New product -> Microsoft AppLocker Management Solution

Discussion in 'other anti-malware software' started by Marco Peretti, Jan 24, 2013.

Thread Status:
Not open for further replies.
  1. Marco Peretti

    Marco Peretti Registered Member

    Joined:
    Jan 24, 2013
    Posts:
    3
    Location:
    Italy
    Hi everybody,

    we would really appreciate some feedback on something we have been working on for a good while. In two words, we have developed a management solution for Microsoft AppLocker, with the back-end hosted on Windows Azure. You scan your computer(s) and then send over the scan files to be processed. You can then access our back-end by means of either PowerShell or a MMC SnapIn, and generate AppLocker policies. Policies are distributed by means of Group Policy.

    Our main targets are corporate networks, but you can also use it to create policies for stand-alone computers.

    To give it a spin, you need either Windows 7/8, or Server 2008 R2/2012 (full list here)

    And before I forget, we're still in beta and we don't charge for it.

    ps: the scanner generates an xml file. You may check-out its content before sending it to us.

    Thank you all.
     
  2. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Very interesting concept.
     
  3. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I went to the site and skimped through the user guide. Overall, it's intriguing. Looks like it simplifies an admin's task by categorizing executable into products. I have not tried it for real though...

    Quick questions:

    1. I read that it uses PowerShell so I assume it won't work if PowerShell is prevented from execution within AppLocker itself?

    2. I imagine it'd be great on enterprise level but on a stand-alone computer, how useful can this be? I'm still trying to grasp the benefits...

    3. It's explicitly mentioned that it's free during Beta period (even on the site) but once a stable release is out, is there any plan of letting stand-alone computers get a free version (or rather a restricted evaluation/demo) like the one in BeyondTrust PowerBroker?

    4. How do you guys intend to manage the 'privacy' concerns that may arise?

    Sorry for the many questions but hey, it's new... :p
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I signed up, but haven't gotten around to messing with it yet. Haven't even installed it. Maybe next month ;)

    Sul.
     
  5. Marco Peretti

    Marco Peretti Registered Member

    Joined:
    Jan 24, 2013
    Posts:
    3
    Location:
    Italy
    All questions are very welcome!

    1. PowerShell is used for administrative purposes not by the enforcement agent (AppLocker). Only the admin needs to be able to run PowerShell scripts, not users.

    2. Our main target are indeed networks of all sizes, not standalone machines. On a single machine, you have to be careful not to lock yourself out of it, but that can be accomplished by creating rules for, for example, members of the admins group. However, if you are running a Windows edition that supports AppLocker it may still be useful to implement whitelisting and add a new lawyer of defense.

    3. It is very likely, but a lot depends also on how useful that will turn out to be. BTW, funny you mention that product, as I am the one that developed it till a couple of years ago ;-)

    4. Privacy is a big issue. We are very open about the data we collect (the content of our scans can be inspected), and we do to collect only the strict minimum to link apps to a given computer, and that's all. We have not completed it, but our plan is to encrypt the link between a customer and its data, so as to minimize the exposure in case of a breach.

    HTH,

    Marco
     
Loading...
Thread Status:
Not open for further replies.