Solved

AppLocker Whitelist/Blacklist

Posted on 2014-07-21
9
494 Views
Last Modified: 2014-07-31
is there a recommended BL/WL for AppLocker?
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 55

Expert Comment

by:McKnife
ID: 40208812
Hi.

This cannot exist as companies use different programs.
Tell us what problem you face where this list would help, please.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40208821
You have to determine that yourself... Most of the native OS programs obviously can be tursted, however do you really want them to run? You can use ShadowCopy to copy the SAM or NTDS.dit files, or use the NTDSutil in 2008 to make a copy of both the SAM and NTDS.dit file... That isn't a good thing for most people, so maybe you actually want to black-list that one or others that may be similarly abused.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 40211345
ok,ill try a differetn approach instead: im also deploying EMET and im not sure if AL will be really needed? are there any use cases/best practices where it shows how those two technologies could be combined?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 55

Expert Comment

by:McKnife
ID: 40211385
Where is the connection EMET<->Applocker? I don't see it.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40211422
No studies, because they are two different things. EMET hopes to apply mitigations to programs from being exploitable via memory and overflow conditions, while AL wants to prevent certain programs from executing altogether. You can do both, and probably should.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 40211591
ok,is there a best practice doc by M$?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 40211627
EMET has Forum support or if you pay for Microsoft Premier Support Services.
http://social.technet.microsoft.com/Forums/security/en-US/home?forum=emet
http://blogs.technet.com/b/srd/archive/tags/emet/
http://blogs.technet.com/b/srd/
http://blogs.technet.com/b/srd/archive/2014/04/30/continuing-with-our-community-driven-customer-focused-approach-for-emet.aspx
http://blogs.technet.com/b/security/ <-- first article, run as a non-administrator to be safe...
The last link above may help you the most, it talks about how and what you need to do to secure windows:
Principal of Least Privilege, Locking down Java/Flash, proper use of user rights/groups.
-rich
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40212483
I think he meant BPs for Applocker.
No, there are no official MS best practices.

But what would you expect to get? Of course the best here is the one that is most secure while being functional and non-intrusive to users. And the most secure is the one that uses a whitelist with only known applications, as simple as that. If that can be non-intrusive? Sure, if the admin does a good job... anytime.

So to help you, you need to tell us your goal, what are you trying to protect against what possible risk? What is your scenario, detailed?
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40231737
Duke, you make me shake my head a little. You ask for Applocker, and accept an answer about EMET best practices and ignore my questions.
While it is perfectly ok to close a question as you like, it is not ok to ignore offers.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question