AppLocker Whitelist/Blacklist

is there a recommended BL/WL for AppLocker?
DukewillNukemAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Hi.

This cannot exist as companies use different programs.
Tell us what problem you face where this list would help, please.
0
Rich RumbleSecurity SamuraiCommented:
You have to determine that yourself... Most of the native OS programs obviously can be tursted, however do you really want them to run? You can use ShadowCopy to copy the SAM or NTDS.dit files, or use the NTDSutil in 2008 to make a copy of both the SAM and NTDS.dit file... That isn't a good thing for most people, so maybe you actually want to black-list that one or others that may be similarly abused.
-rich
0
DukewillNukemAuthor Commented:
ok,ill try a differetn approach instead: im also deploying EMET and im not sure if AL will be really needed? are there any use cases/best practices where it shows how those two technologies could be combined?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

McKnifeCommented:
Where is the connection EMET<->Applocker? I don't see it.
0
Rich RumbleSecurity SamuraiCommented:
No studies, because they are two different things. EMET hopes to apply mitigations to programs from being exploitable via memory and overflow conditions, while AL wants to prevent certain programs from executing altogether. You can do both, and probably should.
-rich
0
DukewillNukemAuthor Commented:
ok,is there a best practice doc by M$?
0
Rich RumbleSecurity SamuraiCommented:
EMET has Forum support or if you pay for Microsoft Premier Support Services.
http://social.technet.microsoft.com/Forums/security/en-US/home?forum=emet
http://blogs.technet.com/b/srd/archive/tags/emet/
http://blogs.technet.com/b/srd/
http://blogs.technet.com/b/srd/archive/2014/04/30/continuing-with-our-community-driven-customer-focused-approach-for-emet.aspx
http://blogs.technet.com/b/security/ <-- first article, run as a non-administrator to be safe...
The last link above may help you the most, it talks about how and what you need to do to secure windows:
Principal of Least Privilege, Locking down Java/Flash, proper use of user rights/groups.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
I think he meant BPs for Applocker.
No, there are no official MS best practices.

But what would you expect to get? Of course the best here is the one that is most secure while being functional and non-intrusive to users. And the most secure is the one that uses a whitelist with only known applications, as simple as that. If that can be non-intrusive? Sure, if the admin does a good job... anytime.

So to help you, you need to tell us your goal, what are you trying to protect against what possible risk? What is your scenario, detailed?
0
McKnifeCommented:
Duke, you make me shake my head a little. You ask for Applocker, and accept an answer about EMET best practices and ignore my questions.
While it is perfectly ok to close a question as you like, it is not ok to ignore offers.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.