Windows Security
Cards (2)
- AppLocker Policy
- An application whitelist is a list of approved software applications or executables that are allowed to be present and run on a system.
- The goal is to protect the environment from harmful malware and unapproved software that does not align with the specific business needs of an organization.
- AppLocker Policy
- AppLocker is Microsoft's application whitelisting solution and gives system administrators control over which applications and files users can run.
- It provides granular control over executables, scripts, Windows installer files, DLLs, packaged apps, and packed app installers.
- It is common for organizations to block cmd.exe and PowerShell.exe and write access to certain directories, but this can all be bypassed.