Hi Corey,

As far as I can tell, there aren't any default ASP.NET rules available. But I came across the same issue, so here is my solution:

- Create these 4 File Sets

"ASP.NET Framework Config Files"

Directories matching: @windows\Microsoft.NET\Framework\*\config\*

Files matching:

"ASP.NET Framework Temp DLL Files"

Directories matching: @windows\Microsoft.NET\Framework\*\Temporary ASP.NET\**

Files matching: *.DLL

"ASP.NET Framework Executables"

Directories matching: @windows\Microsoft.NET\Framework\**

Files matching: *.exe

"Windows Temp Files"

Directories matching: @windows\Temp\**

Files matching:

- Create this Application Class

"ASP.NET Framework"

$ASP.NET Framework Executables

only this process

- Create this User State Set

"ASP.NET Accounts"

NT AUTHORITY\NETWORK SERVICE

*\ASPNET

*\IUSR_*

*\IWAM_*

- Create this Windows Rule Module

"ASP.NET Framework"

Apply this rule module only if the following state conditions are met:

User State Conditions: ASP.NET Accounts

- Create these File Access Control Rules

"ASP.NET access to .NET config files"

Allow

IIS Web Server application

Read File, Write File

on $ASP.NET Framework Config Files

"ASP.NET access to temp DLL files"

Allow

IIS Web Server application

Read File, Write File, Write Directory

on $ASP.NET Framework Temp DLL Files

"ASP.NET Framework access to temp files"

Allow

ASP.NET Framework

Read File, Write File, Write Directory

on $Windows Temp Files

- Create this System API Control Rule

"ASP.NET IIS API Call"

Allow (I have logging turned on for this one)

IIS Web Server application

check Access system functions from code executing in data or stack space,

There you go, one ASP.NET module. I really don't like that last rule, but I haven't yet identified all of the patterns to restrict it (hence why I have logging turned on).