AppLocker causes extremely slow load-times

1.5k Views Asked by At

We have an application consisting of a number of executables, spawned from a main menu executable. Each of our individual executables use a significant number of DLLs. All of our executables and DLLs are built using Visual Studio 2010.

When AppLocker is enabled via Group Policy on a test domain containing only a single VM with our software installed, load times increase dramatically.

We can see using Process Monitor (procmon.exe) that, as each DLL is loaded, an enumeration of the files in the %WINDIR%\System32\catroot folder occurs. This enumeration takes a significant amount of time to run, is run for each DLL in the executable load-chain, and is only ever seen when AppLocker is enabled.

All default AppLocker rules are set/enforced for Executables and DLL Rules. And have exceptions for %SYSTEM32%\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\*.

Are there any other AppLocker rules, windows settings, or visual studio project setting which can reduce or remove the impact this directory query is having on our load time?

Thanks!

1

There are 1 best solutions below

0
On

Have managed to resolve the matter by creating a self signed certificate and assigning against all DLLs.