Applocker doesn't work!!!

nothing happens in the event log....number of events = 0 for "EXE and DLL" and "MSI and Scripts"

 

Then the rules aren't being enforced, at all. There should be logs there, regardless of an object being allowed/blocked. If there are no events, then AppLocker isn't enforcing the rules.

-edit-

Could you please post a screenshot of the secpol.msc (Local Security Policy) > AppLocker window? (The language won't matter.)

 

well, all I can say is I checked the checkboxes that says "configured" for all rules and in the dropdown menu for all the rules I chose "enforce rules", hit "apply" and ok...

Also just typed gpupdate /force in cmd.exe but it's not doing anything...

I'm really curious what's the problem. The PC on that I try to configure applocker at the moment only runs sandboxie and EMET on max as security currently. I don't think these will have any impact on applocker...

http://www10.pic-upload.de/12.02.12/ezg1im7j5te.jpg

 

I also run both applications, so it's not an issue between them.

-edit-

In your signature I see you're running AppGuard. Are you running it at the moment, and if not, could it have conflicted with AppLocker and left remnants that still conflict with AppLocker?

It would be interesting if anyone else could see if AppGuard conflicts with AppLocker.

 

the screenshot I posted is from a Notebook. I try to use applocker on that one. I use Appguard on my desktop pc...

 

OK. Well, from what I can see it should be working. Not that I doubted you, but you could think you did something, while you didn't.

One last thing. The Application Identity service depends on three other system components:

RpcSs (Remote Procedure Call) - make sure this service is enabled;
CryptSvc (Cryptographic Services) - make sure this service is enabled;
AppID driver (appid.sys) - make sure this driver is present in C:\Windows\System32\drivers

 

Any news?

 

well I haven't used the notebook for a few days but yesterday when I turned it on it did something with the registry before booting into windows. Then I logged into my admin account and opened up services.msc as well as gpedit cause I wasn't sure if I turned applocker off the last time. Rules were still enforced and because applocker didn't work last time I deleted all the rules. Then wanted to turn off the AppID service but wasn't allowed to open services.msc due to applocker I guess. So somehow it seemed to work when I didn't want it to...

So I successfully screwed the computer cause on reboot it only showed a blackscreen after logging into my account. So I booted with a ubuntu live cd and made my godmode cmd.exe with system rights by changing that utilman.exe in system32...Well on startup I was then able to turn off the AppID service and everything works fine now. Whatever it did during the time I haven't used the computer, somehow applocker now seems to work...That's strange but anyway the pc runs spyshelter at the moment so there's no need for applocker currently.
--------------------------------------------------------------------------------------------------------------------------------------------------------

just tested once again and there are still some strange things with applocker, first there were some problems with DLL rules and I wasn't able to log into my accounts because of that. Then tried creating a exclusion rule for ccleaner again but was able to launch it. Then created a specific path deny rule for ccleaner and then it was blocked. Somehow Ccleaner doesn't work with an exclusion rule. Also added some MSI installers as an exception to the installer rule like BufferzonePro, that is allowed by default. After I created the exclusion it was blocked when I tried to install it. So for me it works finally but strange for me is the ccleaner thing, I don't get why it's not blocked with an exception rule.

 

I got applocker working fine, I am aware you posted this some months ago now but I believe your problem can be fixed quite simply. The path you are entering. "C:/Program Files/Ccleaner/Ccleaner.exe" is incorrect. Windows uses backslashes unlike Unix or Linux so the path should read as "C:\Program Files\Ccleaner\Ccleaner.exe".

It may be the case that you already knew this and it was a typo on this site but I couldn't go without pointing it out. Give this a try and see if your rules start to work. I had 0 problems with getting applocker to work... disabling it however is quite a challenge!

PS - It may be an idea to use system variables when defining paths such as program files directory. This can be different on x64 systems so using something like this would be better practice.

%PROGRAMFILES%\Ccleaner\Ccleaner.exe

Also the reason it appears to suddenly started working is because you removed all rules effectively denying everything. Unless something is allowed it is denied or that is my understanding of it. You need to make sure your path rules are 100% correct. Good luck if you decide to re-visit applocker!

 

Nice catch! Most likely that's the reason why AppLocker didn't work for Arcanez.