HOME

TheInfoList



Click Here for Items Related To - AppLocker
OR:
AppLocker on:   [Wikipedia]   [Google]   [Amazon]

AppLocker is an application whitelisting technology introduced with
Microsoft's Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
Windows 7 Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was released to manufacturing on July 22, 2009, and became generally available on October 22, 2009. It is the successor to Windows Vista, released nearly ...
operating system. It allows restricting which programs users can execute based on the program's path, publisher, or hash, and in an enterprise can be configured via
Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. G ...
.


Summary

Windows AppLocker allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators are able to create rules based on file names, publishers or file location that will allow certain files to execute. Unlike the earlier Software Restriction Policies, which was originally available for
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
and
Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...
, AppLocker rules can apply to individuals or groups. Policies are used to group users into different enforcement levels. For example, some users can be added to an 'audit' policy that will allow administrators to see the rule violations before moving that user to a higher enforcement level.


AppLocker availability charts


Bypass techniques

There are several generic techniques for bypassing AppLocker: * Writing an unapproved program to a whitelisted location. * Using a whitelisted program as a delegate to launch an unapproved program. * Hijacking the DLLs loaded by a trusted application in an untrusted directory.


References

{{Windows Components Windows 7 Windows 8 Windows 10 Microsoft Windows security technology