You may want to prevent the user from opening a specific application. One way to block a user from opening an application is to block a DLL that the application uses to run. To block the DLL, you can create a rule that blocks the DLL from loading. When the user tries to open the application, they cannot.
For example, the Msvcrt.dll file contains the program code that is used to run various Windows applications such as Microsoft WordPad. If you add a rule that blocks Msvcrt.dll on the client computer, you cannot open Microsoft WordPad
Some applications that are written to be "security conscious" may interpret the DLL injection as a malicious act. Take counter measures to block the injection or remove the DLL.
To add a rule that blocks a DLL
Open an Application Control policy, and on the Application Control pane, click Add.
In the Application Control Rule Set dialog box, under the Rules list, click Add > Add Rule.
On the Properties tab, in the Rule name text box, type Block user from opening Microsoft WordPad.
To the right of Apply this rule to the following processes, click Add.
In the Add Process Definition dialog box, under Processes name to match, type C:\Program Files\Windows NT\Accessories\wordpad.exe, and then click OK.
In the Application Control Rule Set dialog box, under the Rules list, click Add > Add Condition > Load DLL Attempts.
On the Properties tab, in the Description text box, type dll blocked.
To the right of Apply to the following DLLs, click Add.
In the Add DLL Definition dialog box, in the text box in the DLL name to match group box, type MSVCRT.dll, and then click OK.
In the Application Control Rule Set dialog box, on the Actions tab, click Block access, Enable logging, and Notify user.
Under Notify user, type Should not be able to load WordPad.
Click OK twice and assign the policy to the client computer group.
Test the rule.
To test a rule that blocks a DLL
On the client computer, try to open Microsoft WordPad.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe