For those of you that have used applocker...

Discussion in 'other security issues & news' started by ncage1974, Aug 12, 2011.

Thread Status:
Not open for further replies.
  1. ncage1974

    ncage1974 Registered Member

    Joined:
    Dec 6, 2009
    Posts:
    45
    I really think applocker is a great technology and i started using it on every computer i had about 4 months ago. Now i think i'm to the point (at least for my account that i'm going to disable its protection).

    I've been configuring it constantly since i've turned it on. I still have issues with it blocking things i don't want blocked. I seem to disable its protection for my account constantly so i can install software (generally because the different locations software wants to put the pieces of install), software that autoupdates silently in the background (remember dropbox was an example). Heck i even have to disable protection when i install windows updates. I even commonly blocks add-ins from some of the software i commonly use lilke google chrome and visual studio.

    For my account its just become to big of a pain to manage. Just sick of constantly pulling up the eventviewer to see why i'm having issues with my computer. I've added "paths" to the allowable list but it seems like a never ending battle. Also added a bunch of "if signed by" but even companies like adobe or lastpass don't sign every single dll and executable they distribute.

    Only thing i can think around this is to use a seperate account to do installs/updates but that still doesn't solve the problem because of those apps that autoupdate in the background and the troubles i've had with extensions.

    Why kind of protection do i want from applocker? Pretty much i just want protection from browser vulnerabilities where a webpage will download executables (exe/dll/ect) and either execute them to infect your system or replace important system files. I do use sandboxie but its just in case those rare situations where i'm not running sanboxie.

    Now granted i won't be disabling applocker. I'm just disabling it for my account. Its still great for my wife who will install anything though i tell her not to and will click on any link in a browser.

    So i think applocker is great for those of you who have family members of friends that you want to be able to use your computer but still want to protect it from them doing something stupid. Its also great in a corporate environment where you only want users to use the software that you've installed and admins will be managing updates.

    I'm curious what everyones thoughts are
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It's odd you're having issues with Windows Update.

    The only complaints I have about AppLocker, is that it failed to work a couple times.

    In your case, it's working way too much. :eek:

    What kind of rules have you got in place? By default, Administrators have full permissions. Users can only execute what's in Program Files and Windows folders. Everything in these folders should be whitelisted, by default.

    If you got something in user space, then you need to whitelist it, either by hash or publisher. I wouldn't recommend Path rules.

    For what is worth, I don't have problems installing Chrome extensions in user space.

    I have Chromium in Program Files, though. Do you have all Google Chrome files whitelisted in AppLocker? Google Chrome installs to user space, by default.

    Could you, perhaps post screenshots of your rules, so that we can help you find out what's wrong?
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Moved to Ultimate to give it a try. Wasn't worth the trouble =p
     
Loading...
Thread Status:
Not open for further replies.