AppLocker-Protect your Computer against Malware and malicious software download from Google Play
AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. AppLocker is a new feature in Windows Server 2008 R2 and Windows 7 that advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. AppLocker requires a service to be running in background. The service name is Application Identifier or AppID. By default, this service is stopped and must be started for AppLocker to work.
What can you do with AppLocker
1. Control the following types of applications: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx).
2. Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.
3. Assign a rule to a security group or an individual user.
4. Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run except Registry Editor (Regedit.exe).
5. Use audit-only mode to deploy the policy and understand its impact before enforcing it.
6. Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, all criteria in the existing policy are overwritten.
What AppLocker does on your Computer
1. Prevent unlicensed software from running in the desktop environment if the software is not on the allowed list
2. Prevent vulnerable, unauthorized applications from running in the desktop environment, including malware
3. Prevent users from running applications that destabilize their desktop environment and increase help desk support costs
4. Provide more options for effective desktop configuration management
5. Allow users to run approved applications and software updates based upon policies while preserving the requirement that only users with administrative credentials can install or run applications and software updates
6. Help to ensure that the desktop environment is in compliance with corporate policies and industry regulations
AppLocker helps also reduces administrative overhead and helps reduce the cost of managing computing resources by decreasing the number of help desk calls that result from users running unapproved applications.
Comparison between AppLocker and Software Restriction Policies
Feature
|
Software Restriction Policies
|
AppLocker
|
Rule scope
|
All users
|
Specific user or group
|
Rule conditions provided
|
File hash, path, certificate, registry path, and Internet zone
|
File hash, path, and publisher
|
Rule types provided
|
Defined by the security levels:
· Disallowed
· Basic User
· Unrestricted
|
Allow and deny
|
Default rule action
|
Unrestricted
|
Implicit deny
|
Audit-only mode
|
No
|
Yes
|
Wizard to create multiple rules at one time
|
No
|
Yes
|
Policy import or export
|
No
|
Yes
|
Rule collection
|
No
|
Yes
|
Windows PowerShell support
|
No
|
Yes
|
Custom error messages
|
No
|
Yes
|
1. You can define the rules based on the attributed from a file. For example, you can allow execution of a file based on the publisher.
2. You can configure the AppLocker in Audit Mode.
3. A new user friendly user-interface can be used to configure AppLocker.
Requirement for AppLocker
How to configure AppLocker
1. Go to Start > Run > GpEdit.msc
2. Expand the following node/sub-node:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Application
ControlPolicies\AppLocker
(1) AppLocker rules are completely separate from Software Restriction Policy rules and cannot be used to manage previous versions of Windows.
(2) AppLocker and Software Restriction Policies are separate. If AppLocker rules have been defined, then only those rules will be applied and Software Restriction Policies rules will be ignored