Solved

Applocker publisher rule

Posted on 2016-07-29
5
30 Views
Last Modified: 2016-09-09
Dear all,

I have the following questions regarding applocker publisher rule

1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”?  With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.

In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
0
Comment
Question by:ee_lcpaa
5 Comments
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
ID: 41734553
1. No you don't need

2. Yes all Microsoft dll are digitally signed and NO bad idea, because Cryptolocker ( Crytowall v3.0) comes with a microsoft signet explorer.exe.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 41734640
what Benjamin was trying say is that Cryptolocker uses scripts that use components of the operating system to encrypt your files.
0
 

Author Comment

by:ee_lcpaa
ID: 41736238
Hi Benjamin,

Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?

Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?

Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?

Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
 
Please clarify. Thanks a lot.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 41790981
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question