mailing list archives
From: jackadaniel at gmail.com (Jack Daniel)
Date: Tue, 19 May 2009 10:25:50 -0400
Nope- but if you find any please let us know. I have played with it,
but haven't had time to try to break it.
It can be set in three modes, by signature, hash or path. Anyone using
applocker to restrict apps by file path should practice getting down
on all fours and saying "baah, baah", because they are surely sheep.
As far as the sigs, you have a range of options, specific versions,
above/below a version, app families (eg all Office 12). The hashes
really pin you down to executing a specific file, but I *assume* that
compromising a running app will go undetected.
Note- applocker can be used to lock down scripts and installers, not
And, like Bitlocker-to-go, applocker is an Enterprise/Ultimate only
feature (although I assume both can be hacked into functioning on
lesser versions)- so it will not be on any PC people actually purchase
(volume/retail licensing only for Enterprise/Ultimate.
On Tue, May 19, 2009 at 12:53 AM, David Grubers <david.grubers at gmail.com> wrote:
Anyone know of any research done on windows' applocker?
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com
Jack Daniel, Reluctant CISSP