Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 544
  • Last Modified:

AppLocker Whitelist/Blacklist

is there a recommended BL/WL for AppLocker?
0
DukewillNukem
Asked:
DukewillNukem
  • 4
  • 3
  • 2
1 Solution
 
McKnifeCommented:
Hi.

This cannot exist as companies use different programs.
Tell us what problem you face where this list would help, please.
0
 
Rich RumbleSecurity SamuraiCommented:
You have to determine that yourself... Most of the native OS programs obviously can be tursted, however do you really want them to run? You can use ShadowCopy to copy the SAM or NTDS.dit files, or use the NTDSutil in 2008 to make a copy of both the SAM and NTDS.dit file... That isn't a good thing for most people, so maybe you actually want to black-list that one or others that may be similarly abused.
-rich
0
 
DukewillNukemAuthor Commented:
ok,ill try a differetn approach instead: im also deploying EMET and im not sure if AL will be really needed? are there any use cases/best practices where it shows how those two technologies could be combined?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
McKnifeCommented:
Where is the connection EMET<->Applocker? I don't see it.
0
 
Rich RumbleSecurity SamuraiCommented:
No studies, because they are two different things. EMET hopes to apply mitigations to programs from being exploitable via memory and overflow conditions, while AL wants to prevent certain programs from executing altogether. You can do both, and probably should.
-rich
0
 
DukewillNukemAuthor Commented:
ok,is there a best practice doc by M$?
0
 
Rich RumbleSecurity SamuraiCommented:
EMET has Forum support or if you pay for Microsoft Premier Support Services.
http://social.technet.microsoft.com/Forums/security/en-US/home?forum=emet
http://blogs.technet.com/b/srd/archive/tags/emet/
http://blogs.technet.com/b/srd/
http://blogs.technet.com/b/srd/archive/2014/04/30/continuing-with-our-community-driven-customer-focused-approach-for-emet.aspx
http://blogs.technet.com/b/security/ <-- first article, run as a non-administrator to be safe...
The last link above may help you the most, it talks about how and what you need to do to secure windows:
Principal of Least Privilege, Locking down Java/Flash, proper use of user rights/groups.
-rich
0
 
McKnifeCommented:
I think he meant BPs for Applocker.
No, there are no official MS best practices.

But what would you expect to get? Of course the best here is the one that is most secure while being functional and non-intrusive to users. And the most secure is the one that uses a whitelist with only known applications, as simple as that. If that can be non-intrusive? Sure, if the admin does a good job... anytime.

So to help you, you need to tell us your goal, what are you trying to protect against what possible risk? What is your scenario, detailed?
0
 
McKnifeCommented:
Duke, you make me shake my head a little. You ask for Applocker, and accept an answer about EMET best practices and ignore my questions.
While it is perfectly ok to close a question as you like, it is not ok to ignore offers.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now