applocer

AppLocker is a tool that allows administrators to control which applications are allowed to run further in order to prevent the launching or installation of malicious software.

AppLocker provides a simple and unique interface to prevent or block an application from running by unintended users. It includes Windows Installer Files, executable files, dynamic-link libraries (DLLs), packaged app installers, scripts, packaged apps etc.

Key Features of an Applocker :

AppLocker can help you by doing following things:

  • It can define rules based on file attributes that persist across app updates like the publisher name, product name, file name, and file version.
  • Assign a rule to a security group or an individual user accordingly.
  • It creates exceptions to rules as well. For an example, you can create a rule that allows users to run windows binaries except the Registry Editor (regedit.exe).
  • Use ‘audit-only‘ mode to deploy the policy and it’s better to understand its impact before enforcing it.
  • Create rules on a staging server, test them, then continue to export them to your production environment and import them into a Group Policy Object.
  • AppLocker can also helps to reduce, administrative overhead and the organization’s cost of managing computing resources.
  • This is by decreasing the number of Help Desk calls that result from users running unapproved apps.