AppLocker

AppLocker is an application whitelisting technology introduced with Microsoft's Windows 7 operating system. It allows restricting which programs users can execute based on the program's path, publisher, or hash, and in an enterprise can be configured via Group Policy.

Summary

Windows AppLocker allows administrators to control which executable files are denied or allowed to execute. With AppLocker, administrators are able to create rules based on file names, publishers or file location that will allow certain files to execute. Unlike the earlier Software Restriction Policies, which was originally available for Windows XP and Windows Server 2003, AppLocker rules can apply to individuals or groups. Policies are used to group users into different enforcement levels. For example, some users can be added to an 'audit' policy that will allow administrators to see the rule violations before moving that user to a higher enforcement level.

AppLocker availability charts

AppLocker availability on Windows 7
Starter Home Basic Home Premium Professional Enterprise Ultimate
No No No Create policies, but cannot enforce Create and enforce policies Create and enforce policies
AppLocker availability on Windows 8
RT (Core) Pro Enterprise
No No No Yes
AppLocker availability on Windows 10
Home Pro Enterprise Education
Yes Yes Yes Yes

Bypass techniques

There are several generic techniques for bypassing AppLocker:

  • Writing an unapproved program to a whitelisted location.
  • Using a whitelisted program as a delegate to launch an unapproved program.
  • Hijacking the DLLs loaded by a trusted application in an untrusted directory.

This page was last updated at 2023-12-27 13:17 UTC. Update now. View original page.

All our content comes from Wikipedia and under the Creative Commons Attribution-ShareAlike License.


Top

If mathematical, chemical, physical and other formulas are not displayed correctly on this page, please useFirefox or Safari