PaulDotCom mailing list archives
Applocker research?
From: jackadaniel at gmail.com (Jack Daniel)
Date: Tue, 19 May 2009 10:25:50 -0400
Nope- but if you find any please let us know. I have played with it, but haven't had time to try to break it. It can be set in three modes, by signature, hash or path. Anyone using applocker to restrict apps by file path should practice getting down on all fours and saying "baah, baah", because they are surely sheep. As far as the sigs, you have a range of options, specific versions, above/below a version, app families (eg all Office 12). The hashes really pin you down to executing a specific file, but I *assume* that compromising a running app will go undetected. Note- applocker can be used to lock down scripts and installers, not just programs. And, like Bitlocker-to-go, applocker is an Enterprise/Ultimate only feature (although I assume both can be hacked into functioning on lesser versions)- so it will not be on any PC people actually purchase (volume/retail licensing only for Enterprise/Ultimate. Jack On Tue, May 19, 2009 at 12:53 AM, David Grubers <david.grubers at gmail.com> wrote:
Anyone know of any research done on windows' applocker? _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com
Current thread:
- Applocker research? David Grubers (May 18)
- Applocker research? Jack Daniel (May 19)