Ask a new question

applocker exe rule on enforcement mode turn freezing windows menu and search bar - win 10

I have windows 10 machine , created applocker exe rule targeted to c drive %OSDRIVE%\* (i have only this drive).
while creating tis policy made exception to c:\Windows\* to function all windows component and added publisher exception to all Microsoft related exe and some of my personal exe which does have signature on it which is running seamlessly.

All this working as expected but when i turned to Enforcement mode and restarted windows key and search bar on the task bar seems like freeze .

when checked system logs i can see Unable to start DCOM server:Microsoft.Windows.SHellExperienceHost_***

Any solution to this much appreciated.

* Changed to a question

|

Hello MJ_383

Welcome to the Microsoft Community.

 

The issue arises because AppLocker is blocking the ShellExperienceHost component, crucial for the Start menu and search functionality. Here's how to resolve it:

  1. Add Exception for WindowsApps Folder:

    • Path Rule: Create a new AppLocker rule allowing executables in C:\Program Files\WindowsApps\*. This folder contains UWP apps like ShellExperienceHost.

      • Use the Path condition: %PROGRAMFILES%\WindowsApps\* (ensure proper permissions to access this directory).

  2. Allow SystemApps Directory:

    • Confirm that C:\Windows\SystemApps\* is covered under your existing C:\Windows\* exception. If not, explicitly add it.

  3. Check DLL Rules:

    • Ensure AppLocker DLL rules (if enabled) allow Microsoft-signed DLLs. Use a Publisher rule for Microsoft-signed files.

  4. Verify Event Viewer Logs:

    • Check AppLocker logs (Event Viewer > Applications and Services Logs > Microsoft > Windows > AppLocker) for blocked entries related to:

      • ShellExperienceHost.exe

      • RuntimeBroker.exe

      • SearchUI.exe

  5. Enable Default AppLocker Rules:

    • Ensure the built-in Windows default rules for executables are enabled (e.g., allow %WINDIR%\* and %PROGRAMFILES%\*).

  6. Test with Audit Mode:

    • Temporarily switch AppLocker to Audit Mode to log what would be blocked without enforcement. Adjust rules based on these logs.

Post-Fix Steps:

  • Restart the machine after updating rules.

  • Verify the Start menu/search functionality and check DCOM errors in Event Viewer.

This addresses the blocked ShellExperienceHost component by ensuring its UWP package location is permitted. If you need any further assistance, please let us know and we will provide more advice!

Best Regards,

William.Y | Microsoft Community Support Specialist

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated April 20, 2025 Views 42 Applies to: