Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. "Rules cannot be created for the following files" error message in AppLocker when you try to select certain files

"Rules cannot be created for the following files" error message in AppLocker when you try to select certain files

View products that this article applies to.

Symptoms

When you try to use AppLocker, the AppLocker rule wizard GUI does not let you select a file that has a file name extension other than any of the following:
  • Executable files (.exe,.com)
  • Scripts (.js, .ps1, .vbs, .cmd, .bat)
  • Windows Installer files (.msi, .msp)
  • DLL files (.dll, .ocx)
For any file that has a file name extension that is not included on this list, if you try to use the new-applockerpolicy AppLocker Windows PowerShell cmdlet to create a file path rule, you receive the following error message:

Rules cannot be created for the following files: <filename>
Note Files that have file name extensions other than those that are on this list are blocked by AppLocker if there are no ALLOW rules to enable these files to run. For example, Windows PowerShell .psm1 script files and Adobe .aip files are blocked.

↑ Back to the top

Cause

This behavior occurs because AppLocker checks the file header information and not the file name extension during policy checking. For example, .psm1 files are treated as scripts, and .aip files are treated as DLLs. This behavior is by design.

Applocker tools currently do not let you manage individual files that have a file name extension other than those that are listed in the "Symptoms" section.

↑ Back to the top

Workaround

To work around this behavior, create ALLOW rules that are based on the folder location of these files.

Note You can directly type the full file path in the AppLocker wizard. However, we do not recommended that you do this. If you create individual rules for each file, the large number of rules that results can adversely affect the performance of Windows.

↑ Back to the top

Status

This behavior is by design.

↑ Back to the top

More Information

For more information about how to create rules in AppLocker, see the following Microsoft TechNet topic:

What Is AppLocker?
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top

Keywords: kb, kbexpertiseadvanced, kbsurveynew, kbtshoot

↑ Back to the top

Article Info
Article ID : 3008790
Revision : 1
Created on : 1/7/2017
Published on : 10/24/2014
Exists online : False
Views : 375