Application Whitelist Auditor

I got control of the mouse cursor, finally. Here is the screenshot that couldn't include in my post last night.

Spoiler: screenshot

 

I have been running this 'Process Logger Service' - https://www.wilderssecurity.com/threads/process-logger-service.392757/

Interesting to see that the size of the log from yesterday, is much larger than usual.

And, notice the last entry, too.

 

Very cool... yeah, I have played with this a little more as well.

I tested the differences between a SUA and an Admin account, and the results appeared to be identical. There were TONS of folders where the exe samples executed, so there was really no way to check them all, but I believe the results were the same.

What were you testing above? I tested VS a few more times, and had the same results.

C:\Windows\System32\Tasks
C:\Windows\SysWOW64\Tasks
C:\Windows\Tasks
C:\Windows\Temp

This is a pretty cool test... I just would not recommend running it on your main computer... it might put crap everywhere .

 

That's me. Just came across this thread

We're starting to plan the next version of the whitelist auditor. Something that hasn't been discussed heavily here is the DLL enforcement, however it looks like there's not to many Applocker people here.

I'll add this to roadmap for the tool. If anyone has any other feature requests please reach out

 

Very cool... if I think of anything else to add, I will let you know... cool app btw!

Sorry it has taken me a while to reply... things have been a little busy.

 

No worries - I just got back from the US Summer hacker camp

Also added to the roadmap for the tool is DeviceGuard enumeration and handling blocked DLLs better.

 

An interesting addition here...

Airlock Application Whitelisting Word Macro Security Auditor v1.0

Link: https://twitter.com/danonit/status/897434357341736960
Download: https://www.airlockdigital.com/AirlockApps/Airlock_Application_Whitelisting_Macro_Security_Auditor_v1.0.doc