This is version no.1 (will be updated in the future)
I have exported a sanitized(from my organizations data) application control rule which covers most of the malware and ATP detection and protection that I
have learned and used.
Tested in a large - 5000+ endpoints environment on endpoints and servers
******** You should use this rule as TEST (LOG ONLY) at first - it is important to make all the nessasary exceptiosn for your organization ********
After you get rid of the false positives you have two options:
1) make it production
2) make all sub-rules "continue with logging" and start changing the rules to "block" with time
Hope it helps you all!!