Solved

Applocker publisher rule

Posted on 2016-07-29
5
46 Views
Last Modified: 2016-09-09
Dear all,

I have the following questions regarding applocker publisher rule

1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”?  With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.

In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
0
Comment
Question by:ee_lcpaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
ID: 41734553
1. No you don't need

2. Yes all Microsoft dll are digitally signed and NO bad idea, because Cryptolocker ( Crytowall v3.0) comes with a microsoft signet explorer.exe.
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 41734640
what Benjamin was trying say is that Cryptolocker uses scripts that use components of the operating system to encrypt your files.
0
 

Author Comment

by:ee_lcpaa
ID: 41736238
Hi Benjamin,

Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?

Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?

Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?

Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
 
Please clarify. Thanks a lot.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 41790981
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Determining the an SCCM package name from the Package ID
A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question