AppLocker

Discussion in 'other security issues & news' started by Noob, Aug 3, 2010.

Thread Status:
Not open for further replies.
  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    BTW, just learning how to use AppLocker . . . :rolleyes: :D

    Anyone have any general rules that you consider to be important?
    :thumb:
     
  2. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    There is some good info of Applocker here I learnt from here:)
     
  3. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I'm actually experimenting with SRP now :rolleyes:

    What do you guys recommend SRP or Applocker?
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Applocker http://www.windowsnetworking.com/articles_tutorials/Introduction-AppLocker-Part1.html

    I prefer SRP, because you can use it as an Admin. You allready have implemented most of "Maximising the power of Windows7 for security when running as ADMIN". Now have a look at https://www.wilderssecurity.com/showthread.php?t=278657

    When you download Chrome from Google Aps it installs in the Program Files directory (or use Iron from SRware). You can apply SRP on all files now.

    Add a SRP basic user for your browsers and e-mail programs (and P2P and IM programs).

    Now you have Your OS + Chrome policy management, backed up by A2 AV and IDS, backed up by Malware Defender.
     
  5. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I think Chrome doesn't work under "Basic" rules xD
    Well at least i tried and failed :D

    Gonna set IE, Chrome and Firefox to Basic now :rolleyes:

    I think it didn't worked before because i had to set Flash too.
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Looks like Chrome needs Unrestricted levels or it won't work the other 2 is fine with basic permissions :rolleyes:
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857

    Attached Files:

  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I haven't been able to perform this yet, have you? AFAIK the 'Basic User' option no longer functions in win7, only XP and Vista.

    I would love to hear you tell me it does work and how you make it work.

    Sul.
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Tja

    Basisgebruiker means basic user on my Vista Business (play PC)

    What is stranger, see the Windows Ultimate picture of my wife's laptop and the official note from Microsoft (in blue).

    How did I do it :doubt: to be honest I can't recall it exactly.

    It all seems to work o_O
     

    Attached Files:

    Last edited: Aug 3, 2010
  10. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I have Win 7 Pro and this option is available for choosing in Local Security. What was the app that one could use to know that a running program is actually being run as basic user? Was it Process Explorer?
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    What's the difference between these 2?
    The one from the Google Pack and the Google Chrome you find in the search :rolleyes:
     
  12. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    IIRC- Chrome from Google Pack will install in program files folder.
     
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    If i uninstall the one from the search and install the Google Pack one, will it keep my current history and cache? :D
     
  14. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    I just now added IE 8 in Win 7 to SRP as Basic User. I looked at Process Explorer running with and without Basic applied. What's the difference here?

    Without Basic Running as Admin User:
    admin.jpg
    With Basic Running as Admin User:
    Untitled.jpg

    After adding IE 8 in Program Files directory as basic user, IE 8 wouldn't start and was blocked by SRP. I had to add the exact taskbar pinned shortcut for IE 8 even though the directory for Taskbar Pinned shortcuts was * for unrestricted. I even tried opening it direct from Program Files instead of the shortcut but it wouldn't work until the Taskbar Pinned shortcut was allowed. Maybe that had to do with the patch applied yesterday.
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    If Chrome from Google Pack installs in Program Files why would you have to uninstall the Chrome you have now, you may just need to rename the file? But if you want to save your bookmarks- I see in the import/export of bookmarks that the bookmarks can be saved (to a file or desktop, where ever you wish) and that file can be imported to Chrome. So maybe export your bookmarks to a file then import them with your new Chrome. If you like the new Chrome better then just uninstall the Chrome you are running now.
     
  16. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Actually i'll just leave it as it is.

    Anyone here recommends specific rules for SRP? :rolleyes:
    Pretty much strong, because you can't execute ANY file but any specific folders that i should block or anything :D
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Yes, installing Chrome in Programs Directory makes it possible to block dll files also. This is a major security improvement. Acr1965 explained it perfectly.
     
  18. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hmm. I don't get this at all. If I add a path rule for Basic User to notepad.exe, running the .exe itself gives a failure due to restrictions. If I run a shorcut to it, it opens and had Builtin/Administrator as the Owner, not denied. No matter where the shorcut lives or if I pin it and then navigate to that directory, the SRP rule always fills in the complete path to the .exe.

    I don't care if IE8 starts as Basic User, I want any program to start as Basic User. What else might you be doing that effects this? This is win7, correct? Strange.

    I am pretty certain I read that in win7 the Basic User option no longer works because they want you to use AppLocker. Almost positive about that. Maybe it is an update issue.

    Sul.
     
  19. Greg S

    Greg S Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    1,039
    Location:
    A l a b a m a
    Yes it's Win 7. I did it with Notepad which I have setup to actually open Notepad2 when Notepad is called and I get the same thing. Multiple shortcuts outside of Windows and P Files require the specific path to the location of the multiple shortcuts. I find it strange that it does this because all locations(folders) of shortcuts have been starred for the entire folder as unrestricted. I think I have about seven different shortcut locations including Admin Tools in the Start Menu and two more that are two deep in the folder requiring \*\*.lnk. What's the best way to tell if an added app is truly run as Basic after having been added to the policy?
     
Thread Status:
Not open for further replies.