We help IT Professionals succeed at work.

Enterprise Alternatives to Applocker

3,918 Views
Last Modified: 2014-08-31
Hi Experts,
I wanting to know if there are better alternatives for managing software whitelisting, currently we use Microsoft's Applocker feature, unfortunately in an environment consisting or around 5000 end points, and 1000+ applications, it's an administrative nightmare maintaining these,
I want to point out to management we need to start looking at other options, and point out the limitations to them at the same time, and present a viable proven enterprise grade alternative,
Can you point me in the right direction please.
Many thanks
Comment
Watch Question

Commented:
You want to make sure that users can only open applications you white-listed?
The best application around (that i'm aware of) is AppSense Application Manager. It blocks all applications but allows to startup applications you white-list and it gives you perfect messages in what to allow.
Craig PaulsenSenior Systems Engineer

Author

Commented:
Thanks rhandles, that's correct, we only want users to launch applications that are white listed, I will read up on app sense, never heard or used it before :)
I would also like some input whether maintaining/managing a fleet of 5000 workstations using applocker for application whitelisting is even feasible.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Having 1000 applications to manage can be a nightmare with any alternative as well, I guess. You should think about loosening your restrictions. I mean, you didn't even mention what you're having trouble with
...but I guess you use pretty hard rules, maybe you even restrict the program files folder?
Craig PaulsenSenior Systems Engineer

Author

Commented:
Thanks again for your response, primary problem is we have several computers which is in a audit only mode security group, so app locker rules don't apply to them, and this is a security risk which management wants remidied, machine were placed in this group due to app locker  interfering with various functions/features, and my predesessors just placed machines in this group to get around the problem, so even with app sense u reckon this won't be easier to manage?
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
That's correct, my point was similar, if you restrict too much, it's complicated. For example: why restrict any applications in the program files folder? Only admins may write there, so no malware can write into it unless it has already elevated privileges - and then it could turn off applocker.
Craig PaulsenSenior Systems Engineer

Author

Commented:
thanks guys, appreciate the input, doesn't appear to be a better way of managing this process,
management won't budge on a 3rd party alternative like AppSense, given the cost associated with it, and also given the  amount of software in the environment,
Also being a government organization, they will loosen up on current desktop hardening in place, so it looks like we stuck :(

Commented:
You could give it a try and go for software restriction polices but in my opinion is the older version of Applocker. And also this policy is quite hard to set-up..
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You didn't yet illustrate what problem you have with your current setup. Maybe we can help you.
Craig PaulsenSenior Systems Engineer

Author

Commented:
hi experts, apologies for the late reply,
the problem I have is I've taken over support of a client who uses applocker, unfortunately the previous crew that supported these guys made a real mess of managing this properly, they placed  nearly a 3rd of the entire fleet of machines into an applocker only sec group which doesn't enfore the any the applocker policies, several users  has also been given local admin rights to get around the complexities of some applications not playing  well with app locker, this has now fallen into my plate to sort out, I realize there is no silver bullet here, just wanting to get ideas where to begin, if that makes sense
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Craig PaulsenSenior Systems Engineer

Author

Commented:
agree, doesn't appear to I have much options,
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Also dive into logging. Applocker Logfiles can be used with real mode ("what was blocked") and also with test mode ("what would have been blocked").
Craig PaulsenSenior Systems Engineer

Author

Commented:
no silver bullet I was quietly hoping for, guess it's back the drawing board for us around this,
Appreciate the responses,

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.