With the Disable EXE Running from %AppData% policy turned on, you will also likely prevent some legitimate programs from launching from AppData as well. To whitelist these applications, use the Client Screen.
Begin by opening the Client Screen and selecting the 'Third Wall' tab. This will display the USB Wall pen registration page. Now, click on the AppData EXE Exceptions & Discovery link on the top right of the page.
From here, you may press the 'Add Manual Exception' button. This will allow you to type or paste in a filename you want excepted.
Another option is to use the 'Scan All' button. This will cause Third Wall to interrogate all remote workstations within the Client for all .exe files in %AppData% and %LocalAppData%. All found files will be shown in the 'Scan Results' display.
At this point, nothing is yet whitelisted as we've only done the discovery. Use the selector boxes on the left to select which files you want whitelisted. Or, use the 'Check\Uncheck All' option to select all files.
Another option is to use the 'Search'. Enter text into the Search Field (on bottom) and press the 'Search' button. Any files found matching the entered text will be selected. Multiple searches may be stacked.
Once all appropriate files have been checked, press the 'Save' button. This will assign all checked files to be assigned to the remotes' whitelist. This list will be communicated to all remotes on the next 'Update Config' event.
- The %AppData% and %LocalAppData% folders exist only when a user is signed onto the computer. This means you will need to run the scan when you know your users on signed on. Computers without a user will return no files.
- If you are only blocking EXE files in %AppData% but not from %LocalAppData%, use the search field to select only %AppData% files.
- If you have assigned the 'Block All Executable Types' option on the policy, your scan will need to get more than just the .EXE files. Before pressing 'Scan Now', use the 'Scan Targets' button to select additional file extensions to scan for. When 'Scan Targets' is pressed, a new window appears showing all Executable Types. Use the checkboxes to choose the desired extensions or simply press the 'Check/Uncheck All' button, on bottom. Now, when 'Scan All' is pressed, your return will include these potentially blocked file types.
- Microsoft requires a reboot after the whitelist is changed. Until this occurs, your users will find they can not run the file, even if is whitelisted. We've found a simple log-out and back in accomplishes the same.