Add to the list of Windows defenses that don't seem to do anything: Starting with Windows 11 22H2, Software Restriction Policies (SRP) no longer seem to do anything. Hopefully nobody is relying on this capability!
Will Dormann @wdormann
5 Nov 2022
Replying to @NathanMcNulty
2 problems: 1) NTFS-level no-exec perms catch EXE and friends. But not other things like JS, HTA... 2) Path-based Software Restriction Policies work way better for blocking things that run. The kicker: Starting with Win11 22H2, newly-created policies don't work. Bugs everywhere!

Nov 5, 2022 · 10:24 PM UTC

6
38
6
105
How does the saying go? One step forward, two steps back?
4
14
To visualize this bug in action: Here's a Win11 21H1 system with SRP working fine. Rebooting to install 22H2 (with the boring parts sped up) results in a system with SRP not working at all. Is there any way to interpret this in a way other than Win11 22H2 breaks SRP (for most)?
2
1
1
10
GIF
People in early July 2022: SRP doesn't work with Win11 22H2. Microsoft in late October 2022: "You can use SRP" with Windows 11. Why is the disconnect between what Microsoft says about their software and how it works in the real world a recurring theme? techcommunity.microsoft.com/…
9
Replying to @wdormann
As foundational as SRP was, it really is irrelevant as a modern application control solution (even if it can still do something* in previous OS versions)
1
1
If it's never been officially announced as deprecated or no longer functional, and it's still advertised as a thing that works... Is is really irrelevant?
2
1
more replies
Replying to @wdormann @cyb3rops
Clear the applocker policy? learn.microsoft.com/en-us/wi…

Delete an AppLocker rule (Windows)

This article for IT professionals describes the steps to delete an AppLocker rule.

learn.microsoft.com
1
2
This is a stock Win11 22H2 system. There is no AppLocker policy. At least, none that is visible in the group policy editor.
Replying to @wdormann
Just in case you are not aware - I sorted it out. Although SRP is declared as deprecated, the flaw was caused by MS shipping a registry setting with it's install media, that defines AppLocker although it's not active. borncity.com/win/2023/02/24/…

Software Restriction Policies (SAFER) still possible under Windows 11 22H2 ...

[German]We was told, that Software Restriction Policies and SAFER no longer work out-of-the-box under Windows 11 22H2. This is caused by registry entries left in the ISO images, that make Windows 11...

borncity.com
1
1
1
6
Danke! I'll see if I can confirm when I get the chance.
2
Replying to @wdormann
One more reason to stay with Windows 10 …
2
Load more