After following the "How to create an Application Whitelist Policy in Windows" guide by Lawrence Abrams, using Windows Software Restriction Policies (SECPOL SRP).
On my Win10 system, in "Additional Rules", there were 2 pre-defined path rules, which were the ENV VARs for SystemRoot and ProgramFilesDir, as expected, and I added a 3rd path rule: "C:\Program Files (x86)" as recommended and eventually a 4th path rule: "c:\Users\myname\AppData\Roaming\Dashlane" in order for Dashlane to work properly.
But then I noticed that the sys-tray commands HIDE / OPEN Malwarebytes did not work when the Application Whitelist was in effect.
Do I need to add another path rule so that MBAM 3.0 will work normally?
Also noticed that MBAM always shows a start up toast notification warning "One or more Real-Time Protection layers are turned off.", if TinyWall is in normal mode. It doesn't happen when TinyWall is in AutoLearn mode. And after AutoLearn, it does not help TinyWall allow MB3 to start without the warning. I might just uninstall TinyWall.
Edited by gluino, 30 December 2016 - 03:35 AM.