Name	Type	Security Level	Description	
%ALLUSERSPROFILE%\*\*.exe	Path	Disallowed	Ransomware	
%APPDATA%\*.exe	Path	Disallowed	Ransomware	
%APPDATA%\Microsoft\*.exe	Path	Disallowed	Ransomware - GANDCRAB	
%APPDATA%\Microsoft\*\*.exe	Path	Disallowed	Ransomware - GANDCRAB	
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*	Path	Disallowed	All files from startup folder – Prevent RDP clipboard attacks - Mole-RAT	
%APPDATA%\Roaming\*\*.exe	Path	Disallowed	Trojan AZORult	
%HOMEPATH%\Desktop\*.wsf	Path	Disallowed	Ransomware - JAFF	
%LOCALAPPDATA%\*.hta	Path	Disallowed	Ransomware - BTCWARE
%LOCALAPPDATA%\*\*.exe	Path	Disallowed	Emotet - Can be problematic	
%LOCALAPPDATA%\Temp\*.db	Path	Disallowed	Ransomware - NEMUCODAES	
%LOCALAPPDATA%\Temp\*.dll	Path	Disallowed	Ransomware - NEMUCODAES  - Random	
%LOCALAPPDATA%\Temp\*.exe	Path	Disallowed	Ransomware - Random	
%LOCALAPPDATA%\Temp\*.hta	Path	Disallowed	Ransomware - BTCWARE	
%LOCALAPPDATA%\Temp\*.php	Path	Disallowed	Ransomware - NEMUCODAES	
%OneDrive%\*.exe	Path	Disallowed	Ransomware - Random	
%PROGRAMDATA%\MicroSoftTMP\system32\*.exe	Path	Disallowed	Ransomware - CRYPTOSHIELD	
%PUBLIC%\*.exe	Path	Disallowed	Ransomware - Random - Ryuk	
%SystemDrive%\*.exe	Path	Disallowed	Ransomware - Random - Ryuk	
%SystemDrive%\share\*.exe	Path	Disallowed	Ransomware - Ryuk.b	
%SystemRoot%\*.dat	Path	Disallowed	Ransomware - NYETYA - Bad Rabbit
%SystemRoot%\dispci.exe	Path	Disallowed	Ransomware - Bad Rabbit	
%TEMP%\*.exe	Path	Disallowed	Ransomware - Random	
%TEMP%\*\*.exe	Path	Disallowed	Ransomware - Random	
%USERPROFILE%\*.exe	Path	Disallowed	Emotet	
%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache\*.exe	Path	Disallowed	Temporary Internet Files - Random	
%UserProfile%\Desktop\*.exe	Path	Disallowed	AgentTesla - Emotet - Ransomware	
%WINDIR%\mssecsvc.exe	Path	Disallowed	Ransomware - WannaCry	
%WINDIR%\tasksche.exe	Path	Disallowed	Ransomware - WannaCry