Every Windows user installs an Antivirus to safeguard their computers. Still, it is not enough to protect your computer, and you should take more precautions to defend your computers from online malware threats. You can make your PC security more robust by blocking EXE files from some vulnerable folders such as Temp, AppData, etc.
Also Read: How to add a folder to Microsoft Defender Controlled folder access in Windows 11?
Despite all proper countermeasures, there’s still a chance of getting infected. For example, if malware manages to enter your system by exploiting one of the various temporary folders that are provided by your OS to install new applications, unzipping compressed archives, storing temp data, etc.
“C:\Windows\Temp” works like a launchpad for viruses and malware. Apart from that, other risky folders are the following:-
- %USERPROFILE%\AppData\Local\ and all its subfolders.
- %USERPROFILE%\AppData\Roaming\ and all its subfolders.
Since all these folders are meant for storage and not for executables to run, finding a way to prevent potentially harmful .exe files from running from them would be an excellent extra layer of defense.
In this gearupwindows article, we will guide you through the steps on how to block .exe files from running on Windows client or Windows Server by applying Software Restriction Policies.
How to Block EXE Files in Vulnerable Folders from Running in Windows 11 or 10?
To block running EXE files from vulnerable folders on Windows 11 or 10, use the following steps:-
Step 2. When the Local Group Policy Editor window appears on your PC, browse to the following path in the left side pane:-
Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies
Step 3. Right-click on the
Step 4. When you’re done, Windows will create some new subfolders. Right-click on the
Step 5. In the “New Path Rule” window that appears, enter the path of the executable file that you want to stop from running. Ensure to put the *.exe at the end to block only executable files.
Step 6. Click
Step 7. Click
We suggest you to block block the following:-
Once done, this will block most potentially unsafe executables from running on your computer, including those coming from archive attachments opened using the Windows built-in zip support.
For some reason, if you want to allow a .exe file from the blocked folder, create a “New Path Rule” by selecting the