Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2921
  • Last Modified:

Enterprise Alternatives to Applocker

Hi Experts,
I wanting to know if there are better alternatives for managing software whitelisting, currently we use Microsoft's Applocker feature, unfortunately in an environment consisting or around 5000 end points, and 1000+ applications, it's an administrative nightmare maintaining these,
I want to point out to management we need to start looking at other options, and point out the limitations to them at the same time, and present a viable proven enterprise grade alternative,
Can you point me in the right direction please.
Many thanks
0
craigleenz
Asked:
craigleenz
  • 6
  • 5
  • 3
2 Solutions
 
rhandelsCommented:
You want to make sure that users can only open applications you white-listed?
The best application around (that i'm aware of) is AppSense Application Manager. It blocks all applications but allows to startup applications you white-list and it gives you perfect messages in what to allow.
0
 
craigleenzAuthor Commented:
Thanks rhandles, that's correct, we only want users to launch applications that are white listed, I will read up on app sense, never heard or used it before :)
I would also like some input whether maintaining/managing a fleet of 5000 workstations using applocker for application whitelisting is even feasible.
0
 
McKnifeCommented:
Having 1000 applications to manage can be a nightmare with any alternative as well, I guess. You should think about loosening your restrictions. I mean, you didn't even mention what you're having trouble with
...but I guess you use pretty hard rules, maybe you even restrict the program files folder?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
craigleenzAuthor Commented:
Thanks again for your response, primary problem is we have several computers which is in a audit only mode security group, so app locker rules don't apply to them, and this is a security risk which management wants remidied, machine were placed in this group due to app locker  interfering with various functions/features, and my predesessors just placed machines in this group to get around the problem, so even with app sense u reckon this won't be easier to manage?
0
 
rhandelsCommented:
Hey,

I'm not that familiar with AppLocker but AppSense (though being quite expensive) is fairly good to configure. You can whitelist complete directories (even network dirs) or use wildcards to give access to applications.

Though i do agree with McKnife, what are you trying to achieve?? We for example use it for blocking applications that can be started when users log into a remote desktop (Citrix). We let users start all apps that are in Program Files (64 bits and  32 bits also) but we do disable access to the C drive (we hide the drive) meaning we can farily easy tell AppSense to start apps from there because users can't access it.

AppSense also has a management suite which is quite nice. You can deploy the agent (yes, it needs this) fairly easy and it will let you show the status of updates (newly created settings are applied almost instantly to all machines if active).
0
 
McKnifeCommented:
That's correct, my point was similar, if you restrict too much, it's complicated. For example: why restrict any applications in the program files folder? Only admins may write there, so no malware can write into it unless it has already elevated privileges - and then it could turn off applocker.
0
 
craigleenzAuthor Commented:
thanks guys, appreciate the input, doesn't appear to be a better way of managing this process,
management won't budge on a 3rd party alternative like AppSense, given the cost associated with it, and also given the  amount of software in the environment,
Also being a government organization, they will loosen up on current desktop hardening in place, so it looks like we stuck :(
0
 
rhandelsCommented:
You could give it a try and go for software restriction polices but in my opinion is the older version of Applocker. And also this policy is quite hard to set-up..
0
 
McKnifeCommented:
You didn't yet illustrate what problem you have with your current setup. Maybe we can help you.
0
 
craigleenzAuthor Commented:
hi experts, apologies for the late reply,
the problem I have is I've taken over support of a client who uses applocker, unfortunately the previous crew that supported these guys made a real mess of managing this properly, they placed  nearly a 3rd of the entire fleet of machines into an applocker only sec group which doesn't enfore the any the applocker policies, several users  has also been given local admin rights to get around the complexities of some applications not playing  well with app locker, this has now fallen into my plate to sort out, I realize there is no silver bullet here, just wanting to get ideas where to begin, if that makes sense
0
 
McKnifeCommented:
You might have to reanalyze it all. I would ask the old admin team for documentation on what was setup for what reason. Even if they have none, it would put you into a better position.
0
 
craigleenzAuthor Commented:
agree, doesn't appear to I have much options,
0
 
McKnifeCommented:
Also dive into logging. Applocker Logfiles can be used with real mode ("what was blocked") and also with test mode ("what would have been blocked").
0
 
craigleenzAuthor Commented:
no silver bullet I was quietly hoping for, guess it's back the drawing board for us around this,
Appreciate the responses,
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now