I have a software restriction policy that prevents users from running a proxy client application that some users have downloaded. I have configured it correctly as a Path Rule but the users are renaming the file and getting around the policy. Is there another way?


Yes there is. Instead of a Path Rule you can create a Hash rule. A hash rule takes a fingerprint of the application executable which means that no matter how many times the name of the file is changed; the rule restriction is still enforced. Jeremy discusses software restrictions in Chapter 8 in his book. (Third edition, with the gear cover.)