We have an application consisting of a number of executables, spawned from a main menu executable. Each of our individual executables use a significant number of DLLs. All of our executables and DLLs are built using Visual Studio 2010.
When AppLocker is enabled via Group Policy on a test domain containing only a single VM with our software installed, load times increase dramatically.
We can see using Process Monitor (procmon.exe) that, as each DLL is loaded, an enumeration of the files in the %WINDIR%\System32\catroot folder occurs. This enumeration takes a significant amount of time to run, is run for each DLL in the executable load-chain, and is only ever seen when AppLocker is enabled.
All default AppLocker rules are set/enforced for Executables and DLL Rules. And have exceptions for %SYSTEM32%\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\*.
Are there any other AppLocker rules, windows settings, or visual studio project setting which can reduce or remove the impact this directory query is having on our load time?
Thanks!
Have managed to resolve the matter by creating a self signed certificate and assigning against all DLLs.