You know there are many software that put software filter management in windows computer, that restrict user to run malicious content. and not all are free.
But probably there only a few know that windows has its own software filtering tool.
Yes it is inside the group policy, here’s how:
the enforcement is for selecting whether only executable only or including the library and whether it is all user or all user except the administrator.
the designed file types, you can edit what file types to be filtered.
trusted publishers is who can appoint trusted publishers.
new certificate rule is for adding rule for certain certificate.
new hash rule is for adding rule for certain executable file.
new internet zone rule is for adding rule for certain internet zone group.
new path rule is for adding rule for certain folder.
so obviously, for local software running policy, you most probably used more of the 2nd and 4th new rules.
add disallowed for restrict the software or unrestricted for it to be allowed to run.
use the opposite additional rules with the default security level, for more efficient ruling.
that’s it, simple isn’t it?