You got a virusscanner and maybe also some other mitigation tools to protect your or company computers, but still viruses and malware can get thru into the system. Here is a method to create an extra layer of defense for your systems. We’ll be using Software Restriction Policies that can be found in the Local Security Policy for standalone PC’s or in the Group Policy Management for domain joined systems. We will be gonna use this for blocking executables from %APPDATA% and %USERPROFILE% directories, but also from compressed archives that can be mailed with an executable…