Hi all,

I have just activated applocker with the default rules. I have already had to add a plublisher rule as my dropbox was not able to execute (I suppose this is because I dont have it installed in the program files directory).

I would like to test applocker by downloading some exe file and trying to execute it somewhere in my PC, but in all of the cases UAC jumps and asks me for administrator credentials so I am not able to check if applocker would have blocked the file. What can I do to test applocker?

Are the publisher rules safe? I mean, is malware capable to get signed by know signatures such as microsoft, google, or even dropbox for example?

Thanks

Copy .exe files in your whitelisted directories that don't have the UAC shield icon to other directories. Then execute them.

Or you can download a portable program like VideoCacheView. Most installers require admin rights.

-{ Quote: "Copy .exe files in your whitelisted directories that don't have the UAC shield icon to other directories. Then execute them.

Or you can download a portable program like VideoCacheView. Most installers require admin rights." }-

Thanks, I was able to test it now. Applocker is great.

What about the signatures? Is malware able to be signed by known companies signatures?

It is possible, and I don't think you need those rules anyhow.

-{ Quote: "It is possible, and I don't think you need those rules anyhow." }-

With applocker and the publisher rules (which are based on signed software) things are much easier to configure. I dont have alL my programs installed in program files because I have a standard account, so if I set these rules programs will work independantly where they are installed. I would not set publisher rules for all companies but for microsoft, google (the big ones) why not.

I'd just whitelist the Google installation directory (no clue why it's in Users) and whatever else, but it's your choice.