<AppLockerPolicy Version="1">
  <RuleCollection Type="Appx" EnforcementMode="Enabled">
    <FilePublisherRule Id="4122fac9-c035-4195-a7ca-4feb8b1645cc" Name="All PACKAGED APPS signed by *US* Microsoft *Windows*" Description="Sandboxed apps" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="*" BinaryName="*">
          <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="cab1f907-7b7a-4daa-adc7-8fbc849aaaaa" Name="All PACKAGED APPS signed by *US* Microsoft *Corporation*" Description="Sandboxed apps" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="*" BinaryName="*">
          <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
  </RuleCollection>
  <RuleCollection Type="DLL" EnforcementMode="Enabled">
    <FilePublisherRule Id="6eca8bdf-d311-4571-a5cc-4c07e0b37fe1" Name="Windows Defender" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="MPOAV.DLL">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePathRule Id="519c4af5-c49b-4e27-9aac-dc768d211a6d" Name="All DLL in all folders and all devices !!! WIN81 UAC-bug !!!" Description="Allows (also unelevated) accounts in local ADMINISTRATORS to load all DLL regardless of its path (!!! WIN81 UAC-bug applies this rule to *non*-elevated admins !!!)." UserOrGroupSid="S-1-5-32-544" Action="Allow">
      <Conditions>
        <FilePathCondition Path="*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="db64429b-6687-4fe5-b12e-8680e9993a29" Name="All DLL in PROGRAM FILES* folder-tree(s)" Description="Allows EVERYONE to load DLL in PROGRAM FILES* folder-tree(s) (assumed to be user write-protected)." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="ac7db26c-179e-4cdd-86a3-0f33917339af" Name="All DLL in WINDOWS folder-tree *except* user-writable subfolder and system management automation in windows" Description="Allows EVERYONE to load DLL in WINDOWS folder-tree *except* when user write-writable folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
      <Exceptions>
        <FilePathCondition Path="%SYSTEM32%\BioApiFFDB:*" />
        <FilePathCondition Path="%SYSTEM32%\BioApiFFDB\*" />
        <FilePathCondition Path="%SYSTEM32%\CatRoot2:*" />
        <FilePathCondition Path="%SYSTEM32%\CatRoot2\*" />
        <FilePathCondition Path="%SYSTEM32%\com\dmp:*" />
        <FilePathCondition Path="%SYSTEM32%\com\dmp\*" />
        <FilePathCondition Path="%SYSTEM32%\FxsTmp:*" />
        <FilePathCondition Path="%SYSTEM32%\FxsTmp\*" />
        <FilePathCondition Path="%SYSTEM32%\Microsoft\Crypto\RSA\MachineKeys:*" />
        <FilePathCondition Path="%SYSTEM32%\Microsoft\Crypto\RSA\MachineKeys\*" />
        <FilePathCondition Path="%SYSTEM32%\runscripthelper.exe" />
        <FilePathCondition Path="%SYSTEM32%\spool\drivers\color:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*" />
        <FilePathCondition Path="%SYSTEM32%\spool\PRINTERS:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*" />
        <FilePathCondition Path="%SYSTEM32%\spool\SERVERS:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\Microsoft\Windows\SyncCenter:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\Microsoft\Windows\SyncCenter\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks_Migrated:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks_Migrated\*" />
        <FilePathCondition Path="%SYSTEM32%\winevt\Logs:*" />
        <FilePathCondition Path="%SYSTEM32%\winevt\Logs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\inventory\noidmifs:*" />
        <FilePathCondition Path="%WINDIR%\ccm\inventory\noidmifs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\logs:*" />
        <FilePathCondition Path="%WINDIR%\ccm\logs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\systemtemp\appvtempdata\appvcommandoutput:*" />
        <FilePathCondition Path="%WINDIR%\ccm\systemtemp\appvtempdata\appvcommandoutput\*" />
        <FilePathCondition Path="%WINDIR%\Debug:*" />
        <FilePathCondition Path="%WINDIR%\Debug\*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA:*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA:*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA\*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA\*" />
        <FilePathCondition Path="%WINDIR%\Logs:*" />
        <FilePathCondition Path="%WINDIR%\Logs\*" />
        <FilePathCondition Path="%WINDIR%\PCHEALTH\ErrorRep:*" />
        <FilePathCondition Path="%WINDIR%\PCHEALTH\ErrorRep\*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog:*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog:*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog\*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Microsoft\Crypto\RSA\MachineKeys:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Microsoft\Crypto\RSA\MachineKeys\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\spool\drivers\color*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\spool\drivers\color:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\PLA\System:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\PLA\System\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\SyncCenter:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\SyncCenter\*" />
        <FilePathCondition Path="%WINDIR%\Tasks:*" />
        <FilePathCondition Path="%WINDIR%\Tasks\*" />
        <FilePathCondition Path="%WINDIR%\Temp:*" />
        <FilePathCondition Path="%WINDIR%\Temp\*" />
        <FilePathCondition Path="%WINDIR%\tracing:*" />
        <FilePathCondition Path="%WINDIR%\Tracing:*" />
        <FilePathCondition Path="%WINDIR%\tracing\*" />
        <FilePathCondition Path="%WINDIR%\Tracing\*" />
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT (R) WINDOWS (R) OPERATING SYSTEM" BinaryName="SYSTEM.MANAGEMENT.AUTOMATION.DLL">
          <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="SETUPAPI.DLL">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="SYSSETUP.DLL">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Exceptions>
    </FilePathRule>
  </RuleCollection>
  <RuleCollection Type="EXE" EnforcementMode="Enabled">
    <FilePublisherRule Id="4e773c8a-1345-44f2-920b-75c29eff6f37" Name="Old Adobe Reader executables" Description="Block legacy versions of Adobe Reader" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=ADOBE SYSTEMS, INCORPORATED, L=SAN JOSE, S=CALIFORNIA, C=US" ProductName="ADOBE READER" BinaryName="ACRORD32.EXE">
          <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="991736e1-694f-4eb6-b691-a178f6196bf3" Name="Block Internet Explorer" Description="Block all versions of Internet Explorer" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS® INTERNET EXPLORER" BinaryName="IEXPLORE.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="bd2ea4aa-bc97-4787-8585-9fd5540f5f22" Name="Block old Adobe Acrobat Reader DC" Description="Block old Adobe Acrobat Reader DC executables(per 2021-04)" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=ADOBE INC., L=SAN JOSE, S=CA, C=US" ProductName="ADOBE ACROBAT READER DC" BinaryName="ACRORD32.EXE">
          <BinaryVersionRange LowSection="*" HighSection="22.2.20191.0" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="c5d9dcac-ab93-4d49-9176-4b0d71e82a7b" Name="Block java" Description="BLOCK all versions of Java Runtime" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=SUN MICROSYSTEMS, INC., L=PALO ALTO, S=CALIFORNIA, C=US" ProductName="JAVA(TM) PLATFORM SE 8 U121" BinaryName="JAVA.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="dd51ed42-44cc-4618-b2f4-5283979da2a5" Name="Block sysinternal signed packages" Description="Block sysinternal packages like psexec" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="SYSINTERNALS PSEXEC" BinaryName="*">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="4027b5d5-3917-44ca-bef3-bd4729642740" Name="Block DFSVC.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="DFSVC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="517a349a-1f21-4bea-98fb-8656f0818868" Name="Block .NET HOST" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName=".NET" BinaryName=".NET HOST">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="cc8c6a89-7fb0-4894-9d7f-33763b610ce6" Name="Block MSDEPLOY.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MSDEPLOY" BinaryName="MSDEPLOY.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="d9fc49b6-f109-4126-97da-a992cd00c8aa" Name="Block WFC.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="WFC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePublisherRule Id="d6d8ebdf-f1a6-45d4-a723-380708e1a9cd" Name="Block ASPNET_COMPILER.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="ASPNET_COMPILER.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
    <FilePathRule Id="a7f7e476-fc73-4b8f-963e-2d1a1b0ee509" Name="rpcnet.exe" Description="BLOCK unwanted executables" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePathCondition Path="*/rpcnet.exe" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="aa4ff04d-dcf6-472a-8db6-d0e42e5aa991" Name="psexec.exe" Description="BLOCK unwanted executables" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePathCondition Path="*/psexec.exe" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="bd4c6a81-d87d-4a67-bcf6-736f54f883fa" Name="Allow all EXE in all folders and devices from administrators !!! WIN81 UAC-bug !!!" Description="Allows (also unelevated) accounts in local ADMINISTRATORS to run all EXE regardless of its path (!!! WIN81 UAC-bug applies this rule to *non*-elevated admins !!!)." UserOrGroupSid="S-1-5-32-544" Action="Allow">
      <Conditions>
        <FilePathCondition Path="*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="e3da6fc4-6a8b-4fcb-8b85-a99863ed1359" Name="rpcnetp.exe" Description="BLOCK unwanted executables" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePathCondition Path="*/rpcnetp.exe" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="89a6a173-9cae-49cc-baf2-98d4f6cba9c1" Name="Allow C:\Windows but exclude writeable paths and files" Description="Allows EVERYONE to run EXE in WINDOWS folder-tree *except* when user write-writable or unwanted program." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
      <Exceptions>
        <FilePathCondition Path="%SYSTEM32%\BioApiFFDB:*" />
        <FilePathCondition Path="%SYSTEM32%\BioApiFFDB\*" />
        <FilePathCondition Path="%SYSTEM32%\CatRoot2:*" />
        <FilePathCondition Path="%SYSTEM32%\CatRoot2\*" />
        <FilePathCondition Path="%SYSTEM32%\com\dmp:*" />
        <FilePathCondition Path="%SYSTEM32%\com\dmp\*" />
        <FilePathCondition Path="%SYSTEM32%\FxsTmp:*" />
        <FilePathCondition Path="%SYSTEM32%\FxsTmp\*" />
        <FilePathCondition Path="%SYSTEM32%\Microsoft\Crypto\RSA\MachineKeys:*" />
        <FilePathCondition Path="%SYSTEM32%\Microsoft\Crypto\RSA\MachineKeys\*" />
        <FilePathCondition Path="%SYSTEM32%\runscripthelper.exe" />
        <FilePathCondition Path="%SYSTEM32%\spool\drivers\color:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*" />
        <FilePathCondition Path="%SYSTEM32%\spool\PRINTERS:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*" />
        <FilePathCondition Path="%SYSTEM32%\spool\SERVERS:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\Microsoft\Windows\SyncCenter:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\Microsoft\Windows\SyncCenter\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks_Migrated:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks_Migrated\*" />
        <FilePathCondition Path="%SYSTEM32%\winevt\Logs:*" />
        <FilePathCondition Path="%SYSTEM32%\winevt\Logs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\inventory\noidmifs:*" />
        <FilePathCondition Path="%WINDIR%\ccm\inventory\noidmifs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\logs:*" />
        <FilePathCondition Path="%WINDIR%\ccm\logs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\systemtemp\appvtempdata\appvcommandoutput:*" />
        <FilePathCondition Path="%WINDIR%\ccm\systemtemp\appvtempdata\appvcommandoutput\*" />
        <FilePathCondition Path="%WINDIR%\Debug:*" />
        <FilePathCondition Path="%WINDIR%\Debug\*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA:*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA:*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA\*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA\*" />
        <FilePathCondition Path="%WINDIR%\Logs:*" />
        <FilePathCondition Path="%WINDIR%\Logs\*" />
        <FilePathCondition Path="%WINDIR%\PCHEALTH\ErrorRep:*" />
        <FilePathCondition Path="%WINDIR%\PCHEALTH\ErrorRep\*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog:*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog:*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog\*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Microsoft\Crypto\RSA\MachineKeys:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Microsoft\Crypto\RSA\MachineKeys\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\spool\drivers\color*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\spool\drivers\color:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\PLA\System:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\PLA\System\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\SyncCenter:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\SyncCenter\*" />
        <FilePathCondition Path="%WINDIR%\Tasks:*" />
        <FilePathCondition Path="%WINDIR%\Tasks\*" />
        <FilePathCondition Path="%WINDIR%\Temp:*" />
        <FilePathCondition Path="%WINDIR%\Temp\*" />
        <FilePathCondition Path="%WINDIR%\tracing:*" />
        <FilePathCondition Path="%WINDIR%\Tracing:*" />
        <FilePathCondition Path="%WINDIR%\tracing\*" />
        <FilePathCondition Path="%WINDIR%\Tracing\*" />
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="" BinaryName="CSI.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="BGINFO" BinaryName="*">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="DEBUG DIAGNOSTIC TOOL" BinaryName="DBGHOST.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="DEBUG DIAGNOSTIC TOOL" BinaryName="DBGSVC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="INTERNET EXPLORER" BinaryName="MSHTA.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ® WINDOWS SCRIPT HOST" BinaryName="CSCRIPT.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ® WINDOWS SCRIPT HOST" BinaryName="WSCRIPT.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT(R) CONNECTION MANAGER" BinaryName="CMSTP.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="ADDINPROCESS32.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="ADDINUTIL.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="ASPNET_COMPILER.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="DFSVC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="IEEXEC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="INSTALLUTIL.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="MICROSOFT.WORKFLOW.COMPILER.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="MSBUILD.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="REGASM.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® .NET FRAMEWORK" BinaryName="REGSVCS.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® BUILD TOOLS®" BinaryName="TRACKER.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® F#" BinaryName="FSI.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OODBCCONFPERATING SYSTEM" BinaryName="NET1.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="ATBROKER.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="BASH.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="CDB.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="CMD.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="CONTROL.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="FORFILES.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="FTP.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="INFDEFAULTINSTALL.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="MAVINJECT32.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="MAVINJECT64.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="MSDT.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="NET.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="NETSH.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="NTKD.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="NTSD.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="ODBCCONF.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="POWERSHELL.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="POWERSHELL_ISE.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="PRESENTATIONHOST.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="REG.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="REGEDIT.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="REGEDT32.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="REGINI.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="REGSVR32.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="RUNDLL32.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="SYNCAPPVPUBLISHINGSERVER.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="TELNETC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="TFTP.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="WINDBG.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="WMIC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="WSL.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="WSLCONFIG.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="XWIZARD.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="WINDOWS INSTALLER - UNICODE" BinaryName="MSIEXEC.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Exceptions>
    </FilePathRule>
    <FilePathRule Id="c58daa19-ecd3-492c-87db-f59ec2107570" Name="Allow %SYSTEM32%\ie4uinit.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%SYSTEM32%\ie4uinit.exe" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="8fa9ef08-0afe-425c-bb28-046724c41482" Name="Allow EXE in the PROGRAM FILES* folder tree(s)" Description="Allows EVERYONE to run EXE in PROGRAM FILES* folder-tree(s) (assumed to be user write-protected)." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
      <Exceptions>
        <FilePathCondition Path="C:\Program Files\Microsoft SQL Server\160\DTS\DataDumps:*" />
        <FilePathCondition Path="C:\Program Files\Microsoft SQL Server\160\DTS\DataDumps\*" />
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT SQL SERVER" BinaryName="SQLPS.EXE">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Exceptions>
    </FilePathRule>
  </RuleCollection>
  <RuleCollection Type="Msi" EnforcementMode="Enabled">
    <FilePublisherRule Id="c368ab83-deab-44b5-bbf4-0bf35fc020e4" Name="All MSI signed by Microsoft Corp *except* on HOT and REMOVABLE media" Description="Allow EVERYONE to install all MSI signed by Microsoft Corp. *except* on HOT and REMOVABLE media." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="*" BinaryName="*">
          <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
      <Exceptions>
        <FilePathCondition Path="%HOT%\*" />
        <FilePathCondition Path="%REMOVABLE%\*" />
      </Exceptions>
    </FilePublisherRule>
    <FilePathRule Id="16083419-83ce-4df9-96a5-55396986f5ae" Name="All MSI in all folders and all devices !!! tbd WIN81 UAC-bug !!!" Description="Allows (unelevated) accounts in local ADMINISTRATORS to install MSI regardless of its path (!!! tbd WIN81 UAC-bug applies this rule to *non*-elevated admins !!!)." UserOrGroupSid="S-1-5-32-544" Action="Allow">
      <Conditions>
        <FilePathCondition Path="*.*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="1dc920e3-6fd0-407b-ba46-bc0a26827a16" Name="All MSI in %SYSTEMDRIVE%\Windows\Installer" Description="Allows EVERYONE to install MSI placed in %WINDIR%\Installer." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\Installer\*" />
      </Conditions>
    </FilePathRule>
  </RuleCollection>
  <RuleCollection Type="Script" EnforcementMode="Enabled">
    <FilePathRule Id="2f82e33c-93e2-4f49-9eb1-5b5dfc2f096c" Name="All SCRIPTS in all folders and all devices !!! tbd WIN81 UAC-bug !!!" Description="Allows (also unelevated) accounts in local ADMINISTRATORS to run all SCRIPTS regardless of its path (!!! tbd WIN81 UAC-bug applies this rule to *non*-elevated admins !!!)." UserOrGroupSid="S-1-5-32-544" Action="Allow">
      <Conditions>
        <FilePathCondition Path="*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="7c813344-c761-4b67-880e-590524fd5451" Name="All SCRIPTS in WINDOWS folder-tree *except* user-writable subfolders" Description="Allows EVERYONE to run SCRIPTS in WINDOWS folder (overridden by BLOCK ?script.exe/PowerShell.exe rules)" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
      <Exceptions>
        <FilePathCondition Path="%SYSTEM32%\BioApiFFDB:*" />
        <FilePathCondition Path="%SYSTEM32%\BioApiFFDB\*" />
        <FilePathCondition Path="%SYSTEM32%\CatRoot2:*" />
        <FilePathCondition Path="%SYSTEM32%\CatRoot2\*" />
        <FilePathCondition Path="%SYSTEM32%\com\dmp:*" />
        <FilePathCondition Path="%SYSTEM32%\com\dmp\*" />
        <FilePathCondition Path="%SYSTEM32%\FxsTmp:*" />
        <FilePathCondition Path="%SYSTEM32%\FxsTmp\*" />
        <FilePathCondition Path="%SYSTEM32%\Microsoft\Crypto\RSA\MachineKeys:*" />
        <FilePathCondition Path="%SYSTEM32%\Microsoft\Crypto\RSA\MachineKeys\*" />
        <FilePathCondition Path="%SYSTEM32%\runscripthelper.exe" />
        <FilePathCondition Path="%SYSTEM32%\spool\drivers\color:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\drivers\color\*" />
        <FilePathCondition Path="%SYSTEM32%\spool\PRINTERS:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\PRINTERS\*" />
        <FilePathCondition Path="%SYSTEM32%\spool\SERVERS:*" />
        <FilePathCondition Path="%SYSTEM32%\spool\SERVERS\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\*" />
        <FilePathCondition Path="%SYSTEM32%\winevt\Logs:*" />
        <FilePathCondition Path="%SYSTEM32%\winevt\Logs\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks_Migrated:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks_Migrated\*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\Microsoft\Windows\SyncCenter:*" />
        <FilePathCondition Path="%SYSTEM32%\Tasks\Microsoft\Windows\SyncCenter\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\com\dmp\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\SyncCenter:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\SyncCenter\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\PLA\System:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\Microsoft\Windows\PLA\System\*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog:*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\FxsTmp\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Microsoft\Crypto\RSA\MachineKeys:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Microsoft\Crypto\RSA\MachineKeys\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\Tasks\*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA:*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA\*" />
        <FilePathCondition Path="%WINDIR%\tracing:*" />
        <FilePathCondition Path="%WINDIR%\tracing\*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\spool\drivers\color:*" />
        <FilePathCondition Path="%WINDIR%\SysWOW64\spool\drivers\color*" />
        <FilePathCondition Path="%WINDIR%\ccm\inventory\noidmifs:*" />
        <FilePathCondition Path="%WINDIR%\ccm\inventory\noidmifs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\logs:*" />
        <FilePathCondition Path="%WINDIR%\ccm\logs\*" />
        <FilePathCondition Path="%WINDIR%\ccm\systemtemp\appvtempdata\appvcommandoutput:*" />
        <FilePathCondition Path="%WINDIR%\ccm\systemtemp\appvtempdata\appvcommandoutput\*" />
        <FilePathCondition Path="%WINDIR%\Debug:*" />
        <FilePathCondition Path="%WINDIR%\Debug\*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA:*" />
        <FilePathCondition Path="%WINDIR%\debug\WIA\*" />
        <FilePathCondition Path="%WINDIR%\Logs:*" />
        <FilePathCondition Path="%WINDIR%\Logs\*" />
        <FilePathCondition Path="%WINDIR%\PCHEALTH\ErrorRep:*" />
        <FilePathCondition Path="%WINDIR%\PCHEALTH\ErrorRep\*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog:*" />
        <FilePathCondition Path="%WINDIR%\Registration\CRMLog\*" />
        <FilePathCondition Path="%WINDIR%\Tasks:*" />
        <FilePathCondition Path="%WINDIR%\Tasks\*" />
        <FilePathCondition Path="%WINDIR%\Temp:*" />
        <FilePathCondition Path="%WINDIR%\Temp\*" />
        <FilePathCondition Path="%WINDIR%\Tracing:*" />
        <FilePathCondition Path="%WINDIR%\Tracing\*" />
      </Exceptions>
    </FilePathRule>
    <FilePathRule Id="bf95ae46-c627-4964-a262-f3ce41c610e1" Name="All SCRIPTS in PROGRAM FILES* folder tree(s)" Description="Allows EVERYONE to run SCRIPTS in PROGRAM FILES* folder(s) (overridden by BLOCK ?script.exe/PowerShell.exe rules)" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
  </RuleCollection>
</AppLockerPolicy>