Hello,
I'm new to implementing AppLocker. I do have it running with the default 'allow all' exe, packages, and installers. I can block packages like the "Network Speed Test" app that comes with Win10, and Valve/Steam applications. Those all seem to be working fine and appear in the eventviewer. However...
Next, I want to block a program from running as a service, for example the Chrome Remote Desktop service which gets installed as a service and has this path to executable in my computer:
"C:\Program Files (x86)\Google\Chrome Remote Desktop\76.0.3809.21\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
So I go into my group policy and add a new EXE rule and deny the above remoteing_host.exe, even tried to make it more generic by not allowing the publisher. I do a GPUPDATE /FORCE. Then I see the service is still running. Try to restart the service and it stops/starts fine.
Why isn't it blocked from running? I dont even see it being logged in the event viewer as being allowed (or blocked) to run. Any tips on how to block the service?