AppLocker in Windows 7 silently changed?

Discussion in 'other software & services' started by erim, May 6, 2016.

  1. erim

    erim Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    43
    I'm using AL as the only user on the PC (so administrator, obviously, but I still have UAC enabled).
    The default any path (*) rule for "BUILTIN\Administrators" did not allow executions from non-whitelisted paths, unless I explicitly ran something "as administrator", which would bring up a UAC prompt.
    This is how it's supposed to work, based on what I've seen from other users.

    After the April updates (or something), it doesn't work that way anymore. That is, I'm able to execute all files in random places.
    I went back to a system image from March and got the old behavior back, so something clearly happened in between.
    My first guess is a Windows update changed this behavior, but I can't find any info. I'm checking for updates as we speak, but as you might know, that's a lengthy process...

    Can anyone else confirm this?


    EDIT: so this now makes it work like AppLocker in Windows 8, aka less useful for local/single users. :/
     
    Last edited: May 6, 2016
  2. erim

    erim Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    43
    Got it!
    It's caused by two Windows updates: KB3146706 and KB3147071.
    If either of those is installed, the old AppLocker behavior breaks.


    Update:
    Just to be sure, I also tried it on a clean install in a VM and got the same result. Installing either one of those two updates breaks AppLocker for the admin account.
    I didn't notice any change for non-admin accounts, though (which I guess is how AppLocker is mostly used).
     
    Last edited: May 7, 2016
Loading...