 <Deny ID="ID_DENY_D_360" FriendlyName="PowerShellShell 360" Hash="DA444773FE7AD8309FA9A0ABCDD63B302E6FC91E75
 <Deny ID="ID_DENY_D_361" FriendlyName="PowerShellShell 361" Hash="EAD58EBB00001E678B9698A209308CC7406E1BCC"
 <Deny ID="ID_DENY_D_362" FriendlyName="PowerShellShell 362" Hash="34A5F48629F9FDAEBAB9468EF7F1683EFA856AAD32
 <Deny ID="ID_DENY_D_363" FriendlyName="PowerShellShell 363" Hash="727EDB00C15DC5D3C14368D88023FDD5A74C0B06"
 <Deny ID="ID_DENY_D_364" FriendlyName="PowerShellShell 364" Hash="5720BEE5CBE7D724B67E07C53E22FB869F8F9B1EB9
 <Deny ID="ID_DENY_D_365" FriendlyName="PowerShellShell 365" Hash="A43137EC82721A81C3E05DC5DE74F0549DE6A130"
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 12 of 34

<Deny ID="ID_DENY_D_366" FriendlyName="PowerShellShell 366" Hash="1731118D97F278C18E2C6922A016DA7C55970C6C4C
 <Deny ID="ID_DENY_D_367" FriendlyName="PowerShellShell 367" Hash="17EC94CB9BF98E605F9352987CA33DCE8F5733CD"
 <Deny ID="ID_DENY_D_368" FriendlyName="PowerShellShell 368" Hash="AFE0CC143108BBDBE60771B6894406785C471BA573
 <Deny ID="ID_DENY_D_369" FriendlyName="PowerShellShell 369" Hash="F6E9C098737F0905E53B92D4AD49C199EC76D24B"
 <Deny ID="ID_DENY_D_370" FriendlyName="PowerShellShell 370" Hash="50A57BFCD20380DDEFD2A717D7937D49380D4D5931
 <Deny ID="ID_DENY_D_371" FriendlyName="PowerShellShell 371" Hash="2118ACC512464EE95946F064560C15C58341B80C"
 <Deny ID="ID_DENY_D_372" FriendlyName="PowerShellShell 372" Hash="005990EE785C1CA7EAEC82DA29F5B363049DC117A1
 <Deny ID="ID_DENY_D_373" FriendlyName="PowerShellShell 373" Hash="54FAE3A389FDD2F5C21293D2317E87766AF0473D"
 <Deny ID="ID_DENY_D_374" FriendlyName="PowerShellShell 374" Hash="70F4E503D7484DF5B5F73D9A753E585BFADB8B8EBA
 <Deny ID="ID_DENY_D_375" FriendlyName="PowerShellShell 375" Hash="B4831AF4B25527EF0C172DAA5E4CA26DE105D30B"
 <Deny ID="ID_DENY_D_376" FriendlyName="PowerShellShell 376" Hash="D410A37042A2DC53AD1801EBB2EF507B4AE4758705
 <Deny ID="ID_DENY_D_377" FriendlyName="PowerShellShell 377" Hash="85BBC0CDC34BD5A56113B0DCB6795BCEBADE63FA"
 <Deny ID="ID_DENY_D_378" FriendlyName="PowerShellShell 378" Hash="C6F8E3A3F2C513CEDD2F21D486BF0116BAF2E2EE4D
 <Deny ID="ID_DENY_D_379" FriendlyName="PowerShellShell 379" Hash="46105ACE7ABEC3A6E6226183F2F7F8E90E3639A5"
 <Deny ID="ID_DENY_D_380" FriendlyName="PowerShellShell 380" Hash="F60BE088F226CA1E2308099C3B1C2A54DB4C41D2BE
 <Deny ID="ID_DENY_D_381" FriendlyName="PowerShellShell 381" Hash="C9478352ACE4BE6D6B70BBE710C2E2128FEFC7FE"
 <Deny ID="ID_DENY_D_382" FriendlyName="PowerShellShell 382" Hash="F4A81E7D4BD3B8762FAED760047877E06E40EC991D
 <Deny ID="ID_DENY_D_383" FriendlyName="PowerShellShell 383" Hash="9E56E910919FF65BCCF5D60A8F9D3EBE27EF1381"
 <Deny ID="ID_DENY_D_384" FriendlyName="PowerShellShell 384" Hash="34887B225444A18158B632CAEA4FEF6E7D691FEA3E
 <Deny ID="ID_DENY_D_385" FriendlyName="PowerShellShell 385" Hash="1FD04D4BD5F9E41FA8278F3F9B05FE8702ADB4C8"
 <Deny ID="ID_DENY_D_386" FriendlyName="PowerShellShell 386" Hash="6586176AEBE8307829A1E03D878EF6F500E8C5032E
 <Deny ID="ID_DENY_D_387" FriendlyName="PowerShellShell 387" Hash="DEBC3DE2AD99FC5E885A358A6994E6BD39DABCB0"
 <Deny ID="ID_DENY_D_388" FriendlyName="PowerShellShell 388" Hash="FDF54A4A3089062FFFA4A41FEBF38F0ABC9D502B57
 <Deny ID="ID_DENY_D_389" FriendlyName="PowerShellShell 389" Hash="6AA06D07D9DE8FE7E13B66EDFA07232B56F7E21D"
 <Deny ID="ID_DENY_D_390" FriendlyName="PowerShellShell 390" Hash="DD3E74CFB8ED64FA5BE9136C305584CD2E529D92B3
 <Deny ID="ID_DENY_D_391" FriendlyName="PowerShellShell 391" Hash="5C858042246FDDDB281C1BFD2FEFC9BAABC3F7AD"
 <Deny ID="ID_DENY_D_392" FriendlyName="PowerShellShell 392" Hash="20E65B1BE06A99507412FC0E75D158EE1D9D43AE5F
 <Deny ID="ID_DENY_D_393" FriendlyName="PowerShellShell 393" Hash="2ABCD0525D31D4BB2D0131364FBE1D94A02A3E2A"
 <Deny ID="ID_DENY_D_394" FriendlyName="PowerShellShell 394" Hash="806EC87F1EFA428627989318C882CD695F55F60A1E
 <Deny ID="ID_DENY_D_395" FriendlyName="PowerShellShell 395" Hash="E2967D755D0F79FA8EA7A8585106926CA87F89CB"
 <Deny ID="ID_DENY_D_396" FriendlyName="PowerShellShell 396" Hash="07382BE9D8ACBAFDA953C842BAAE600A82A69183D6
 <Deny ID="ID_DENY_D_397" FriendlyName="PowerShellShell 397" Hash="75EF6F0B78098FB1766DCC853E004476033499CF"
 <Deny ID="ID_DENY_D_398" FriendlyName="PowerShellShell 398" Hash="699A9D17E1247F05767E82BFAFBD96DBE07AE521E2
 <Deny ID="ID_DENY_D_399" FriendlyName="PowerShellShell 399" Hash="E73178C487AF6B9F182B2CCA25774127B0303093"
 <Deny ID="ID_DENY_D_400" FriendlyName="PowerShellShell 400" Hash="0BD1FE62BE97032ADDAAB41B445D00103302D3CE8A
 <Deny ID="ID_DENY_D_401" FriendlyName="PowerShellShell 401" Hash="EBF20FEECA95F83B9F5C22B97EB44DD7EB2C7B5F"
 <Deny ID="ID_DENY_D_402" FriendlyName="PowerShellShell 402" Hash="B5AE0EAA5AF4245AD9B37C8C1FC5220081B92A1395
 <Deny ID="ID_DENY_D_403" FriendlyName="PowerShellShell 403" Hash="5E53A4235DC549D0195A9DDF607288CEDE7BF115"
 <Deny ID="ID_DENY_D_404" FriendlyName="PowerShellShell 404" Hash="FE57195757977E4485BF5E5D72A24EA65E33F8EAA7
 <Deny ID="ID_DENY_D_405" FriendlyName="PowerShellShell 405" Hash="014BC30E1FC12F270824F01DC7C934497A573124"
 <Deny ID="ID_DENY_D_406" FriendlyName="PowerShellShell 406" Hash="65B3B357C356DAE26E5B036820C193989C0F9E8E08
 <Deny ID="ID_DENY_D_407" FriendlyName="PowerShellShell 407" Hash="128D7D03E4B85DBF95427D72EFF833DAB5E92C33"
 <Deny ID="ID_DENY_D_408" FriendlyName="PowerShellShell 408" Hash="EACFC615FDE29BD858088AF42E0917E4B4CA5991EF
 <Deny ID="ID_DENY_D_409" FriendlyName="PowerShellShell 409" Hash="C7D70B96440D215173F35412D56CF9329886D8D3"
 <Deny ID="ID_DENY_D_410" FriendlyName="PowerShellShell 410" Hash="B00C54F1AA77D88335675EAF07ED834E68FD96DD76
 <Deny ID="ID_DENY_D_411" FriendlyName="PowerShellShell 411" Hash="8287B536E8E63F024DE1248D0FE3E6A759E9ACEE"
 <Deny ID="ID_DENY_D_412" FriendlyName="PowerShellShell 412" Hash="B714D4A700A56BC1D4B3F59DFC1F5835CB97CBEF39
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 13 of 34

<Deny ID="ID_DENY_D_413" FriendlyName="PowerShellShell 413" Hash="6BC1E70F0EA84E88AC28BEAF74C10F3ABDF99209"
 <Deny ID="ID_DENY_D_414" FriendlyName="PowerShellShell 414" Hash="93CB3907D1A9473E8A90593250C4A95EAE3A7066E9
 <Deny ID="ID_DENY_D_415" FriendlyName="PowerShellShell 415" Hash="AC9F095DD4AE80B124F55541761AA1F35E49A575"
 <Deny ID="ID_DENY_D_416" FriendlyName="PowerShellShell 416" Hash="0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABC
 <Deny ID="ID_DENY_D_417" FriendlyName="PowerShellShell 417" Hash="3C7265C3393C585D32E509B2D2EC048C73AC5EE6"
 <Deny ID="ID_DENY_D_418" FriendlyName="PowerShellShell 418" Hash="7F1E03E956CA38CC0C491CB958D6E61A52491269CD
 <Deny ID="ID_DENY_D_419" FriendlyName="PowerShellShell 419" Hash="89CEAB6518DA4E7F75B3C75BC04A112D3637B737"
 <Deny ID="ID_DENY_D_420" FriendlyName="PowerShellShell 420" Hash="6581E491FBFF954A1A4B9CEA69B63951D67EB56DF8
 <Deny ID="ID_DENY_D_421" FriendlyName="PowerShellShell 421" Hash="4BFB3F95CA1B79DA3C6B0A2ECB432059E686F967"
 <Deny ID="ID_DENY_D_422" FriendlyName="PowerShellShell 422" Hash="0C4688AACD02829850DE0F792AC06D3C87895412A9
 <Deny ID="ID_DENY_D_423" FriendlyName="PowerShellShell 423" Hash="BDBE541D269EC8235563842D024F9E37883DFB57"
 <Deny ID="ID_DENY_D_424" FriendlyName="PowerShellShell 424" Hash="441076C7FD0AD481E6AC3198F08BE80EA9EB2926CA
 <Deny ID="ID_DENY_D_425" FriendlyName="PowerShellShell 425" Hash="BDB3DAC80667A0B931835D5D658C08F236B413D1"
 <Deny ID="ID_DENY_D_426" FriendlyName="PowerShellShell 426" Hash="51287BACB692AAC5A8659774D982B304DC0C0B4A4D
 <Deny ID="ID_DENY_D_427" FriendlyName="PowerShellShell 427" Hash="EA157E01147629D1F59503D8335FB6EBC688B2C1"
 <Deny ID="ID_DENY_D_428" FriendlyName="PowerShellShell 428" Hash="14C160DF95736EC1D7C6C55B9D0F81832E8FE0DB6C
 <Deny ID="ID_DENY_D_429" FriendlyName="PowerShellShell 429" Hash="272EF88BBA9B4B54D242FFE1E96D07DBF53497A0"
 <Deny ID="ID_DENY_D_430" FriendlyName="PowerShellShell 430" Hash="AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3E
 <Deny ID="ID_DENY_D_431" FriendlyName="PowerShellShell 431" Hash="029198F05598109037A0E9E332EC052317E834DA"
 <Deny ID="ID_DENY_D_432" FriendlyName="PowerShellShell 432" Hash="70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74
 <Deny ID="ID_DENY_D_433" FriendlyName="PowerShellShell 433" Hash="5B8E45EECA32C2F0968C2252229D768B0DB796A0"
 <Deny ID="ID_DENY_D_434" FriendlyName="PowerShellShell 434" Hash="B4D336B32C27E3D3FEBE4B06252DDE9683814E7E90
 <Deny ID="ID_DENY_D_435" FriendlyName="PowerShellShell 435" Hash="6792915D3C837A39BD04AD169488009BB1EA372C"
 <Deny ID="ID_DENY_D_436" FriendlyName="PowerShellShell 436" Hash="23B10EC5FC7EAEB9F8D147163463299328FAED4B97
 <Deny ID="ID_DENY_D_437" FriendlyName="PowerShellShell 437" Hash="EC41A3FB8D6E3B0F55F6583C14C45B6238753019"
 <Deny ID="ID_DENY_D_438" FriendlyName="PowerShellShell 438" Hash="76CA6B396796351685198D6189E865AFD7FB9E6C5C
 <Deny ID="ID_DENY_D_439" FriendlyName="PowerShellShell 439" Hash="A15964475D213FB752B42E7DCDDBF4B14D623D14"
 <Deny ID="ID_DENY_D_440" FriendlyName="PowerShellShell 440" Hash="61A68B436D828193E0C7B44D2AF83D22A9CB557B90
 <Deny ID="ID_DENY_D_441" FriendlyName="PowerShellShell 441" Hash="24F9CF6C5E9671A295AD0DEED74737FB6E9146DE"
 <Deny ID="ID_DENY_D_442" FriendlyName="PowerShellShell 442" Hash="C2E862CC578F54A53496EEE2DCB534A106AFD55C72
 <Deny ID="ID_DENY_D_443" FriendlyName="PowerShellShell 443" Hash="F87C726CCB5E64C6F363C21255935D5FEA9E4A0E"
 <Deny ID="ID_DENY_D_444" FriendlyName="PowerShellShell 444" Hash="B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E
 <Deny ID="ID_DENY_D_445" FriendlyName="PowerShellShell 445" Hash="4EB2C3A4B551FC028E00F2E7DA9D0F1E38728571"
 <Deny ID="ID_DENY_D_446" FriendlyName="PowerShellShell 446" Hash="30EAC589069FB79D540080B04B7FDBB8A9B1DF4E96
 <Deny ID="ID_DENY_D_447" FriendlyName="PowerShellShell 447" Hash="2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8"
 <Deny ID="ID_DENY_D_448" FriendlyName="PowerShellShell 448" Hash="015CE571E8503A353E2250D4D0DA19493B3311F343
 <Deny ID="ID_DENY_D_449" FriendlyName="PowerShellShell 449" Hash="993425279D204D1D14C3EB989DEB4805ADC558CF"
 <Deny ID="ID_DENY_D_450" FriendlyName="PowerShellShell 450" Hash="BDADDD710E47EB8D24B78E542F3996B0EA2CA577AB
 <Deny ID="ID_DENY_D_451" FriendlyName="PowerShellShell 451" Hash="1A16008D330330182AA555B1D3E9BE0B2D6BECBF"
 <Deny ID="ID_DENY_D_452" FriendlyName="PowerShellShell 452" Hash="D7685E259D0328937487856A3AB68B6D9D420DD4E0
 <Deny ID="ID_DENY_D_453" FriendlyName="PowerShellShell 453" Hash="2CB781B3BD79FD277D92332ACA22C04430F9D692"
 <Deny ID="ID_DENY_D_454" FriendlyName="PowerShellShell 454" Hash="92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA69
 <Deny ID="ID_DENY_D_455" FriendlyName="PowerShellShell 455" Hash="BA4B3A92123FBCE66398020AFBCC0BCA1D1AAAD7"
 <Deny ID="ID_DENY_D_456" FriendlyName="PowerShellShell 456" Hash="D8D361E3690676C7FDC483003BFC5C0C39FB16B42D
 <Deny ID="ID_DENY_D_457" FriendlyName="PowerShellShell 457" Hash="D5A9460A941FB5B49EAFDD57575CFB23F27779D3"
 <Deny ID="ID_DENY_D_458" FriendlyName="PowerShellShell 458" Hash="4BDAAC1654328E4D37B6ED89DA351155438E558F51
 <Deny ID="ID_DENY_D_459" FriendlyName="PowerShellShell 459" Hash="3E5294910C59394DA93962128968E6C23016A028"
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 14 of 34

<Deny ID="ID_DENY_D_460" FriendlyName="PowerShellShell 460" Hash="DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA4
 <Deny ID="ID_DENY_D_461" FriendlyName="PowerShellShell 461" Hash="C30355B5E6FA3F793A3CC0A649945829723DD85C"
 <Deny ID="ID_DENY_D_462" FriendlyName="PowerShellShell 462" Hash="4EB14099165177F0F3A1FACE32E72CF2DD221DB441
 <Deny ID="ID_DENY_D_463" FriendlyName="PowerShellShell 463" Hash="C647D17850941CFB5B9C8AF49A48569B52230274"
 <Deny ID="ID_DENY_D_464" FriendlyName="PowerShellShell 464" Hash="0BCBDE8791E3D6D7A7C8FC6F25E14383014E6B43D9
 <Deny ID="ID_DENY_D_465" FriendlyName="PowerShellShell 465" Hash="CA6E0BAB6B28E1592D0FC5940023C7A81E2568F8"
 <Deny ID="ID_DENY_D_466" FriendlyName="PowerShellShell 466" Hash="366E00E2F517D4D404133AEFEF6F917DFA156E3E46
 <Deny ID="ID_DENY_D_467" FriendlyName="PowerShellShell 467" Hash="7D9FFFA86DDCD227A3B4863D995456308BAC2403"
 <Deny ID="ID_DENY_D_468" FriendlyName="PowerShellShell 468" Hash="4439BBF61DC012AFC8190199AF5722C3AE26F365DE
 <Deny ID="ID_DENY_D_469" FriendlyName="PowerShellShell 469" Hash="8FFDD4576F2B6D4999326CFAF67727BFB471FA21"
 <Deny ID="ID_DENY_D_470" FriendlyName="PowerShellShell 470" Hash="94630AB6F60A7193A6E27E312AF9B71DA265D42AD4
 <Deny ID="ID_DENY_D_471" FriendlyName="PowerShellShell 471" Hash="78B8454F78E216B629E43B4E40765F73BFE0D6C6"
 <Deny ID="ID_DENY_D_472" FriendlyName="PowerShellShell 472" Hash="498BB1688410EE243D61FB5C7B37457FA6C0A9A32D
 <Deny ID="ID_DENY_D_473" FriendlyName="PowerShellShell 473" Hash="B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5"
 <Deny ID="ID_DENY_D_474" FriendlyName="PowerShellShell 474" Hash="095B79953F9E3E2FB721693FBFAD5841112D592B6C
 <Deny ID="ID_DENY_D_475" FriendlyName="PowerShellShell 475" Hash="8AF579DE1D7E590A13BD1DAE5BFDB39476068A05"
 <Deny ID="ID_DENY_D_476" FriendlyName="PowerShellShell 476" Hash="9917A3055D194F47AB295FA3F917E4BD2F08DDF45C
 <Deny ID="ID_DENY_D_477" FriendlyName="PowerShellShell 477" Hash="DD64046BAB221CF4110FF230FA5060310A4D9610"
 <Deny ID="ID_DENY_D_478" FriendlyName="PowerShellShell 478" Hash="A55AF37229D7E249C8CAFED3432E595AA77FAF8B62
 <Deny ID="ID_DENY_D_479" FriendlyName="PowerShellShell 479" Hash="421D1142105358B8360454E43FD15767DA111DBA"
 <Deny ID="ID_DENY_D_480" FriendlyName="PowerShellShell 480" Hash="692CABD40C1EDFCB6DC50591F31FAE30848E579D6E
 <Deny ID="ID_DENY_D_481" FriendlyName="PowerShellShell 481" Hash="720D826A84284E18E0003526A0CD9B7FF0C4A98A"
 <Deny ID="ID_DENY_D_482" FriendlyName="PowerShellShell 482" Hash="CB5DF9D0D25571948C3D257882E07C7FA5E768448E
 <Deny ID="ID_DENY_D_483" FriendlyName="PowerShellShell 483" Hash="2F587293F16DFCD06F3BF8B8348FF68827ECD307"
 <Deny ID="ID_DENY_D_484" FriendlyName="PowerShellShell 484" Hash="B2F4A5FE21D5961F464CAB3E88C0ED88154B0C1A42
 <Deny ID="ID_DENY_D_485" FriendlyName="PowerShellShell 485" Hash="6DC048AFA50B5B1B0AD7DD3125AC83D46FED730A"
 <Deny ID="ID_DENY_D_486" FriendlyName="PowerShellShell 486" Hash="432F666CCE8CD222484E263AE02F63E0038143DD6A
 <Deny ID="ID_DENY_D_487" FriendlyName="PowerShellShell 487" Hash="CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F"
 <Deny ID="ID_DENY_D_488" FriendlyName="PowerShellShell 488" Hash="FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440A
 <Deny ID="ID_DENY_D_489" FriendlyName="PowerShellShell 489" Hash="4F5D66B449C4D2FDEA532F9B5DBECA5ACA8195EF"
 <Deny ID="ID_DENY_D_490" FriendlyName="PowerShellShell 490" Hash="39F2F19A5C6708CE8CE4E1ABBEBA8D3D1A6220391C
 <Deny ID="ID_DENY_D_491" FriendlyName="PowerShellShell 491" Hash="A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE"
 <Deny ID="ID_DENY_D_492" FriendlyName="PowerShellShell 492" Hash="3246A0CB329B030DA104E04B1A0728DE83724B08C7
 <Deny ID="ID_DENY_D_493" FriendlyName="PowerShellShell 493" Hash="E180486F0CC90AF4FB8283ADCF571884894513C8"
 <Deny ID="ID_DENY_D_494" FriendlyName="PowerShellShell 494" Hash="3800E38275E6BB3B4645CDAD14CD756239BB9A87EF
 <Deny ID="ID_DENY_D_495" FriendlyName="PowerShellShell 495" Hash="AC53AE4C8AB56D84393D67D820BEBDC3218739D3"
 <Deny ID="ID_DENY_D_496" FriendlyName="PowerShellShell 496" Hash="49580C9459C3917E6F982C8E0D753D293DFA2E4FD1
 <Deny ID="ID_DENY_D_497" FriendlyName="PowerShellShell 497" Hash="00419E981EDC8613E600C939677F7B460855BF7E"
 <Deny ID="ID_DENY_D_498" FriendlyName="PowerShellShell 498" Hash="61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE
 <Deny ID="ID_DENY_D_499" FriendlyName="PowerShellShell 499" Hash="25F52340199A0EA352C8B1A7014BCB610B232523"
 <Deny ID="ID_DENY_D_500" FriendlyName="PowerShellShell 500" Hash="64D6D1F3A053908C5635BD6BDA36BC8E72D518C7EC
 <Deny ID="ID_DENY_D_501" FriendlyName="PowerShellShell 501" Hash="F4DB0CDF3A3FD163A9B90789CC6D14D326AD609C"
 <Deny ID="ID_DENY_D_502" FriendlyName="PowerShellShell 502" Hash="5D249D8366077713024552CA8D08F164E975AFF89E
 <Deny ID="ID_DENY_D_503" FriendlyName="PowerShellShell 503" Hash="231A02EAB7EB192638BC89AB61A5077346FF22B9"
 <Deny ID="ID_DENY_D_504" FriendlyName="PowerShellShell 504" Hash="4D544170DE5D9916678EA43A7C6F796FC02EFA9197
 <Deny ID="ID_DENY_D_505" FriendlyName="PowerShellShell 505" Hash="A9745E20419EC1C90B23FE965D3C2DF028AF39DC"
 <Deny ID="ID_DENY_D_506" FriendlyName="PowerShellShell 506" Hash="71B5B58EAA0C90397BC9546BCCA8C657500499CD20
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 15 of 34

<Deny ID="ID_DENY_D_507" FriendlyName="PowerShellShell 507" Hash="15EF1F7DBC474732E122A0147640ACBD9DA1775C"
 <Deny ID="ID_DENY_D_508" FriendlyName="PowerShellShell 508" Hash="04724BF232D5F169FBB0DB6821E35D772619FB4F24
 <Deny ID="ID_DENY_D_509" FriendlyName="PowerShellShell 509" Hash="7959AB2B34A5F490AD54782D135BF155592DF13F"
 <Deny ID="ID_DENY_D_510" FriendlyName="PowerShellShell 510" Hash="DD03CD6B5655B4EB9DD259F26E1585389804C23DB3
 <Deny ID="ID_DENY_D_511" FriendlyName="PowerShellShell 511" Hash="CCA8C8FB699496BD50AE296B20CC9ADC3496DECE"
 <Deny ID="ID_DENY_D_512" FriendlyName="PowerShellShell 512" Hash="75E6C2DD81FE2664DF466C9C2EB0F923B0C6D992FF
 <Deny ID="ID_DENY_D_513" FriendlyName="PowerShellShell 513" Hash="080DEC3B15AD5AFE9BF3B0943A36285E92BAF469"
 <Deny ID="ID_DENY_D_514" FriendlyName="PowerShellShell 514" Hash="F1391E78F17EA6097906B99C6F4F0AE8DD2E519856
 <Deny ID="ID_DENY_D_515" FriendlyName="PowerShellShell 515" Hash="B3B7A653DD1A10EE9A3D35C818D227E2E3C3B5FB"
 <Deny ID="ID_DENY_D_516" FriendlyName="PowerShellShell 516" Hash="43E2D91C0C6A8473BE178F1793E5E34966D700F713
 <Deny ID="ID_DENY_D_517" FriendlyName="PowerShellShell 517" Hash="D82583F7D5EA477C94630AC5AAEB771C85BD4B0A"
 <Deny ID="ID_DENY_D_518" FriendlyName="PowerShellShell 518" Hash="9B0F39AB233628A971ACEC53029C9B608CAB99868F
 <Deny ID="ID_DENY_D_519" FriendlyName="PowerShellShell 519" Hash="AAE22FD137E8B7217222974DCE60B9AD4AF2A512"
 <Deny ID="ID_DENY_D_520" FriendlyName="PowerShellShell 520" Hash="DAC9E963A3897D7F7AB2B4FEBBD4894A1544124663
 <Deny ID="ID_DENY_D_521" FriendlyName="PowerShellShell 521" Hash="8DAB1D74CAEDBAA8D17805CF00D64A44F5831C12"
 <Deny ID="ID_DENY_D_522" FriendlyName="PowerShellShell 522" Hash="AC1CE3AA9023E23F2F63D5A3536294B91468605733
 <Deny ID="ID_DENY_D_523" FriendlyName="PowerShellShell 523" Hash="266896FD257AD8EE9FC73B3A50306A573714EA8A"
 <Deny ID="ID_DENY_D_524" FriendlyName="PowerShellShell 524" Hash="8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7
 <Deny ID="ID_DENY_D_525" FriendlyName="PowerShellShell 525" Hash="2AB804E1FF982AE0EDB591BC61AA909CF32E99C5"
 <Deny ID="ID_DENY_D_526" FriendlyName="PowerShellShell 526" Hash="253120422B0DD987C293CAF5928FA820414C0A0162
 <Deny ID="ID_DENY_D_527" FriendlyName="PowerShellShell 527" Hash="25CA971D7EDFAA7A48FA19B8399301853809D7CC"
 <Deny ID="ID_DENY_D_528" FriendlyName="PowerShellShell 528" Hash="0A10C71CB5CC8A801F84F2CCD8041D13DB55711435
 <Deny ID="ID_DENY_D_529" FriendlyName="PowerShellShell 529" Hash="46E05FD4D62451C1DCB0287B32B3D77AD41544EA"
 <Deny ID="ID_DENY_D_530" FriendlyName="PowerShellShell 530" Hash="D86F930445F0715D0D7E4C3B089399280FBA2ACE0E
 <Deny ID="ID_DENY_D_531" FriendlyName="PowerShellShell 531" Hash="479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA"
 <Deny ID="ID_DENY_D_532" FriendlyName="PowerShellShell 532" Hash="2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5
 <Deny ID="ID_DENY_D_533" FriendlyName="PowerShellShell 533" Hash="FF205856A3209227D571EAD4B8C1E611E7FF9924"
 <Deny ID="ID_DENY_D_534" FriendlyName="PowerShellShell 534" Hash="A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC
 <Deny ID="ID_DENY_D_535" FriendlyName="PowerShellShell 535" Hash="7FCB424E67DDAC49413B45D7DCD636AD70E23B41"
 <Deny ID="ID_DENY_D_536" FriendlyName="PowerShellShell 536" Hash="7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE
 <Deny ID="ID_DENY_D_537" FriendlyName="PowerShellShell 537" Hash="46936F4F0AFE4C87D2E55595F74DDDFFC9AD94EE"
 <Deny ID="ID_DENY_D_538" FriendlyName="PowerShellShell 538" Hash="9843DC862BC7491A279A09EFD8FF122EB23C57CA"
 <Deny ID="ID_DENY_D_539" FriendlyName="PowerShellShell 539" Hash="11F11FB1E57F299383A615D6A28436E02A1C1A83"
 <Deny ID="ID_DENY_D_540" FriendlyName="PowerShellShell 540" Hash="C593ABE79DFFB1504CFCDB1A6AD65D24996E7B97"
 <Deny ID="ID_DENY_D_541" FriendlyName="PowerShellShell 541" Hash="93E22F2BA6C8B1C09F100F9C0E3B06FAF2D1DDB6"
 <Deny ID="ID_DENY_D_542" FriendlyName="PowerShellShell 542" Hash="5A8D9712CF7893C335FFB7414748625D524227FE"
 <Deny ID="ID_DENY_D_543" FriendlyName="PowerShellShell 543" Hash="B5FFFEE20F25691A59F3894644AEF088B4845761"
 <Deny ID="ID_DENY_D_544" FriendlyName="PowerShellShell 544" Hash="3334059FF4484C43A5D08CEC3E43E2D27EDB927B"
 <Deny ID="ID_DENY_D_545" FriendlyName="PowerShellShell 545" Hash="00B6993F59990C3DFEA33584BDB050F91313B17A"
 <Deny ID="ID_DENY_D_546" FriendlyName="PowerShellShell 546" Hash="7518F60A0B33011D19873908559961F96A9B4FC0"
 <Deny ID="ID_DENY_D_547" FriendlyName="PowerShellShell 547" Hash="A1D1AF7675C2596D0DF977F57B54372298A56EE0F3
 <Deny ID="ID_DENY_D_548" FriendlyName="PowerShellShell 548" Hash="3C1743CBC43B80F5AF5B17239B03A8727B4BE81F14
 <Deny ID="ID_DENY_D_549" FriendlyName="PowerShellShell 549" Hash="C7DC8B00F0BDA000D1F3CF0FBC7AB32D443C377C01
 <Deny ID="ID_DENY_D_550" FriendlyName="PowerShellShell 550" Hash="ED5A4747C8AEEB1AC2F4FDB8EB0B9BFC240F2B3C00
 <Deny ID="ID_DENY_D_551" FriendlyName="PowerShellShell 551" Hash="939C291D4A2592209EC7664EC832670FA0AC1009F9
 <Deny ID="ID_DENY_D_552" FriendlyName="PowerShellShell 552" Hash="497A2D4207B2AE6EF09424591624A86A64A2C8E451
 <Deny ID="ID_DENY_D_553" FriendlyName="PowerShellShell 553" Hash="732BC385B191C8436B42CD1441DC234FFDD5EC1BD1
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 16 of 34

<Deny ID="ID_DENY_D_554" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B33
 <Deny ID="ID_DENY_D_555" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E961307
 <Deny ID="ID_DENY_D_556" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154E
 <Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 557" Hash="45F948AF27F4E698A8546027717901B5F70368EE"
 <Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 558" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE8285
 <Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 559" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"
 <Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 560" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6
 <Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 561" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"
 <Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 562" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A2
 <Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 563" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"
 <Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 564" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEB
 <Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 565" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"
 <Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 566" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D
 <Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 567" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"
 <Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 568" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E88644
 <Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 569" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"
 <Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 570" Hash="B660F6CA0788DA18375602537095C378990E8229B1
 <Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 571" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"
 <Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 572" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB
 <Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 573" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"
 <Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 574" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821
 <Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 575" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"
 <Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 576" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100
 <Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 577" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"
 <Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 578" Hash="E430485B577774825CEF53E5125B618A2608F7BE36
 <Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 579" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"
 <Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 580" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443B
 <Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 581" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"
 <Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 582" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38
 <Deny ID="ID_DENY_D_585" FriendlyName="PowerShellShell 585" Hash="DBB5A6F5388C574A3B5B63E65F7810AB271E9A77"
 <Deny ID="ID_DENY_D_586" FriendlyName="PowerShellShell 586" Hash="6DB24D174CCF06C9138B5A9320AE4261CA0CF30535
 <Deny ID="ID_DENY_D_587" FriendlyName="PowerShellShell 587" Hash="757626CF5D444F5A4AF79EDE38E9EF65FA2C9802"
 <Deny ID="ID_DENY_D_588" FriendlyName="PowerShellShell 588" Hash="1E17D036EBB5E82BF2FD5BDC3ABAB08B5EA9E4504D
 <Deny ID="ID_DENY_D_589" FriendlyName="PowerShellShell 589" Hash="2965DC840B8F5F7ED2AEC979F21EADA664E3CB70"
 <Deny ID="ID_DENY_D_590" FriendlyName="PowerShellShell 590" Hash="5449560095D020687C268BD34D9425E7A2739E1B9B
 <Deny ID="ID_DENY_D_591" FriendlyName="PowerShellShell 591" Hash="BB47C1251866F87723A7EDEC9A01D3B955BAB846"
 <Deny ID="ID_DENY_D_592" FriendlyName="PowerShellShell 592" Hash="B05F3BE23DE6AE2557D6661C6FE35E114E8A69B326
 <Deny ID="ID_DENY_D_593" FriendlyName="PowerShellShell 593" Hash="2F3D30827E02D5FEF051E54C74ECA6AD4CC4BAD2"
 <Deny ID="ID_DENY_D_594" FriendlyName="PowerShellShell 594" Hash="F074589A1FAA76A751B05AD61B968683134F3FFC10
 <Deny ID="ID_DENY_D_595" FriendlyName="PowerShellShell 595" Hash="10096BD0A359142A13F2B8023A341C79A4A97975"
 <Deny ID="ID_DENY_D_596" FriendlyName="PowerShellShell 596" Hash="A271D72CDE48F69EB694B753BF9417CD6A72F7DA06
 <Deny ID="ID_DENY_D_597" FriendlyName="PowerShellShell 597" Hash="F8E803E1623BA66EA2EE0751A648834130B8BE5D"
 <Deny ID="ID_DENY_D_598" FriendlyName="PowerShellShell 598" Hash="E70DB033B773FE01B1D4464CAC112AF41C09E75D25
 <Deny ID="ID_DENY_D_599" FriendlyName="PowerShellShell 599" Hash="665BE52329F9CECEC1CD548A1B4924C9B1F79BD8"
 <Deny ID="ID_DENY_D_600" FriendlyName="PowerShellShell 600" Hash="24CC5B946D9469A39CF892DD4E92117E0E144DC7C6
 <Deny ID="ID_DENY_D_601" FriendlyName="PowerShellShell 601" Hash="C4627F2CF69A8575D7BF7065ADF5354D96707DFD"
 <Deny ID="ID_DENY_D_602" FriendlyName="PowerShellShell 602" Hash="7F1DF759C050E0EF4F9F96FF43904B418C674D4830
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 17 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 19 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 20 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 21 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 22 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 23 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 24 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 25 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 26 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 27 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 28 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 29 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 30 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 31 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 32 of 34

0 https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 33 of 34

<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
 <Value>
 <String>Microsoft Windows Recommended User Mode BlockList</String>
 </Value>
 </Setting>
 <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
 <Value>
 <String>10.1.0.2</String>
 </Value>
 </Setting>
 </Settings>
</SiPolicy>
Merge App Control policies
Source: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-r
ules
https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Page 34 of 34

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules   
<Deny ID="ID_DENY_D_93" FriendlyName="PowerShell 93" Hash="91C0F76798A9679188C7D93FDEBAF797BDBE41B2" />
<Deny ID="ID_DENY_D_94" FriendlyName="PowerShell 94" Hash="1D9244EAFEDFBFC02E13822E24A476C36FFD362B9D18F6CD1 
<Deny ID="ID_DENY_D_95" FriendlyName="PowerShell 95" Hash="7FCB424E67DDAC49413B45D7DCD636AD70E23B41" />
<Deny ID="ID_DENY_D_96" FriendlyName="PowerShell 96" Hash="7E6F9A738520F78D1E9D0D0883FB07DD9188408CBE7C2937B 
<Deny ID="ID_DENY_D_97" FriendlyName="PowerShell 97" Hash="A9745E20419EC1C90B23FE965D3C2DF028AF39DC" />
<Deny ID="ID_DENY_D_98" FriendlyName="PowerShell 98" Hash="71B5B58EAA0C90397BC9546BCCA8C657500499CD2087CD7D7 
<Deny ID="ID_DENY_D_99" FriendlyName="PowerShell 99" Hash="3E5294910C59394DA93962128968E6C23016A028" />
<Deny ID="ID_DENY_D_100" FriendlyName="PowerShell 100" Hash="DA700D4F58BCEA1D5A9CAD4F20AC725C6A354F9DA40E4F8 
<Deny ID="ID_DENY_D_101" FriendlyName="PowerShell 101" Hash="266896FD257AD8EE9FC73B3A50306A573714EA8A" />
<Deny ID="ID_DENY_D_102" FriendlyName="PowerShell 102" Hash="8E36BD08084C73AF674F2DAD568EE3BA2C85769FA7B3400 
<Deny ID="ID_DENY_D_103" FriendlyName="PowerShell 103" Hash="2CB781B3BD79FD277D92332ACA22C04430F9D692" />
<Deny ID="ID_DENY_D_104" FriendlyName="PowerShell 104" Hash="92AE03F0090C0A5DF329B4B3FFEDBA622B0521BA699FA30 
<Deny ID="ID_DENY_D_105" FriendlyName="PowerShell 105" Hash="D82583F7D5EA477C94630AC5AAEB771C85BD4B0A" />
<Deny ID="ID_DENY_D_106" FriendlyName="PowerShell 106" Hash="9B0F39AB233628A971ACEC53029C9B608CAB99868F1A1C5 
<Deny ID="ID_DENY_D_107" FriendlyName="PowerShell 107" Hash="2DF4350DE3C97C9D4FD2973F8C5EA8AE621D22A8" />
<Deny ID="ID_DENY_D_108" FriendlyName="PowerShell 108" Hash="015CE571E8503A353E2250D4D0DA19493B3311F3437527E 
<Deny ID="ID_DENY_D_109" FriendlyName="PowerShell 109" Hash="080DEC3B15AD5AFE9BF3B0943A36285E92BAF469" />
<Deny ID="ID_DENY_D_110" FriendlyName="PowerShell 110" Hash="F1391E78F17EA6097906B99C6F4F0AE8DD2E519856F837A 
<Deny ID="ID_DENY_D_111" FriendlyName="PowerShell 111" Hash="F87C726CCB5E64C6F363C21255935D5FEA9E4A0E" />
<Deny ID="ID_DENY_D_112" FriendlyName="PowerShell 112" Hash="B7B42C3C8C61FD2616C16BBCF36EA15EC26A67536E94764 
<Deny ID="ID_DENY_D_113" FriendlyName="PowerShell 113" Hash="25F52340199A0EA352C8B1A7014BCB610B232523" />
<Deny ID="ID_DENY_D_114" FriendlyName="PowerShell 114" Hash="64D6D1F3A053908C5635BD6BDA36BC8E72D518C7ECE8DA7 
<Deny ID="ID_DENY_D_115" FriendlyName="PowerShell 115" Hash="029198F05598109037A0E9E332EC052317E834DA" />
<Deny ID="ID_DENY_D_116" FriendlyName="PowerShell 116" Hash="70B4BB6C2B7E9237FB14ABBC94955012285E2CAA74F9145 
<Deny ID="ID_DENY_D_117" FriendlyName="PowerShell 117" Hash="A4390EF2D77F76DC4EFE55FF74EE1D06C303FDAE" />
<Deny ID="ID_DENY_D_118" FriendlyName="PowerShell 118" Hash="3246A0CB329B030DA104E04B1A0728DE83724B08C724FD0 
<Deny ID="ID_DENY_D_119" FriendlyName="PowerShell 119" Hash="89CEAB6518DA4E7F75B3C75BC04A112D3637B737" />
<Deny ID="ID_DENY_D_120" FriendlyName="PowerShell 120" Hash="6581E491FBFF954A1A4B9CEA69B63951D67EB56DF871ED8 
<Deny ID="ID_DENY_D_121" FriendlyName="PowerShell 121" Hash="00419E981EDC8613E600C939677F7B460855BF7E" />
<Deny ID="ID_DENY_D_122" FriendlyName="PowerShell 122" Hash="61B724BCFC3DA1CC1583DB0BC42EFE166E92D8D3CE91E58 
<Deny ID="ID_DENY_D_123" FriendlyName="PowerShell 123" Hash="272EF88BBA9B4B54D242FFE1E96D07DBF53497A0" />
<Deny ID="ID_DENY_D_124" FriendlyName="PowerShell 124" Hash="AFC0968EDCE9E5FC1BC392382833EBEF3265B32D3ECBB52 
<Deny ID="ID_DENY_D_125" FriendlyName="PowerShell 125" Hash="CD9D9789B3B31562C4BE44B6BEEA8815C5EDAE1F" />
<Deny ID="ID_DENY_D_126" FriendlyName="PowerShell 126" Hash="FCAF8DC3C7A5D3B29B19A9C5F89324BF65B50C440AC0316 
<Deny ID="ID_DENY_D_127" FriendlyName="PowerShell 127" Hash="941D0FD47887035A04E17F46DE6C4004D7FD8871" />
<Deny ID="ID_DENY_D_128" FriendlyName="PowerShell 128" Hash="4AD6DC7FF0A2E776CE7F27B4E3D3C1C380CA3548DFED565 
<Deny ID="ID_DENY_D_129" FriendlyName="PowerShell 129" Hash="421D1142105358B8360454E43FD15767DA111DBA" />
<Deny ID="ID_DENY_D_130" FriendlyName="PowerShell 130" Hash="692CABD40C1EDFCB6DC50591F31FAE30848E579D6EF4D2C 
<Deny ID="ID_DENY_D_131" FriendlyName="PowerShell 131" Hash="AC9F095DD4AE80B124F55541761AA1F35E49A575" />
<Deny ID="ID_DENY_D_132" FriendlyName="PowerShell 132" Hash="0D8A0FB3BF3CF80D44ED20D9F1E7292E9EE5A49ABCE6859 
<Deny ID="ID_DENY_D_133" FriendlyName="PowerShell 133" Hash="B1CF2A18B281F73FE6685B5CE74D1BA50BE9AFE5" />
<Deny ID="ID_DENY_D_134" FriendlyName="PowerShell 134" Hash="095B79953F9E3E2FB721693FBFAD5841112D592B6CA7EB2 
<Deny ID="ID_DENY_D_135" FriendlyName="PowerShell 135" Hash="128D7D03E4B85DBF95427D72EFF833DAB5E92C33" />
<Deny ID="ID_DENY_D_136" FriendlyName="PowerShell 136" Hash="EACFC615FDE29BD858088AF42E0917E4B4CA5991EFB4394 
<Deny ID="ID_DENY_D_137" FriendlyName="PowerShell 137" Hash="47D2F87F2D2D516D712A156421F0C2BD285200E9" />
<Deny ID="ID_DENY_D_138" FriendlyName="PowerShell 138" Hash="8CACA1828E7770DADF21D558976D415AC7BDA16D5892630 
<Deny ID="ID_DENY_D_139" FriendlyName="PowerShell 139" Hash="CD9D70B0107801567EEADC4ECD74511A1A6FF4FE" />
  Page 8 of 34 

https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules   
<Deny ID="ID_DENY_D_187" FriendlyName="PowerShell 187" Hash="C1E08AD32F680100C51F138C6C095139E7230C3B" />
<Deny ID="ID_DENY_D_188" FriendlyName="PowerShell 188" Hash="A5D5C1F79CD26216194D4C72DBAA3E48CB4A143D9E1F788 
<Deny ID="ID_DENY_D_189" FriendlyName="PowerShell 189" Hash="BACA825D0852E2D8F3D92381D112B99B5DD56D9F" />
<Deny ID="ID_DENY_D_190" FriendlyName="PowerShell 190" Hash="ABA28E0FC251E1D7FE5E264E1B36EC5E482D70AA434E75A 
<Deny ID="ID_DENY_D_191" FriendlyName="PowerShell 191" Hash="E89C29D38F554F6CB73B5FD3D0A783CC12FFEBC3" />
<Deny ID="ID_DENY_D_192" FriendlyName="PowerShell 192" Hash="4C93CBDCF4328D27681453D8DFD7495955A07EE6A0EFB9A 
<Deny ID="ID_DENY_D_193" FriendlyName="PowerShell 193" Hash="5B5E7942233D7C8A325A429FC4F4AE281325E8F9" />
<Deny ID="ID_DENY_D_194" FriendlyName="PowerShell 194" Hash="40DA20086ED76A5EA5F62901D110216EE206E7EEB2F2BFF 
<Deny ID="ID_DENY_D_195" FriendlyName="PowerShell 195" Hash="926DCACC6983F85A8ABBCB5EE13F3C756705A1D5" />
<Deny ID="ID_DENY_D_196" FriendlyName="PowerShell 196" Hash="A22761E2BF18F02BB630962E3C5E32738770AAEA77F8EDA 
<Deny ID="ID_DENY_D_197" FriendlyName="PowerShell 197" Hash="6FE6723A355DEB4BC6B8637A634D1B43AFA64112" />
<Deny ID="ID_DENY_D_198" FriendlyName="PowerShell 198" Hash="9BCC55A97A275F7D81110877F1BB5B41F86A848EA02B4EE 
<Deny ID="ID_DENY_D_199" FriendlyName="PowerShell 199" Hash="8D5599B34BED4A660DACC0922F6C2F112F264758" />
<Deny ID="ID_DENY_D_200" FriendlyName="PowerShell 200" Hash="F375014915E5E027F697B29201362B56F2D9E598247C96F 
<Deny ID="ID_DENY_D_201" FriendlyName="PowerShell 201" Hash="CCFB247A3BCA9C64D82F647F3D30A3172E645F13" />
<Deny ID="ID_DENY_D_202" FriendlyName="PowerShell 202" Hash="5E52ABBC051368315F078D31F01B0C1B904C1DDB6D1C1E4 
<Deny ID="ID_DENY_D_203" FriendlyName="PowerShell 203" Hash="E8EB859531F426CC45A3CB9118F399C92054563E" />
<Deny ID="ID_DENY_D_204" FriendlyName="PowerShell 204" Hash="CD9E1D41F8D982F4AA6C610A2EFEAEBA5B0CDD883DF4A86 
<Deny ID="ID_DENY_D_205" FriendlyName="PowerShell 205" Hash="C92D4EAC917EE4842A437C54F96D87F003199DE8" />
<Deny ID="ID_DENY_D_206" FriendlyName="PowerShell 206" Hash="3A270242EB49E06405FD654FA4954B166297BBC886891C6 
<Deny ID="ID_DENY_D_207" FriendlyName="PowerShell 207" Hash="66681D9171981216B31996429695931DA2A638B9" />
<Deny ID="ID_DENY_D_208" FriendlyName="PowerShell 208" Hash="7A2DF7D56912CB4EB5B36D071496EDC97661086B0E4C9CC 
<Deny ID="ID_DENY_D_209" FriendlyName="PowerShell 209" Hash="9DCA54C85E4C645CB296FE3055E90255B6506A95" />
<Deny ID="ID_DENY_D_210" FriendlyName="PowerShell 210" Hash="8C9C58AD12FE61CBF021634EC6A4B3094750FC002DA2244 
<Deny ID="ID_DENY_D_211" FriendlyName="PowerShell 211" Hash="3AF2587E8B62F88DC363D7F5308EE4C1A6147338" />
<Deny ID="ID_DENY_D_212" FriendlyName="PowerShell 212" Hash="D32D88F158FD341E32708CCADD48C426D227D0EC8465FF4 
<Deny ID="ID_DENY_D_213" FriendlyName="PowerShell 213" Hash="D3D453EBC368DF7CC2200474035E5898B58D93F1" />
<Deny ID="ID_DENY_D_214" FriendlyName="PowerShell 214" Hash="BBE569BCC282B3AF682C1528D4E3BC53C1A0C6B5905FA34 
<Deny ID="ID_DENY_D_215" FriendlyName="PowerShell 215" Hash="D147CE5C7E7037D1BE3C0AF67EDB6F528C77DB0A" />
<Deny ID="ID_DENY_D_216" FriendlyName="PowerShell 216" Hash="11F936112832738AD9B3A1C67537D5542DE8E86856CF2A5 
<Deny ID="ID_DENY_D_217" FriendlyName="PowerShell 217" Hash="7DBB41B87FAA887DE456C8E6A72E09D2839FA1E7" />
<Deny ID="ID_DENY_D_218" FriendlyName="PowerShell 218" Hash="3741F3D2F264E047339C95A66085599A49766DEF1C5BD0C 
<Deny ID="ID_DENY_D_219" FriendlyName="PowerShell 219" Hash="5F3AECC89BAF094EAFA3C25E6B883EE68A6F00B0" />
<Deny ID="ID_DENY_D_220" FriendlyName="PowerShell 220" Hash="AA085BE6498D2E3F527F3D72A5D1C604508133F0CDC05AD 
<Deny ID="ID_DENY_D_221" FriendlyName="PowerShell 221" Hash="DDE4D9A08514347CDE706C42920F43523FC74DEA" />
<Deny ID="ID_DENY_D_222" FriendlyName="PowerShell 222" Hash="81835C6294B96282A4D7D70383BBF797C2E4E7CEF99648F 
<Deny ID="ID_DENY_D_223" FriendlyName="PowerShell 223" Hash="48092864C96C4BF9B68B5006EAEDAB8B57B3738C" />
<Deny ID="ID_DENY_D_224" FriendlyName="PowerShell 224" Hash="36EF3BED9A5D0D563BCB354BFDD2931F6256759D1D905BA 
<Deny ID="ID_DENY_D_225" FriendlyName="PowerShell 225" Hash="7F6725BA8CCD2DAEEFD0C9590A5DF9D98642CCEA" />
<Deny ID="ID_DENY_D_226" FriendlyName="PowerShell 226" Hash="DB68DB3AE32A8A662AA6EE16CF459124D2701719D019B61 
<Deny ID="ID_DENY_D_227" FriendlyName="PowerShell 227" Hash="FF205856A3209227D571EAD4B8C1E611E7FF9924" />
<Deny ID="ID_DENY_D_228" FriendlyName="PowerShell 228" Hash="A63B38CE17DA60C4C431FC42C4507A0B7C19B384AC9E121 
<Deny ID="ID_DENY_D_229" FriendlyName="PowerShell 229" Hash="479C9429691314D3E21E4F4CA8B95D5BD2BDDEDA" />
<Deny ID="ID_DENY_D_230" FriendlyName="PowerShell 230" Hash="2BA4E369D267A9ABDEBA50DA2CB5FC56A8EE4382C5BCFCF 
<Deny ID="ID_DENY_D_231" FriendlyName="PowerShell 231" Hash="C7D70B96440D215173F35412D56CF9329886D8D3" />
<Deny ID="ID_DENY_D_232" FriendlyName="PowerShell 232" Hash="B00C54F1AA77D88335675EAF07ED834E68FD96DD7606914 
<Deny ID="ID_DENY_D_233" FriendlyName="PowerShell 233" Hash="2AB804E1FF982AE0EDB591BC61AA909CF32E99C5" />
  Page 10 of 34