Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

AppLocker, which is built in to Windows 7 Enterprise and later, prevents unknown programs from running unless installed or otherwise pre-cleared by an admin first. This is increasingly necessary because even antivirus companies are publicly saying that antivirus provides little protection against current malware. Rather than attempt to enumerate what's bad, application whitelisting technologies like AppLocker enumerate what's good, and deny everything else. This turns out to be less difficult than it sounds.

Current

...

status

A "reporting-only" AppLocker policy is in place for most campus computers. The policy is maintained by Information Security.

Selected Business Office and ITS computers have been placed in an organizational unit (OU) that blocks unapproved programs.References For Understanding

If a program won't run and you are directed to this page

If you are confident that it came from a legitimate source, you can override the policy and run the blocked application by following these steps:

  1. Create a new folder with a certain name. Contact infosec@carleton.edu or ask the ITS helpdesk to refer to WebHelpDesk ticket # for the name to use
  2. Move the program and any dependencies into the new folder.
  3. Run the program from there.

The Information Security Officer should review a report on such overrides and as appropriate, add them to the centrally managed policy.  

References for understanding AppLocker

...