Windows Updates Breaking Applocker?

Discussion in 'other anti-malware software' started by CrusherW9, Oct 2, 2015.

  1. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    So I had Applocker setup and running on my previous Windows install and at one point it stopped working. I never bothered looking into why; I figured it I did something dumb and broke it by messing with some other setting. I just reinstalled Windows today since I just made a SSD Raid-0 array :cool: and I had everything setup perfectly with Applocker and the Applocker patch installed and working. I left the Windows updates as the last phase of this install since I thought they might have been a cause. Turns out, I might be right because I updated to latest and now my Applocker doesn't work anymore. Has anyone experienced this before and maybe know how to fix this?
     
  2. CrusherW9

    CrusherW9 Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    516
    Location:
    United States
    Alright so I did a little investigation on this and it looks like Applocker is actually working. In order to test this, I ran an exe in a folder on my desktop. In Event Viewer under the Applocker folder, it logs an information event that says "%OSDRIVE%\USERS\*user*\DESKTOP\GPU BIOS MODDING\MAXWELLBIOSTWEAKER.EXE was allowed to run." And if I make deny rule for that EXE effecting everyone, it registers an Error event that says "%OSDRIVE%\USERS\*user*\DESKTOP\GPU BIOS MODDING\MAXWELLBIOSTWEAKER.EXE was prevented from running."

    So now I'm thinking there's something weird going on with my accounts' privileges level. It is an admin account but I have UAC on the default setting. I just verified my user accounts and groups against another PC I have with Applocker running fine (With all updates, too) and everything looks ok there. There must be something dumb I'm changing during setup that is breaking something.
     
Loading...