I have ADC configured as follows:
ADC exception to allow svc host to create, delete or write exe or dll files:
And AC8-1.1 - as shown above:
AC8-3.1 is as follows to prevent creating, writing and deleting .exe and .dll files for all other applications; which is what should stop Chrome writing exe files when downloading applications - it's this that isn't working properly for Chrome (works for IE and Firefox though!)...
And the corresponding actions:
I can successfully implement a rule that stops Chrome launching; but this isn't what I want - it needs to stop Chrome writing exe files / launching downloaded exe files (i.e. launching subprocesses - though Task Manager doesn't list downloaded executables as subprocesses of Chrome; so Chrome also shouldn't be able to launch processes in general)...