I implemented a software restriction policy to protect against cryptolocker and it has worked relatively painlessly up until recently. Now all of the sudden my specific path rules are being overridden by wildcard path rules, which is the opposite of how SRP is supposed to work.
According to technet "When there are multiple matching path rules, the most specific matching rule takes precedence."
My specific problem is:
Rule 1) %AppData%\Local\thinkorswim\thinkorswim.exe Unrestricted
Rule 2) %AppData%\Local\*\*.exe Disallowed
Net result: Access to C:\Users\
Does anyone see what I'm doing wrong or know the fix?
