Windows Seven applocker

saw it already in group policies but didn’t risk giving it a shot so far. Saw it mentioned on the page linked by nmb about Win7 tips, and just found that article, sounds really interesting…what’s your take guys?
Of course useless locally if you’re the only user on your computer, but the rumor tells it can also protect from unauthorized ways, like network attacks…

http://4sysops.com/archives/review-windows-7-applocker-part-1-overview/
(don’t miss the second part of the article)

that was the bit in MS page: ;D

5. Use AppLocker. We've been fans of Software Restriction Policies since Windows XP, and AppLocker finally makes application whitelisting possible. Use it to enhance or even replace your anti-virus software, ensuring that only the software you want to run will run.

…not sure I would trust that…anyway that sounds like HIPS oriented, although a HIPS has more sophisticated, or different ways…I must see more from that applocker thing before I can comment on it more seriously :wink:

We can believe MVPs to an extent - what say kenny?

Saw it mentioned on the page linked by nmb about Win7 tips

which? gimme the link.

http://technet.microsoft.com/en-us/magazine/2009.10.77windows.aspx

this is exactly what I’ve been thinking before reading the article:

[b]Hash Rules use a cryptographic hash of the executable to identify a legitimate program. The major downside of this rule type is that you have to modify the rule whenever you update the program, because any kind of change to the executable will also change the hash.[/b]

and there’s no prompt to allow like with Def+ in CIS for instance, you just get an alert that an executable has been blocked by group policy. Same for new software that you may install (ie not just for updates)…not hundred percent sure.
I got a prompt for flashgot when I launched Firefox…may be just because Firefox being in the list of rules, it was involved when flashgot got launched (flashgot wasn’t in the set of rules, as it’s not located in program folders). Got to see what happens whith newly installed stuff.

OK cool, no way to install anything new unless it’s been allowed in the applocker interface 8)…but this might become time consuming, as again, there’s no way to allow/deny quickly on a dialog prompt.