Strict Policies For Windows App Locker
AppLocker is a feature in Windows PRO editions. It allows Administrators to configure what script or executables can be run and which are blocked. It is very useful and if configured correctly, it can prevent malware from being run. The feature can be accessed by opening "Group Policy Management" and on the side panel, navigating to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker. There, you can configure specific polices to allow or block apps from running depending on specific criteria.
Scrictapplocker are 8 policies preconfigured to allow a very limited range of applications and scrpits to be run. By right clicking the AppLocker section in Group Policy Management, in the path described above, you can import a policy. Strictapplocker are a set of 8 polices that are as the name implies strict, and allow only the following to run :
- All executable files that are signed by any publisher
- All Windows installers (.msi files) that are signed by Microsoft Corporation
The strictapplocker policies block the following from running :
- All .com files (similar to .exe files)
- All .scr files (screen saver files usually used for malware)
- All .bat files command line scripts)
- All .cmd files (like .cmd files, command line scripts)
- All .vbs files (visual basic scripts usually used to spread worms)
- All .ps1 files (powershell scripts that are often used for malware)
Steps:
- Download the strictapplocker.xml file
- Open "Group Policy Management" on your Windows computer
- Navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Application Control Policies
- Right click on AppLocker
- Choose "Import Policy"
- Select the strictapplocker.xml file and import it
- You should get a message informing you that the import was successful
- You have now succesfully configured stricapplocker!
If you are still having difficulty setting up strictapplocker, watch the video below https://github.com/sthivaios/strictapplocker/assets/109022579/f15a249f-46d6-47f4-b24c-93bbc9fb777e
Keep in mind, strictapplocker is VERY strict. This means that even files like .mp4 and .jpg will be blocked.