Suddenly, you no longer have to worry about updating definitions or the latest threat! If it wasn’t trusted before, it won’t run now. Anything not on the whitelist is not allowed to run. A whitelist comprises of known trusted software.
In terms of security, the real power of AppLocker rests in the ability to create a whitelist. Blacklists are always limited because malware constantly changes.
#Applocker gpo software
Malicious software is caught when it is known or when it behaves a certain way. What is so important about a Whitelist? With a traditional antivirus, malware is detected through definition files. AppLocker, available in Windows 7/8 Enterprise, addressed these limitations and added some essential features. Further, these policies lack flexibility in who they applied to or how they were deployed. While it was easy to block or allow specific applications, creating global whitelists or global blacklists was nearly impossible. If you have ever used Software Restriction Policies, you fully understand the inherit limitations. With the release of Windows 7, Microsoft essentially replaced Software Restriction Policies with the introduction of AppLocker. The biggest change though was the implementation of AppLocker with whitelisting. We were given the go ahead to do whatever was necessary to prevent a future breakout. We removed all administrative rights for users, tightened file security and the Windows firewall, and increased the level of protection provided by UAC. Administration was finally convinced that something had to be done with security. This caused a paradigm shift for our organization. Eventually, we took the entire site offline and imaged every machine. We couldn’t wipe machines faster than the malware could spread. A few years ago, we had a horrible conficker infection. The total infected count climbed to just under 1000 machines.
0 kommentar(er)
