Now, every Windows user installs an Antivirus to safeguard their computers. However, it is not enough to protect your computer. And it would be best if you took more precautions to defend your computers from online malware threats. But, you can make your PC security more robust by blocking EXE files from some vulnerable folders such as Temp, AppData, etc.
Despite all proper means, there’s still a chance of getting infected. For example, if malware manages to enter your system by exploiting one of the various temporary folders. Your OS provides that to install new applications, unzip compressed archives, store temp data, etc.
“C:\Windows\Temp” works like a launchpad for viruses and malware. Other risky folders are the following:-
- %USERPROFILE%\AppData\Local\ and all its subfolders.
- %USERPROFILE%\AppData\Roaming\ and all its subfolders.
Already all these folders are meant for storage and not for executables to run. Finding a way to prevent potentially harmful .exe files from running from them would be an excellent extra layer of defense.
We will guide you through blocking .exe files from running on Windows client or Windows Server by applying Software Restriction Policies in this risewindows article.
How to Block EXE Files in Vulnerable Folders from Running in Windows 11 or 10?
To block running EXE files from vulnerable folders on Windows 11 or 10, do the following:-
Step 1. At first, open Local Group Policy Editor (Windows 11/10 Home editors will need to enable gpedit.msc on their computer).
Step 2. Now, when the Local Group Policy Editor window appears on your PC, so browse to the following path in the left side pane:-
Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies
Step 3. Then, right-click on the
Step 4. After that, Windows will create some new subfolders when you’re done. Right-click on the
Step 5. Next, in the “New Path Rule” window that appears, enter the path of the executable file that you want to stop from running. Ensure to put the *.exe at the end to block only executable files.
We suggest you to block block the following:-