Hey guys, we have been working on tweaking ShadowPapa's Application Control Polices so we can have complete control of the user's profile folders. I have had a lot of success with making exceptions in the DLL and EXE Conditions however when we specify processes to exclude from the condition it does not seem to work. For example we have specificied EXCEL 2007 to be excluded from the Entire Block policy however it does not exlcude it and continues to block Excel gaining access to the profile locations. (This is happening with several .EXE files that we want to exclude) Also in Shadow's policy he has one set of Rules for the Allow Access and one set of rules that control the block. So... there are 2 places that you can indicate do not block this particular process. I have attached several screenshots that should give more insight. Bascially moving forward I need to understand where I Should be making PROCESS exceptions in this policy because we want to turn the policy into production mode soon because it is going to help big time. Any Insight on where I should be making the process Exceptions would be very helpful.