AppLocker-Protect your Computer against Malware and malicious software download ~ SAMPATKUMARI'S Blog "PARISHKAR"

AppLocker-Protect your Computer against Malware and malicious software download

AppLocker-Protect your Computer against Malware and malicious software download - AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. AppLocker is a new feature in Windows Server 2008 R2 and Windows 7 that advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. AppLocker requires a service to be running in background. The service name is Application Identifier or AppID. By default, this service is stopped and must be started for AppLocker to work.
AppLocker-Protect your Computer against Malware and malicious software download
AppLocker-Protect your Computer against Malware and malicious software download

What can you do with AppLocker(Applies To Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012)


Using AppLocker, you can -

·       Control the following types of applications: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx).
·       Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.
·       Assign a rule to a security group or an individual user.
·       Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run except Registry Editor (Regedit.exe).
·       Use audit-only mode to deploy the policy and understand its impact before enforcing it.
·       Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, all criteria in the existing policy are overwritten.
·       Streamline creating and managing AppLocker rules by using Windows PowerShell cmdlets.

What AppLocker does on your Computer


·  Prevent unlicensed software from running in the desktop environment if the software is not on the allowed list
· Prevent vulnerable, unauthorized applications from running in the desktop environment, including malware
·  Stop users from running applications that needlessly consume network bandwidth or otherwise affect the enterprise computing environment
·  Prevent users from running applications that destabilize their desktop environment and increase help desk support costs
·  Provide more options for effective desktop configuration management
·  Allow users to run approved applications and software updates based upon policies while preserving the requirement that only users with administrative credentials can install or run applications and software updates
·  Help to ensure that the desktop environment is in compliance with corporate policies and industry regulations
AppLocker helps also reduces administrative overhead and helps reduce the cost of managing computing resources by decreasing the number of help desk calls that result from users running unapproved applications.

Comparison between AppLocker and Software Restriction Policies

The following table compares AppLocker to Software Restriction Policies.
 Feature
Software Restriction Policies
AppLocker
Rule scope All users Specific user or group
Rule conditions provided File hash, path, certificate, registry path, and Internet zone File hash, path, and publisher
Rule types provided
Defined by the security levels:
·                  Disallowed
·                  Basic User
·                  Unrestricted
Allow and deny
Default rule action Unrestricted Implicit deny
Audit-only mode No Yes
Wizard to create multiple rules at one time No Yes
Policy import or export No Yes
Rule collection No Yes
Windows PowerShell support No Yes
Custom error messages No Yes

 

1.     You can define the rules based on the attributed from a file. For example, you can allow execution of a file based on the publisher.
2.     You can configure the AppLocker in Audit Mode.
3.     A new user friendly user-interface can be used to configure AppLocker.

Requirement for AppLocker


AppLocker works only on Windows 7 and Windows Server 2008 R2 computers. AppLocker is available only (1) Windows 7 Ultimate/Enterprise (2) Windows Server 2008 Standard/Enterprise/Datacenter

How to configure AppLocker


1. Go to Start > Run > GpEdit.msc    
2. Expand the following node/sub-node:
 Computer Configuration\Windows Settings\Security Settings\Local Policies\Application
 ControlPolicies\AppLocker

(1)  AppLocker rules are completely separate from Software Restriction Policy rules and cannot be used to manage previous versions of Windows.
(2)  AppLocker and Software Restriction Policies are separate. If AppLocker rules have been defined, then only those rules will be applied and Software Restriction Policies rules will be ignored.

0 comments:

Post a Comment