I provide support to a number of clients who use windows server boxes and all have some sort of active directory and the ability to apply group policy. I've recently been trying to implement applocker to lock down executables and where they can run from. I noticed that the default rules created by applocker only apply to .exe files. A .msi I tested running is excluded and can run.
The packages that deliver the ransomware codes, do they come in forms other than .exe? Is there a list somewhere I can reference so I can try and cover as many variables in the applocker setup?