Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AppLocker Whitelist/Blacklist

Posted on 2014-07-21
9
Medium Priority
?
521 Views
Last Modified: 2014-07-31
is there a recommended BL/WL for AppLocker?
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 56

Expert Comment

by:McKnife
ID: 40208812
Hi.

This cannot exist as companies use different programs.
Tell us what problem you face where this list would help, please.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40208821
You have to determine that yourself... Most of the native OS programs obviously can be tursted, however do you really want them to run? You can use ShadowCopy to copy the SAM or NTDS.dit files, or use the NTDSutil in 2008 to make a copy of both the SAM and NTDS.dit file... That isn't a good thing for most people, so maybe you actually want to black-list that one or others that may be similarly abused.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 40211345
ok,ill try a differetn approach instead: im also deploying EMET and im not sure if AL will be really needed? are there any use cases/best practices where it shows how those two technologies could be combined?
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 56

Expert Comment

by:McKnife
ID: 40211385
Where is the connection EMET<->Applocker? I don't see it.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40211422
No studies, because they are two different things. EMET hopes to apply mitigations to programs from being exploitable via memory and overflow conditions, while AL wants to prevent certain programs from executing altogether. You can do both, and probably should.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 40211591
ok,is there a best practice doc by M$?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 40211627
EMET has Forum support or if you pay for Microsoft Premier Support Services.
http://social.technet.microsoft.com/Forums/security/en-US/home?forum=emet
http://blogs.technet.com/b/srd/archive/tags/emet/
http://blogs.technet.com/b/srd/
http://blogs.technet.com/b/srd/archive/2014/04/30/continuing-with-our-community-driven-customer-focused-approach-for-emet.aspx
http://blogs.technet.com/b/security/ <-- first article, run as a non-administrator to be safe...
The last link above may help you the most, it talks about how and what you need to do to secure windows:
Principal of Least Privilege, Locking down Java/Flash, proper use of user rights/groups.
-rich
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40212483
I think he meant BPs for Applocker.
No, there are no official MS best practices.

But what would you expect to get? Of course the best here is the one that is most secure while being functional and non-intrusive to users. And the most secure is the one that uses a whitelist with only known applications, as simple as that. If that can be non-intrusive? Sure, if the admin does a good job... anytime.

So to help you, you need to tell us your goal, what are you trying to protect against what possible risk? What is your scenario, detailed?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40231737
Duke, you make me shake my head a little. You ask for Applocker, and accept an answer about EMET best practices and ignore my questions.
While it is perfectly ok to close a question as you like, it is not ok to ignore offers.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question