I have been asked to implement application whitelisting using Microsoft Software Restriction Policies, or similar. All up there are around 300 individual applications across the site many go through upgrades, version changes etc. Keeping track of that many applications via SRP would be painful. Not only that but testing each application and all its DLL’s and EXE’s against any policies would take weeks of work not days as the onsite I.T consultant seems to thing. What are you guys thoughts, is it recommended we do this using Microsoft SRP? Or is there a better solution available?
Advise and thoughts/suggestions would be most appreciated.