PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Applocker research?

From: jackadaniel at gmail.com (Jack Daniel)
Date: Tue, 19 May 2009 10:25:50 -0400
Nope- but if you find any please let us know.  I have played with it,
but haven't had  time to try to break it.

It can be set in three modes, by signature, hash or path. Anyone using
applocker to restrict apps by file path should practice getting down
on all fours and saying "baah, baah", because they are surely sheep.
As far as the sigs, you have a range of options, specific versions,
above/below a version, app families (eg all Office 12).  The hashes
really pin you down to executing a specific file, but I *assume* that
compromising a running app will go undetected.

Note- applocker can be used to lock down scripts and installers, not
just programs.

And, like Bitlocker-to-go, applocker is an Enterprise/Ultimate only
feature (although I assume both can be hacked into functioning on
lesser versions)- so it will not be on any PC people actually purchase
(volume/retail licensing only for Enterprise/Ultimate.

Jack


On Tue, May 19, 2009 at 12:53 AM, David Grubers <david.grubers at gmail.com> wrote:

Anyone know of any research done on windows' applocker?
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
Previous By Date Next
Previous By Thread Next

Current thread: