AppLocker is a tool that allows administrators to control which applications are allowed to run further in order to prevent the launching or installation of malicious software.
AppLocker provides a simple and unique interface to prevent or block an application from running by unintended users. It includes Windows Installer Files, executable files, dynamic-link libraries (DLLs), packaged app installers, scripts, packaged apps etc.
Key Features of an Applocker :
AppLocker can help you by doing following things:
- It can define rules based on file attributes that persist across app updates like the publisher name, product name, file name, and file version.
- Assign a rule to a security group or an individual user accordingly.
- It creates exceptions to rules as well. For an example, you can create a rule that allows users to run windows binaries except the Registry Editor (regedit.exe).
- Use ‘audit-only‘ mode to deploy the policy and it’s better to understand its impact before enforcing it.
- Create rules on a staging server, test them, then continue to export them to your production environment and import them into a Group Policy Object.
- AppLocker can also helps to reduce, administrative overhead and the organization’s cost of managing computing resources.
- This is by decreasing the number of Help Desk calls that result from users running unapproved apps.