Link to home
Create AccountLog in
Avatar of whorsfall
whorsfallFlag for Australia

asked on

AppLocker Whitelisting on Windows 7

Hi,

I am having trouble understanding how to use Whitelisting apps with AppLocker.

Here is the bit I don't get from what I can see you Create Default rules first. Then you create other rules. But the default rules will let everything through under those paths unless you create deny rules. Which sort of defeats the purpose of whitelisting everything.

Can somebody please clarify how this works so I can better understand it.

I suspect there is something I am missing here :)

Thanks,

Ward.
ASKER CERTIFIED SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of whorsfall

ASKER

Hi Mahesh,

Thanks for your response. Ok starting to get the picture now.

Ok to extend what you are saying then and clarify.

After you have the default rules in there then there is no point creating allow rules for that paths covered by the default paths.
I should only be creating Deny rules.

For example if I create an allow rule for calc.exe there is no point as that would be court by the default rule?

Have I understood correctly?

Thanks,

Ward
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I should only be creating Deny rules.

If you want to block anything which is covered by default rules, then only deny rules will be required

In your example, calc is already part of default rule, so it is already allowed, no need to allow it explicitly

Also even if you create automatic rules, still you need to create default rules for core OS to run without issues, infact automatic rules wizard will prompt you.
Test it how it goes without default rules if it create any core OS operating issues.......
Hi Thanks for the responses,

So is the what is the best practice people generally do.

Do they start with Default rules. Then list everything they want and remove the default say for program files. Plus I imagine add some denies if they want to.

I have been trying find info on whether they should be removed in the end. As I have not read anywhere where it says to delete the default rules in the end after everything has been specified.

Thanks,

Ward
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- 'Mahesh' (https:#a42679265)
-- 'Mahesh' (https:#a42681199)
-- 'Shaun Vermaak' (https:#a42679360)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer