ee_lcpaa
asked on
Applocker publisher rule
Dear all,
I have the following questions regarding applocker publisher rule
1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”? With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.
In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
I have the following questions regarding applocker publisher rule
1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”? With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.
In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
David Johnson, CD
what Benjamin was trying say is that Cryptolocker uses scripts that use components of the operating system to encrypt your files.
ASKER
Hi Benjamin,
Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?
Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?
Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?
Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
Please clarify. Thanks a lot.
Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?
Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?
Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?
Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
Please clarify. Thanks a lot.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.