Use case 2: Restrict loading a DLL

Scenario: You want to specify that DLLs may only be loaded from certain directories.

In this specific case, you want to prevent Windows Media Player from loading DLLs from network drives.

Proceed as shown in the figure:

1. Create an application permission where you define that the Windows Media Player application wmp.exe may only load DLLs from \\*\*\DLL4WMP\ .

   

2. Select the following options on the Action tab:

   

   • Select Do not block and check Block access to other targets to ensure that the DLL can only be loaded from the specified target.
   • Select Generate audit events when access is allowed.

Please note that rules with 'Do not block' (i.e. allow) have priority over 'Block'!