App Control: DLL Blocks On "c:\windows\assembly\nativeimages" Directory
App Control Server: All Supported Versions
App Control Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Agent is enforcing Execution Blocks on .dll files contained within the "c:\windows\assembly\nativeimages" directory.
These files are .NET native images dynamically compiled by .NET Runtimes on the endpoint and an Approval Method does not already exist.
Login to the Console and go to Rules > Software Rules > Custom > Add Custom Rule.
Create a new Custom Rule using the following initial details:
Rule Type: Advanced
Operation: Execute and Write
Execute Action: Allow
Write Action: Approve
File or path:
List the processes that are executing the files, or use Any if those processes cannot be determined.
User or Group:
Click Save & Exit
This Custom Rule could be further modified by adding an <OnlyIf> Macro if the files share a company value. For example: