# SRP blocking all exe in a folder is not applied to sublfolders

### Question

• Hello,
Following the Technet documentation saying about path rules :
"A path rule can specify a folder or fully qualified path to a program. When a path rule specifies a folder, it matches any program contained in that folder and any programs contained in subfolders. Software restriction policies support local and Uniform Naming Convention (UNC) paths." (https://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx) or
"A path rule can specify a folder or fully qualified path to a program. When a path rule specifies a folder, it matches any program contained in that folder and any programs contained in subfolders. Both local and UNC paths are supported." (https://technet.microsoft.com/en-us/library/bb457006.aspx),
we have create a path rule disallowing c:\aa\*.exe

The problem is when applying this policy, an exe file located in c:\aa\bb\ can be executed.
To disallow that we have to had another path rule specifying c:\aa\bb\*.exe

But again, in subfolders you are allowed to execute any exe file.

Are we doing something wrong or is the documentation on technet wrong ?

Marc

Monday, January 11, 2016 1:54 PM

• > we have create a path rule disallowing c:\aa\*.exe

This is not a folder, but a file. Omit the "\*.exe" part.

Monday, January 11, 2016 4:16 PM

### All replies

• > we have create a path rule disallowing c:\aa\*.exe

This is not a folder, but a file. Omit the "\*.exe" part.

Monday, January 11, 2016 4:16 PM
• Oh, ok.
So if I only wanted to block exe but, let's say allow the mdb extension, in a folder and its subfolders, I would have to configure a path rule (only the folder path, no *.mdb extension) and then configure the Designated File Types (removing the mdb extension from the list).

Thank you very much, I hadn't understood like this at first :-)

Marc

Tuesday, January 12, 2016 7:46 AM