Use case 2: Restrict loading a DLL

Scenario: You want to specify that DLLs may only be loaded from certain directories.

In this specific case, you want to prevent Windows Media Player from loading DLLs from network drives.

Proceed as shown in the figure:

1. Create an application permission where you define that the Windows Media Player application wmp.exe may only load DLLs from \\*\*\DLL4WMP\ .

   

2. Select the following options on the Action tab:

   

   • Select Allow as the action and check Block access to other targets to ensure that the DLL is only allowed to be loaded from the specified target.
   • Select Generate audit events when access is allowed.

Note that rules with 'Allow' have priority over 'Block'!