Solved

Applocker publisher rule

Posted on 2016-07-29
5
24 Views
Last Modified: 2016-09-09
Dear all,

I have the following questions regarding applocker publisher rule

1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”?  With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.

In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
0
Comment
Question by:ee_lcpaa
5 Comments
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
Comment Utility
1. No you don't need

2. Yes all Microsoft dll are digitally signed and NO bad idea, because Cryptolocker ( Crytowall v3.0) comes with a microsoft signet explorer.exe.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
what Benjamin was trying say is that Cryptolocker uses scripts that use components of the operating system to encrypt your files.
0
 

Author Comment

by:ee_lcpaa
Comment Utility
Hi Benjamin,

Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?

Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?

Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?

Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
 
Please clarify. Thanks a lot.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now