Solved

Applocker publisher rule

Posted on 2016-07-29
5
27 Views
Last Modified: 2016-09-09
Dear all,

I have the following questions regarding applocker publisher rule

1. When defining a publisher rule, I know that I need to define something like this '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US”?  With this defined, do I need to further deploy a certificate from the publisher on to all clients?
2. Are all executable/dll files released by Microsoft signed? If yes, can I simply define a publisher rule to allow all signed Microsoft executable/dll file to be executed.

In addition, any best practice/example for configuring applocker in Windows 2008 R2 server could be provided for reference?
Please advise. Thanks.
0
Comment
Question by:ee_lcpaa
5 Comments
 
LVL 12

Accepted Solution

by:
Benjamin Voglar earned 500 total points
ID: 41734553
1. No you don't need

2. Yes all Microsoft dll are digitally signed and NO bad idea, because Cryptolocker ( Crytowall v3.0) comes with a microsoft signet explorer.exe.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 41734640
what Benjamin was trying say is that Cryptolocker uses scripts that use components of the operating system to encrypt your files.
0
 

Author Comment

by:ee_lcpaa
ID: 41736238
Hi Benjamin,

Can you briefly explain how the publisher rule works if I don't need to deploy a Microsoft certificate on client side?

Is the string '“O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" a key to do the verification?

Can a hacker easily make a dll/exe file with the same signature as the ones really signed by Microsoft?

Also, you told me that all Microsoft exe/dll files are signed. With a proper publisher rule defined, any other maintenance work required after installing Microsoft security patches? I know that I need to update applocker settings on an AD server if a file hashing rule is used instead.
 
Please clarify. Thanks a lot.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 41790981
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cloning computer 13 63
Script to reboot Terminal Server 2008 nightly 3 27
program for opening files (like explorer) 4 25
DHCP Server 14 60
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now