Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

AppLocker, which is built in to Windows 7 Enterprise and later, prevents unknown programs from running unless installed or otherwise pre-cleared by an admin first. This is increasingly necessary because even antivirus companies are publicly saying that antivirus provides little protection against current malware. Rather than attempt to enumerate what's bad, application whitelisting technologies like AppLocker enumerate what's good, and deny everything else. This turns out to be less difficult than it sounds.

If a program won't run and you are directed to this page

When a program is blocked by AppLocker, Windows will pop up "Your system administrator has blocked you from running this program" as shown at right. The "More information" link goes to the web page you are reading now.

If you are confident that the program came from a legitimate source, you can override the policy and run the blocked application by following these steps:

  1. Create a new folder with a certain name. Contact infosec@carleton.edu or ask the ITS helpdesk to refer to WebHelpDesk ticket #66807 for the name to use.
  2. Move the program and any dependencies into the new folder.
  3. Run the program from there.

In rare cases (multi-stage installers from ninite.com), it might be necessary to right-click on the program and choose "Run as administrator." This can be dangerous, though, so don't get in the habit.

The Information Security Officer should review a report on such overrides and as appropriate, add them to the centrally managed policy.  

How this policy is applied: mostly report-only

A "reporting-only" AppLocker policy is in place for most campus computers. The policy is maintained by the Information Security Officer (Rich Graves).

Certain computers have been placed in organizational units (OUs) that block unapproved programs. This applies to the entire Campus_Clients\BUSO OU and the AppLocker-Enforced directories within Facilties and ITS.

References for understanding AppLocker

(Yes, AppLocker makes even more sense for servers, which run a more predictable set of software.)

  • No labels