0

I want to run (on a certain computer with Windows 10) only those exe. files, who signed by certificates, which installed on the computer (it can be certificates from CA or my own test certificate).

I already tried this solution (and many others): How does one configure Windows not to execute tampered binaries?

but none of them solved my problem.

I wrote two "HelloWorld" apps (with certificate signing and without certificate signing). But all solutions, which I tried, allow to run both apps.

How to configure Windows10 to execute only .exe with certificate signing?

There is AppLocker configuration:

<AppLockerPolicy Version="1">
  <RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Exe" EnforcementMode="Enabled">
    <FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
    </FilePathRule>
    <FilePublisherRule Id="d5c14ef6-5a5e-4863-aa49-a9ebbcab1afc" Name="Only run executables that are signed" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
          <BinaryVersionRange LowSection="*" HighSection="*" />
        </FilePublisherCondition>
      </Conditions>
    </FilePublisherRule>
  </RuleCollection>
  <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
</AppLockerPolicy>
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Eugene Afanasovich
  • 1
  • 2
  • 1
    AppLocker absolutely can and will prevent applications from running. Unless it is configured incorrectly. – Greg Askew Aug 12 '21 at 15:26
  • No doubts. But how to configure AppLocker on Windows 10 correctly to execute only .exe with certificate signing? – Eugene Afanasovich Aug 12 '21 at 16:00
  • It would be simpler if you provided your AppLocker configuration. – Greg Askew Aug 12 '21 at 16:43
  • @GregAskew, thanks for trying to help me. I really appreciate it. I added AppLocker config to question. – Eugene Afanasovich Aug 12 '21 at 17:35
  • 1
    Is there anything in the AppLocker event log? Are you using an edition of Windows 10 that supports AppLocker? – Greg Askew Aug 12 '21 at 18:31
  • Yes, there is a log in Event Viewer: "appidsvc.dll: AppLocker component not available on this SKU". I am using Windows 10 Pro. And I just read that it is not easy to run AppLocker properly on this OS. Maybe there is some solution to my problem without using AppLocker? – Eugene Afanasovich Aug 13 '21 at 08:07

0 Answers0