1

I'm toying around with group policy (Self teaching myself) and have stumbled across applocker which i can certainly see the benefits for certain situations however in every company i've worked for users will NEVER use a specific set of programs, there will always property piece of software needed for certain project or certain versions of software which from my research would make using Applocker a pain

My question is that would it be overkill to try and configure applocker to prevent ransomware? I know that the easiest way for randsomware to infect networks is through users opening files from emails that are actually .exe's in disguise so is there a way for applocker to block .exes from running from email only or at minimum require admin credentials to do so?

I know that no network is 100% secure against randsomware etc. but if i can prevent the most used vulnerabilities then that can help

Tomsta
  • 121
  • 1

1 Answers1

0

Applocker add a new layer to defend against ransomware. Be advised you need enterprise sku on client OS.

The best applocker guide outthere is there; done by the NSA itselft;

https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm

This guide also provides administrators with a walkthrough on how to use AppLocker and implement the settings. Using AppLocker for application whitelisting enforcement will not stop all malicious software. It provides an additional layer in a defense-in-depth strategy. The intent of this guidance is to prevent users from unknowingly or accidentally executing malicious code or unauthorized software.

yagmoth555
  • 16,300
  • 4
  • 26
  • 48