; XP_SAFER.INF ; ; Configure 'Software Restriction Policies' a.k.a 'SAFER' on all ; editions of Windows XP (including embedded versions) and ; Windows Server 2003 [R2] ; ; https://technet.microsoft.com/en-us/aa940985.aspx ; https://technet.microsoft.com/en-us/bb457006.aspx ; https://technet.microsoft.com/en-us/bb457059.aspx ; https://technet.microsoft.com/en-us/cc507878.aspx ; https://technet.microsoft.com/en-us/cc786941.aspx ; ; The 'Local Policies' management console reads 'SAFER' policies' ; additional rules only from ; "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL"! ; ; Use SRP2LGPO.EXE (available from the author upon request) to ; export 'SAFER' policies from the registry to ; "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL". ; ; https://msdn.microsoft.com/en-us/aa384232.aspx ; https://support.microsoft.com/en-us/kb/896456 ; https://support.microsoft.com/en-us/kb/942589 ; https://support.microsoft.com/en-us/kb/950407 ; https://support.microsoft.com/en-us/kb/960037 ; ; NOTE: on 64-bit systems KB942589 must be installed to enable ; the special directory pathname "%SystemRoot%\SysNative"! ; ; CAUTION: on 64-bit systems XP_SAFER.INF must not be run under ; SysWoW64! (KB950407, but KB960037) ; ; NOTE: KB973825 should be installed on Windows Server 2003 [R2]! ; ; CAUTION: 'SAFER' policies written directly/only to the registry ; are overwritten by 'SAFER' policies defined in the ; 'Local Policies' management console! ; ; CAUTION: if "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL" ; contains no 'SAFER' policy entries the 'Local Policies' ; management console overwrites upon first call 'SAFER' ; policies in the registry with default settings and rules! ; ; NOTE: if "%SystemRoot%\System32\GroupPolicy\Machine\REGISTRY.POL" ; does not exist use the 'empty' REGISTRY.POL provided by the ; author to avoid that! ; ; NOTE: 'SAFER' policies' additional rules written directly/only to ; the registry don't show in the 'Local Policies' management ; console! ; ; Copyright (C) 2004-2018, Stefan Kanthak ; ; * The software is provided "as is" without any warranty, neither express ; nor implied. ; In no event will the author be held liable for any damage(s) arising ; from the use of the software. ; * Redistribution of the software is allowed only in unmodified form. ; * Permission is granted to use the software solely for personal private ; and non-commercial purposes. ; * An individuals use of the software in his or her capacity or function ; as an agent, (independent) contractor, employee, member or officer of ; a business, corporation or organization (commercial or non-commercial) ; does not qualify as personal private and non-commercial purpose. ; * Without written approval from the author the software must not be used ; for a business, for commercial, corporate, governmental, military or ; organizational purposes of any kind, or in a commercial, corporate, ; governmental, military or organizational environment of any kind. [Version] DriverVer = 09/27/2017 Provider = "Stefan Kanthak" Signature = "$Windows NT$" [DefaultInstall.NTx86] AddReg = Install.AddReg, Install.AddReg.x86 CopyFiles = Files.Inf, Files.Pol DelFiles = Files.Pnf DelReg = Install.DelReg [DefaultInstall.NTia64] AddReg = Install.AddReg, Install.AddReg.ia64 CopyFiles = Files.Inf, Files.Pol DelFiles = Files.Pnf DelReg = Install.DelReg [DefaultInstall.NTamd64] AddReg = Install.AddReg, Install.AddReg.amd64 CopyFiles = Files.Inf, Files.Pol DelFiles = Files.Pnf DelReg = Install.DelReg [DefaultUninstall] AddReg = Remove.AddReg CleanUp = 1 DelFiles = Files.Inf, Files.Pnf; Files.Log DelReg = Remove.DelReg, Remove.DelReg.amd64 [SourceDisksNames] ; Cabinet file names and associated disks ; = ,[],,[] 57 = "Softwarebeschränkungsrichtlinien für 'Windows XP/2003 [R2]'",,0000-0000,"" [SourceDisksFiles] ; = ,[],[],[],[] ; NOTE: is neither on a disk nor in a cabinet if is 0 [SourceDisksFiles.x86] XP_SAFER.INF = 57 ;REGISTRY.POL = 57,I386 ;SRP2LGPO.EXE = 57,I386 [SourceDisksFiles.ia64] XP_SAFER.INF = 57 ;REGISTRY.POL = 57,IA64 ;SRP2LGPO.EXE = 57,IA64 [SourceDisksFiles.amd64] XP_SAFER.INF = 57 ;REGISTRY.POL = 57,AMD64 ;SRP2LGPO.EXE = 57,AMD64 [DestinationDirs] ;
= [,] Files.Inf = 17 Files.Log = 10,"Debug" Files.Pnf = 17 Files.Pol = 11,"GroupPolicy\Machine" [Files] ; ,[],[],[] ; (Flag values may be combined by simple addition resp. boolean OR!) ; 1: warn if user chooses to skip file ; 1: delete file on reboot if in use (REMOVE ONLY) ; 2: inhibit skipping of file by user ; 4: ignore version conflict, overwrite newer files ; 8: force file-in-use behaviour (rename after reboot) ; 16: don't overwrite existing file ; 32: suppress version conflict dialog, don't overwrite newer files ; 64: overwrite existing file only if source is newer ; 1024: copy only if target file exists ; 2048: don't decompress source file ; 4096: replace boot file ; 8192: don't skip file due to optimization ; 16384: if target file is in use, rename it, then copy source file and delete renamed target file; ; If target file cannot be renamed or deleted, postpone copy or delete until reboot ; 65536: delete file on reboot if in use (REMOVE ONLY) [Files.Inf] XP_SAFER.INF,,,3 [Files.Log] ;SAFER.LOG,,,1 ;[Files.Log.Security] ;"D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FW;;;BU)" [Files.Pnf] XP_SAFER.PNF,,,1 [Files.Pol] ;REGISTRY.POL,,,16 [Install.DelReg] ; Remove SUPERFLUOUS file name extensions from 'SAFER' executables list ; NOTE: execution of 'portable executable' files via 'CreateProcess*()' and ; 'LoadLibrary*()' as well as script files via 'Windows Script Host' ; is controlled independent of file name extension! HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"COM" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"CPL" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"EXE" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"OCX" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"SCR" ; Remove file name extensions '.LNK' and '.URL' from 'SAFER' executables list HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"LNK" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",98306,"URL" ; Remove old rules from previous versions ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F184B-E783-4A94-AC12-66A6082CD6EB}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A0FDE6-885E-4F68-9672-87F25654E2FF}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A23408-1675-01C9-1600-00004D0529DB}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A918B9-7529-44E7-9C6D-5098F8B1D90F}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB32D0-7400-45F8-9646-7C954FC2B8FB}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC11AA-68C6-4994-B232-4B1930D3E799}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACD77E-C11D-4277-AF6B-600B5C6ADEB7}" ; Remove SUPERFLUOUS original rules HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349D35AB-37B5-462F-9B89-EDD5FBDE1328}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7FB9CD2E-3076-4DF9-A57B-B813F72DBB91}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81D1FE15-DD9D-4762-B16D-7C29DDECAE3F}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94E3E076-8F53-42A5-8411-085BCC18A68D}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{DC971EE5-44EB-4FE4-AE2E-B91490411BFC}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}" ; Disable 'POSIX' subsystem (KB320869, but KB308259) HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems","Optional",98306,"Posix" ;HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems","Posix";131072,"%SystemRoot%\System32\PSXSS.EXE" [Install.AddReg] ; Set default location of 'Client Side Cache' HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache","DatabaseLocation",131074,"%SystemRoot%\CSC" ; CAUTION: command lines in 'Run', 'RunOnce', 'RunOnce\Setup' and 'RunOnceEx' are limited to 260 characters! HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","ReadMe",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://technet.microsoft.com/aa940985.aspx" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Download",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://download.microsoft.com/download/2/e/0/2e0e3caf-9005-4058-b3e5-42432655b486/PRO/SoftwareRestrictionPolicies.doc" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB973825",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/973825" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB2532445",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/2532445" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","AppCert",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://skanthak.homepage.t-online.de/appcert.html" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Author",2,"Stefan Kanthak" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Contact",2,"" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","DisplayIcon",2,"%11%\RUNONCE.EXE" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","DisplayName",2,"Systemkonfiguration" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","DisplayVersion",2,"2017.09.27" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","HelpLink",2;"" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","NoModify",65539,1 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","NoRemove",65539,1 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","NoRepair",65539,1 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Publisher",2,"Me, myself & IT" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","ReadMe",2;"" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Size",2;"" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","UninstallString",2,"." HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","URLInfoAbout",2,"https://skanthak.homepage.t-online.de/index.html" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","URLUpdateInfo",2,"https://skanthak.homepage.t-online.de/index.html" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation","Version",65539,0x20170927 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Author",0,"Stefan Kanthak" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Contact",0,"" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayIcon",0,"%17%\XP_SAFER.ICO" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayIcon",0,"%11%\RUNONCE.EXE" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayName",0,"Softwarebeschränkungsrichtlinien für 'Windows XP/2003 [R2]'" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","DisplayVersion",0,"2017.09.27" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","EstimatedSize",65537,108 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","HelpLink",0,"https://technet.microsoft.com/aa940985.aspx" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","InstallLocation",0,"%17%\" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","InstallSource",0,"%01%\" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","NoModify",65537,1 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","NoRemove",65537,0 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","NoRepair",65537,1 HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","ParentDisplayName",0,"Systemkonfiguration" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","ParentKeyName",0,"eSKamation" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Publisher",0,"Me, myself & IT" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","ReadMe",0,"https://technet.microsoft.com/aa940985.aspx" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Size",0;"" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","UninstallString",0,"%11%\RUNDLL32.EXE %11%\SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 %17%\XP_SAFER.INF" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","URLInfoAbout",0,"https://skanthak.homepage.t-online.de/SAFER.html" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","URLUpdateInfo",0,"https://skanthak.homepage.t-online.de/SAFER.html" HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer","Version",65537,0x20170927 ; Set default location of 'DLL Cache' HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon","SFCDLLCacheDir",131074,"%SystemRoot%\System32\DLLCache" HKLM,"SOFTWARE\Microsoft\Windows Script Host\Settings","UseWinSAFER",32,"1" ;HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates\","Blob",1; ;HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates\","Blob",1; ; 0x00000000: allow all users to manage trusted publishers ; 0x00000001: allow only local administrators to manage trusted publishers ; 0x00000002: allow only domain administrators to manage trusted publishers ; 0x00000100: check for revocation of issuer certificates ; 0x00000200: check for revocation of timestamper certificates HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer","AuthentiCodeFlags",65537,0x00000300 ; Disable 'SAFER' certificate rules (KB324036) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","AuthentiCodeEnabled",65537,0 ; Set default 'SAFER' policy to 'Disallowed' ; 0x00040000: fully trusted (alias unrestricted) ; 0x00020000: normal user (alias basic user) ; 0x00010000: constrained (alias restricted) ; 0x00001000: untrusted ; 0x00000000: disallowed HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","DefaultLevel",65537,0 ; Add file name extensions to 'SAFER' executables list ; NOTE: execution of 'portable executable' files via 'CreateProcess*()' and ; 'LoadLibrary*()' as well as script files via 'Windows Script Host' ; is controlled independent of file name extension! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ACM" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ADE" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ADP" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"AX" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"BAS" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"BAT" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CHM" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CMD" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"COM" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CPL" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"CRT" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"DLL" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"DRV" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"DS" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"EFI" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"EXE" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"HLP" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"HTA" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"HTC" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"IME" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"INF" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"INS" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"ISP" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"JOB" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"JS" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"JSE" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"LNK" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MDB" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MDE" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MSC" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MSI" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MSP" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MST" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"MUI" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"OCX" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"PCD" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"PIF" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"PS1" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"REG" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"RLL" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SCF" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SCR" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SCT" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"SHS" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"TMP" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"TSP" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"URL" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VB" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VBE" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VBS" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"VCM" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WLL" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WPC" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WSC" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WSF" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"WSH" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","ExecutableTypes",65544,"XLL" ; Enable all 'SAFER' trust levels ; (https://technet.microsoft.com/en-us/cc766102.aspx) ; 0x00040000: fully trusted (alias unrestricted) ; 0x00020000: normal user (alias basic user) ; 0x00010000: constrained (alias restricted) ; 0x00001000: untrusted ; 0x00000000: disallowed HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","Levels",65537,0x00071000 ; Enable advanced 'SAFER' logging ; NOTE: only 'Administrators' can write to "%SystemRoot%\Debug\SAFER.LOG"! ; If normal users should be able to write a SAFER.LOG, ; use "%SystemRoot%\Debug\UserMode\SAFER.LOG" instead. ; CAUTION: the log file(s) can grow quite large! HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",2,"%10%\Debug\SAFER.LOG" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",2,"%10%\Debug\UserMode\SAFER.LOG" ; Exempt 'Administrators' from 'SAFER' (but KB925336, KB956572 & KB973825) ; 0x00000000: all users ; 0x00000001: all users except 'Administrators' HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","PolicyScope",65537,1 ; Enable 'SAFER' for all executables and DLLs (KB310791 & KB324036, but KB959074 & KB971913) ; 0x00000000: no enforcement ; 0x00000001: all executables except DLLs ; 0x00000002: all executables plus DLLs HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","TransparentEnabled",65537,2 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes",,16 ; Deny execution in all local paths HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","Description",0,"Alle lokalen Pfade" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","ItemData",0,"?:\" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}","SaferFlags",65537,0 ; Deny execution in all UNC paths HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","Description",0,"Alle Netzwerkpfade" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","ItemData",0,"\\" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}","SaferFlags",65537,0 ; Deny execution in "?:\System Volume Information" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","Description",0,"System Volume Information" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","ItemData",0,"?:\System Volume Information" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}","SaferFlags",65537,0 ; Deny execution in 'Recycle Bin' of Windows XP and Windows Server 2003 [R2] ("?:\Recycled" and "?:\Recycler") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","Description",0,"Papierkorb (XP/2003 [R2])" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","ItemData",0,"?:\RECYCLE?" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}","SaferFlags",65537,0 ; Deny execution in 'Recycle Bin' of Windows Vista, Windows Server 2008 and Windows 7 ("?:\$Recycle.Bin") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","Description",0,"Papierkorb (Vista/2008/7)" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","ItemData",0,"?:\$RECYCLE.BIN" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}","SaferFlags",65537,0 ; Deny execution in all user profiles ('Profiles Directory', typically "%SystemDrive%\Documents and Settings") ; (but KB249694) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","Description",0,"Benutzerprofilverzeichnis" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}","SaferFlags",65537,0 ; Deny execution in 'Source Path' (KB833615) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","Description",0,"Installations Quell-Verzeichnis" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}","SaferFlags",65537,0 ; Deny execution in 'Service Pack Source Path' (KB833615) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","Description",0,"Installations Quell-Verzeichnis" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ServicePackSourcePath%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}","SaferFlags",65537,0 ; Deny execution in 'Source Path' (KB833615) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","Description",0,"Installations Quell-Verzeichnis" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SourcePath%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}","SaferFlags",65537,0 ; Deny execution of "%SystemRoot%\System32\RunAs.Exe": ; "%SystemRoot%\System32\RunAs.Exe" /TrustLevel:Unrestricted "" circumvents 'SAFER' restrictions! HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","Description",0,"%SystemRoot%\System32\RunAs.Exe" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/RunAs.Exe" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\Macromed\Flash" (KB913433 & KB923789) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","Description",0,"Macromedia Flash" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Macromed/Flash" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}","SaferFlags",65537,0 ; Deny execution in user-specific 'Download Directory' (typically "%USERPROFILE%\My Documents") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","Description",0,"Internet Explorer 6 Download Directory" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}","SaferFlags",65537,0 ; Deny execution in system-specific 'Temporary Internet Files' (typically "%SystemRoot%\Temporary Internet Files\Content.IE5" or "%DefaultUserProfile%\Local Settings\Temporary Internet Files\Content.IE5") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","Description",0,"Temporary Internet Files" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}","SaferFlags",65537,0 ; Deny execution in 'Cookies' (typically "%USERPROFILE%\Cookies") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","Description",0,"Cookies" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths\Cookies\Directory%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}","SaferFlags",65537,0 ; Deny execution in 'History' (typically "%SystemRoot%\History") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","Description",0,"Verlauf" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\URL History\Directory%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}","SaferFlags",65537,0 ; Deny execution in user-specific "%APPDATA%" (typically "%USERPROFILE%\Application Data") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","Description",0,"%APPDATA%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\APPDATA%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}","SaferFlags",65537,0 ; Deny execution in user-specific "%HOMEDRIVE%%HOMEPATH%" (typically "%USERPROFILE%") (but KB824898) ; NOTE: 'SAFER' fails to evaluate two registry paths in one rule! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","Description",0,"%HOMEDRIVE%%HOMEPATH%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\HOMEDRIVE%%HKEY_CURRENT_USER\Volatile Environment\HOMEPATH%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}","SaferFlags",65537,0 ; Deny execution in user-specific "%LOGONSERVER%" (typically "\\%COMPUTERNAME%") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","Description",0,"%LOGONSERVER%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\LOGONSERVER%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}","SaferFlags",65537,0 ; Deny execution in user-specific "%TEMP%" (typically "%USERPROFILE%\Local Settings\Temp") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","Description",0,"%TEMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","ItemData",131072,"%HKEY_CURRENT_USER\Environment\TEMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}","SaferFlags",65537,0 ; Deny execution in user-specific "%TMP%" (typically "%USERPROFILE%\Local Settings\Temp") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","Description",0,"%TMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","ItemData",131072,"%HKEY_CURRENT_USER\Environment\TMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}","SaferFlags",65537,0 ; Deny execution of user-specific "%UserInitMPRLogonScript%" ; NOTE: "%UserInitMPRLogonScript%" is a command line! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","Description",0,"%UserInitMPRLogonScript%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","ItemData",131072,"%HKEY_CURRENT_USER\Environment\UserInitMPRLogonScript%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F76B4-7E44-A24E-F3FC-1BD1A198E29F}","SaferFlags",65537,0 ; Deny execution in system-specific "%TEMP%" (typically "%SystemRoot%\Temp") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","Description",0,"%TEMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","ItemData",131072,"%HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\TEMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}","SaferFlags",65537,0 ; Deny execution in system-specific "%TMP%" (typically "%SystemRoot%\Temp") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","Description",0,"%TMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","ItemData",131072,"%HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\TMP%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}","SaferFlags",65537,0 ; Deny execution in 'Client Side Cache' (typically "%SystemRoot%\CSC") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","Description",0,"Client Side Cache" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache\DatabaseLocation%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}","SaferFlags",65537,0 ; Deny execution in 'Database Path' (typically "%SystemRoot%\System32\Drivers\Etc") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","Description",0,"Database Path" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","ItemData",131072,"%HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TcpIp\Parameters\DatabasePath%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}","SaferFlags",65537,0 ; Deny execution in 'Default Spool Directory' (typically "%SystemRoot%\System32\Spool\Printers") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","Description",0,"Default Spool Directory" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}","SaferFlags",65537,0 ; Deny execution in 'DLL Cache' (typically "%SystemRoot%\System32\DLLCache") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","Description",0,"DLL Cache" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\SFCDLLCacheDir%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}","SaferFlags",65537,0 ; Deny execution in 'Media Path' (typically "%SystemRoot%\Media") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","Description",0,"Media Path" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MediaPath%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}","SaferFlags",65537,0 ; Deny execution in 'Service Pack Cache Path' (typically "%SystemRoot%\ServicePackFiles\ServicePackCache") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","Description",0,"Service Pack Cache" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}","SaferFlags",65537,0 ; Deny execution in 'WallPaper Directory' (typically "%SystemRoot%\Web\WallPaper") HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","Description",0,"WallPaper Directory" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WallPaperDir%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\CSC" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","Description",0,"%SystemRoot%\CSC" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%CSC" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Debug\UserMode" (KB221833, KB250842 & KB812535, but KB944043) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","Description",0,"%SystemRoot%\Debug\UserMode" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Debug/UserMode" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\Debug\UserMode" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","Description",0,"%SystemRoot%\Debug\UserMode:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Debug/UserMode:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Media" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","Description",0,"%SystemRoot%\Media" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Media" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Offline Web Pages" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","Description",0,"%SystemRoot%\Offline Web Pages" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Offline Web Pages" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\PCHealth\ErrorRep" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","Description",0,"%SystemRoot%\PCHealth\ErrorRep" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%PCHealth/ErrorRep" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Profiles" (KB249694) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","Description",0,"%SystemRoot%\Profiles" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Profiles" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Registration\CRMLog" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","Description",0,"%SystemRoot%\Registration\CRMLog" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Registration/CRMLog" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\Registration\CRMLog" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","Description",0,"%SystemRoot%\Registration\CRMLog:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Registration/CRMLog:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\AppMgmt" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","Description",0,"%SystemRoot%\System32\AppMgmt" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/AppMgmt" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\COM\Dmp" (KB910904) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","Description",0,"%SystemRoot%\System32\COM\Dmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/COM/Dmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\COM\Dmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","Description",0,"%SystemRoot%\System32\COM\Dmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/COM/Dmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\Config" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","Description",0,"%SystemRoot%\System32\Config" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Config" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\DLLCache" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","Description",0,"%SystemRoot%\System32\DLLCache" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/DLLCache" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\Drivers\Etc" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","Description",0,"%SystemRoot%\System32\Drivers\Etc" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Drivers/Etc" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","Description",0,"%SystemRoot%\System32\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","Description",0,"%SystemRoot%\System32\FxsTmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/FxsTmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\Spool\Drivers\Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","Description",0,"%SystemRoot%\System32\Spool\Drivers\Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Drivers/Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\Spool\Drivers\Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","Description",0,"%SystemRoot%\System32\Spool\Drivers\Color:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Drivers/Color:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\System32\Spool\Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","Description",0,"%SystemRoot%\System32\Spool\Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\System32\Spool\Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","Description",0,"%SystemRoot%\System32\Spool\Printers:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/Spool/Printers:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Tasks" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","Description",0,"%SystemRoot%\Tasks" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Tasks" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\Tasks" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","Description",0,"%SystemRoot%\Tasks:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Tasks:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Temp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","Description",0,"%SystemRoot%\Temp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Temp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\Temp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","Description",0,"%SystemRoot%\Temp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Temp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADD2B8-A529-491E-BB39-4F7694557B88}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Temporary Internet Files" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","Description",0,"%SystemRoot%\Temporary Internet Files" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Temporary Internet Files" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE1B00-211E-4076-A064-C0BD8EAFA742}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Tracing" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","Description",0,"%SystemRoot%\Tracing" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Tracing" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AE8F25-7D29-4ABE-A5F3-4E7F99FA5B74}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\Web" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","Description",0,"%SystemRoot%\Web" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%Web" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AF2ED3-7F52-49AA-9970-712A1D8FB8F5}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\$*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","Description",0,"%SystemRoot%\$*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%$*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AFF6A8-CE8A-4BEE-9E2A-032DD8852160}","SaferFlags",65537,0 ; Deny execution in 'Outlook Secure TEMP Folder' (typically "%USERPROFILE%\Local Settings\Temporary Internet Files\OLK*") ; (KB200237, KB249793, KB296115, KB296416, KB305982, KB817878 & KB2638687) ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","Description",0,"Outlook Secure TEMP Folder" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security\OutlookSecureTempFolder%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security\OutlookSecureTempFolder%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security\OutlookSecureTempFolder%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3BE4E-4515-4421-AD12-E3B394D41302}","SaferFlags",65537,0 ; Deny execution in "%USERPROFILE%\Local Settings\Temporary Internet Files\OLK*" (original, but SUPERFLUOUS rule) ; (KB324036) ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","Description",0,"%USERPROFILE%\Local Settings\Temporary Internet Files\OLK*" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","ItemData",131072,"%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{DDA3F824-D8CB-441B-834D-BE2EFD2C1A33}","SaferFlags",65537,0 ; Deny execution in 'My Computer' zone HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}","ItemData",65537,0 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE30-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0 ; Deny execution in 'Intranet' zone HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}","ItemData",65537,1 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE31-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0 ; Deny execution in 'Trusted Sites' zone HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}","ItemData",65537,2 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE32-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0 ; Deny execution in 'Internet' zone HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}","ItemData",65537,3 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE33-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0 ; Deny execution in 'Restricted Sites' zone HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}","ItemData",65537,4 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\URLZones\{643ADE34-2030-45AA-B54D-6C407941D825}","SaferFlags",65537,0 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\URLZones",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\URLZones",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\URLZones",,16 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes",,16 ; Allow execution in "%SystemRoot%" (original rule) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","Description",0,"%SystemRoot%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{191CD7FA-F240-4A17-8986-94D480A6C8CA}","SaferFlags",65537,0 ; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FLASH*.OCX" ; NOTE: activate if needed! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","Description",0,"Macromedia Flash ActiveX" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerActiveX\PlayerPath%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27441730-1F91-42E8-9E0A-6CAED1A08DC3}","SaferFlags",65537,0 ; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FlashUtil*_ActiveX.exe" ; NOTE: activate if needed! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","Description",0,"Macromedia Flash ActiveX Utility" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerActiveX\UninstallerPath%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744273C-4611-4EF9-9A01-8803FC96B6E9}","SaferFlags",65537,0 ; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\NPSWF32_*.DLL" ; NOTE: activate if needed! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","Description",0,"Macromedia Flash Plugin" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPlugin\PlayerPath%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{27446A02-A7EF-4D81-AB1D-54FE34AE8610}","SaferFlags",65537,0 ; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FlashUtil*_Plugin.exe" ; NOTE: activate if needed! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","Description",0,"Macromedia Flash Plugin Utility" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPlugin\UninstallerPath%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744888B-9F39-442E-89B3-73C1DF10F702}","SaferFlags",65537,0 ; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\PepFlashPlayer32_*.dll" ; NOTE: activate if needed! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","Description",0,"Macromedia Flash Pepper" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPepper\PlayerPath%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744A5FD-36B8-45E0-97E5-8C9C65085E50}","SaferFlags",65537,0 ; Allow execution of (current) "%SystemRoot%\System32\Macromed\Flash\FlashUtil*_Pepper.exe" ; NOTE: activate if needed! ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","Description",0,"Macromedia Flash Pepper Utility" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerPepper\UninstallerPath%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","LastModified",720897,10,c3,8a,19,c6,e3,c5,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{2744AB19-8B62-41C6-A7BF-F15AC163D749}","SaferFlags",65537,0 ; Allow execution of file name extension '.EXE' in "%SystemRoot%" (original, but SUPERFLUOUS rule) ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","Description",0,"%SystemRoot%\*.EXE" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.EXE" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{7272EDFB-AF9F-4DDF-B65B-E4282F2DEEFC}","SaferFlags",65537,0 ; Allow execution of file name extension '.EXE' in "%SystemRoot%\System32" (original, but SUPERFLUOUS rule) ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","Description",0,"%SystemRoot%\System32\*.EXE" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32/*.EXE" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{8868B733-4B3A-48F8-9136-AA6D05D4FC83}","SaferFlags",65537,0 ; Allow execution of "%APPDATA%\Microsoft\Virtual PC\VPCKeyboard.dll" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","Description",0,"Microsoft Virtual PC 2007" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","ItemData",131072,"%HKEY_CURRENT_USER\Volatile Environment\APPDATA%Microsoft/Virtual PC/VPCKeyboard.dll" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","LastModified",720897,4d,38,99,dd,2c,90,cd,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92E2FB-6671-4BBC-8EA9-9B7482F5919A}","SaferFlags",65537,0 ; Allow execution in "%ProgramFiles%" (original rule) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","Description",0,"%ProgramFiles%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C34AB2-529A-46B2-B293-FC853FCE72EA}","SaferFlags",65537,0 ; Allow execution in "%CommonProgramFiles%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","Description",0,"%CommonProgramFiles%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{D2C37D40-EA2D-11DC-8F61-0004760DFF53}","SaferFlags",65537,0 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\URLZones",,16 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\LevelObjects",,16 HKLM,"SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup","Software Restriction Policies",65536,"%SystemRoot%\Debug\Safer.Log" ; Set default location of 'Database Path' ;HKLM,"SYSTEM\CurrentControlSet\Services\TcpIp\Parameters","DatabasePath",131074,"%SystemRoot%\System32\Drivers\Etc" [Install.AddReg.x86] ; Append 'SAFER' settings and rules to 'REGISTRY.POL' ; CAUTION: unless all 'SAFER' settings and rules are removed from 'REGISTRY.POL', 'SRP2LGPO.EXE' may only be run once! ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Softwarebeschränkungsrichtlinien",0,"""%01%\I386\SRP2LGPO.EXE"" /Machine" ; Allow execution of "%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY" (KB891664, KB920075, KB925705 & KB929642, but KB936621) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","Description",0,"%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\DataPath%INDIVBOX.KEY" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","LastModified",720897,4d,38,99,dd,2c,90,cd,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","SaferFlags",65537,0 [Install.AddReg.ia64] ; CAUTION: command lines in 'Run', 'RunOnce', 'RunOnce\Setup' and 'RunOnceEx' are limited to 260 characters! HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB942589",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/942589" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB976039",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/976039" ; Append 'SAFER' settings and rules to 'REGISTRY.POL' ; CAUTION: unless all 'SAFER' settings and rules are removed from 'REGISTRY.POL', 'SRP2LGPO.EXE' may only be run once! ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Softwarebeschränkungsrichtlinien",0,"""%01%\IA64\SRP2LGPO.EXE"" /Machine" [Install.AddReg.amd64] ; Add missing registry entries (KB976039) ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","CommonW6432Dir",2,"%16427%" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramW6432Dir",2,"%16422%" ; CAUTION: command lines in 'Run', 'RunOnce', 'RunOnce\Setup' and 'RunOnceEx' are limited to 260 characters! HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB942589",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/942589" ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","KB976039",0,"%11%\RUNDLL32.EXE %11%\URL.DLL,OpenURL https://support.microsoft.com/kb/976039" ; Append 'SAFER' settings and rules to 'REGISTRY.POL' ; CAUTION: unless all 'SAFER' settings and rules are removed from 'REGISTRY.POL', 'SRP2LGPO.EXE' may only be run once! ;HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Softwarebeschränkungsrichtlinien",0,"""%01%\AMD64\SRP2LGPO.EXE"" /Machine" ; Deny execution of "%SystemRoot%\SysNative\RunAs.Exe": ; "%SystemRoot%\SysNative\RunAs.Exe" /TrustLevel:Unrestricted "" circumvents 'SAFER' restrictions! ; (KB942589) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","Description",0,"%SystemRoot%\SysNative\RunAs.Exe" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/RunAs.Exe" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{10011479-708B-41F7-A992-CF1FD376BBB7}","SaferFlags",65537,0 ; Deny execution of "%SystemRoot%\SysWoW64\RunAs.Exe": ; "%SystemRoot%\SysWoW64\RunAs.Exe" /TrustLevel:Unrestricted "" circumvents 'SAFER' restrictions! HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","Description",0,"%SystemRoot%\SysWoW64\RunAs.Exe" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysWoW64/RunAs.Exe" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001DEEE-128A-4A4D-A684-2C7035340E4B}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\SysNative\COM\Dmp" (KB910904) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","Description",0,"%SystemRoot%\SysNative\COM\Dmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/COM/Dmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC1CC0-9FF7-4D8D-876C-948707693763}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\COM\Dmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","Description",0,"%SystemRoot%\SysNative\COM\Dmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/COM/Dmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AC2154-25AA-4993-9290-6609A76C03F1}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\SysNative\FxsTmp" (KB942589) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","Description",0,"%SystemRoot%\SysNative\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA63F-AC8E-4EFF-9F6A-15BBE60F1402}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","Description",0,"%SystemRoot%\SysNative\FxsTmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/FxsTmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACA930-BC79-4A8F-B118-C540259C08EC}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\SysNative\Spool\Drivers\Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","Description",0,"%SystemRoot%\SysNative\Spool\Drivers\Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Drivers/Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB4E9-42DB-48D9-B0ED-FD7352942E0D}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\Spool\Drivers\Color" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","Description",0,"%SystemRoot%\SysNative\Spool\Drivers\Color:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Drivers/Color:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACB7C1-0CF7-4F05-806F-2A30D4C8ABFD}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\SysNative\Spool\Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","Description",0,"%SystemRoot%\SysNative\Spool\Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBB4C-267E-4158-99E3-096F6BC91C94}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\SysNative\Spool\Printers" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","Description",0,"%SystemRoot%\SysNative\Spool\Printers:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysNative/Spool/Printers:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ACBEE8-F68F-4D58-8F36-CA5DC15D0969}","SaferFlags",65537,0 ; Deny execution in "%SystemRoot%\SysWoW64\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","Description",0,"%SystemRoot%\SysWoW64\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysWoW64/FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD3418-5BF7-4C2B-AEAF-711D6F9914E0}","SaferFlags",65537,0 ; Deny execution from 'alternate data streams' of "%SystemRoot%\SysWoW64\FxsTmp" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","Description",0,"%SystemRoot%\SysWoW64\FxsTmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%SysWoW64/FxsTmp:*" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","LastModified",720897,c0,14,54,6e,8d,f9,c5,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADA7B0-96EE-46A2-8BE4-ED0A088DAE7C}","SaferFlags",65537,0 ; Allow execution of "%ALLUSERSPROFILE%\DRM\INDIVBOX_64.KEY" (KB891664 & KB925705) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","Description",0,"%ALLUSERSPROFILE%\DRM\INDIVBOX_64.KEY" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Microsoft\DRM\DataPath%INDIVBOX_64.KEY" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","LastModified",720897,4d,38,99,dd,2c,90,cd,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92BA3F-3825-4363-B379-9165FB19A669}","SaferFlags",65537,0 ; Allow execution of "%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY" (KB891664 & KB925705) HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","Description",0,"%ALLUSERSPROFILE%\DRM\INDIVBOX.KEY" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Microsoft\DRM\DataPath%INDIVBOX.KEY" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","LastModified",720897,4d,38,99,dd,2c,90,cd,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{9B92F738-8C61-4CD1-B0A5-7C8A013EA1C9}","SaferFlags",65537,0 ; Allow execution in "%ProgramFiles(x86)%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","Description",0,"%ProgramFiles(x86)%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77CC673-3BA3-427D-C9DE-76D54F6DC97E}","SaferFlags",65537,0 ; Allow execution in "%ProgramW6432%" (KB976039) ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","Description",0,"%ProgramW6432%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77ECE93-AA72-4E53-AB00-28F5544813A1}","SaferFlags",65537,0 ; Allow execution in "%CommonProgramFiles(x86)%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","Description",0,"%CommonProgramFiles(x86)%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)%" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F1D47-1FE1-4E7A-869C-57659099E912}","SaferFlags",65537,0 ; Allow execution in "%CommonProgramW6432%" (KB976039) ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","Description",0,"%CommonProgramW6432%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","ItemData",131072,"%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir%" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","LastModified",720897,f0,8f,aa,44,f3,f8,c6,01 ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths\{C77F51FE-2F84-4CA1-81BC-2C815CD746BD}","SaferFlags",65537,0 [Remove.DelReg] HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSKamation.Safer" HKLM,"SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer","AuthentiCodeFlags",65537,0x00000300 ; Disable advanced 'SAFER' logging HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",0,"%10%\Debug\SAFER.LOG" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers","LogFileName",0,"%10%\Debug\UserMode\SAFER.LOG" ; Remove all 'Disallowed' path rules ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B92F9B-EE8C-41D5-9AA1-B33D35DB49FB}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B97DA0-641E-474E-BDCC-3F2294507AC3}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9A46A-64A1-4BE5-A896-6E0B4B1C502C}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9D2EC-FB61-4161-1341-3DBEF03AF18E}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00B9DFE4-ED08-4328-B355-4BC63D6267B2}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{06FF09C1-AEEF-4E0A-A840-3F3C110084A0}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07001879-0CB3-4582-833B-30BA6E02B5F6}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{07008AFD-08AD-420B-902F-AEBDD18D6E9A}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{0700FE0B-4DCD-4C40-B036-6B4A17DE03C6}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{1001AAF1-749F-49F4-8010-297BD6CA33A0}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742F840-C2D8-4EB3-A486-0A9D0879F29F}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302A43F2-5520-45AE-9C94-6E1746EBB9CE}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C15CF-2B80-499C-8455-A8DDA1796135}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302C7E56-0D5E-41D1-B339-BD7DE5D8007C}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{302CBB7F-6FC0-4168-BF9C-D4A09C7176B9}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{303704A1-D0DF-49BD-B6FF-ED5DA2554B1F}" ;HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{00000000-0000-0000-0000-000000000000}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{3037894E-0F8C-4D45-B150-808A45BF9588}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F5714-ACF8-453F-8F22-C416194B5017}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305F700A-572A-4E7C-9BBD-DD9452121B35}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FA64D-7F05-4FAE-8CBB-9DE4ABB6ED85}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{305FC3ED-BB45-4C6E-9104-3304A8C99DE4}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A17B92-870D-4C5E-996D-AF7E7A895C1A}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A22018-BB70-49D5-BD64-AF3749E82281}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A2CBA7-6952-4E63-AD95-89F1397A0091}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A3B88F-B6E3-4131-B746-903E215FB071}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A411ED-1C0F-48C1-90E5-6D3A1CA054C1}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5B05B-A031-4282-9451-7FD35BE61A66}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A5CC62-EC54-4299-85FC-BA05C181ED55}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A69B6C-8792-426D-89AB-CE11B1DB3017}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7A8FE-7835-4006-AA0F-7A17F2D750BC}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A7E59F-3A86-4BF6-9174-9FBFE0E66195}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8C62E-75B6-4447-B54F-B351757BF34E}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF3D-0380-4469-82EB-C745F1907081}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8CF4A-8B17-48DD-A0E7-D30DDF0B9073}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8D05E-955A-4F58-8F38-F8AE845A7CB0}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A8F941-D7CB-4042-8C04-AAA87ADB8FC2}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A90615-4ABE-4937-879C-47C19F107CC8}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A919D4-AF0E-44F1-A205-414D8F39E12B}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A945C6-411A-4C85-9C98-1A196616BCC9}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A958A9-54CF-4336-8123-D7FB74D5CD06}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7A98E1D-1577-134F-9B9C-75278D6318EB}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AA4CFF-DAF2-4649-8D74-8CFF1F50FDF8}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAB6D7-0010-4BA1-9AD1-A440202167D3}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AAFAC1-17A0-4834-A55C-7B9FCEBEB4FB}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3254-7E0F-4213-8F86-749F5EDAEDA4}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB3EA3-E425-40B2-B4F5-8163DE60B306}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB4C34-83EF-4AAD-A1B9-12F7AA18487B}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AB5787-EB67-4727-8DE8-CEC6106EA3F6}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ABA2A7-2D33-42A9-AC8B-A5FEDE1DF6FA}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E28-11F1-4DFC-9A4B-8C5DCCE49AD4}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7AD2E44-65DA-4361-817E-90D80F1CF631}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{C7ADC554-00AF-4BDE-A192-FF2914E2653F}" HKLM,"SOFTWARE\Policies\Microsoft\Windows\Safer\