Solved

Applocker publisher rule

Posted on 2016-07-29
5
29 Views
Last Modified: 2016-09-09
Dear all,

I have the following questions regarding applocker publisher rule

1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”?  With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.

In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
0
Comment
Question by:ee_lcpaa
5 Comments
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
ID: 41734553
1. No you don't need

2. Yes all Microsoft dll are digitally signed and NO bad idea, because Cryptolocker ( Crytowall v3.0) comes with a microsoft signet explorer.exe.
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 41734640
what Benjamin was trying say is that Cryptolocker uses scripts that use components of the operating system to encrypt your files.
0
 

Author Comment

by:ee_lcpaa
ID: 41736238
Hi Benjamin,

Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?

Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?

Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?

Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
 
Please clarify. Thanks a lot.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 41790981
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question