Part II is the “operations guide” that digs into the details of implementing AaronLocker for your environment.Ī personal note from Aaron Margosis (the original creator of AaronLocker): the name “AaronLocker” was Chris Jackson’s idea – not mine – and I resisted it for a long time. Part I of this document is a high-level description of application control concepts, AppLocker, WDAC, and the AaronLocker approach.
This will stop execution if a user is tricked into downloading malware, if an exploitable vulnerability in a program the user is running tries to put malware on the computer, or if a user intentionally tries to download and run unauthorized programs.ĪaronLocker works on all supported versions of Windows that can provide AppLocker and is built to support WDAC on Windows 10 version 1903 and above. A determined user with administrative rights can bypass any application control solution.ĪaronLocker’s strategy can be summed up as: if a non-admin could have put a program or script onto the computer – i.e., it is in a user-writable directory – don’t allow it to execute unless it has already been specifically allowed by an administrator. Note that AaronLocker does not try to stop administrative users from running anything they want – and application control solutions cannot meaningfully restrict administrative actions anyway. AaronLocker includes scripts that document AppLocker and WDAC policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance.ĪaronLocker is designed to restrict program and script execution by non-administrative users. You can easily customize rules for your specific requirements with simple text-file edits. The entire solution involves a small number of PowerShell scripts. AaronLocker is designed to make the creation and maintenance of robust, strict, application control for AppLocker and Windows Defender Application Control (WDAC) as easy and practical as possible.
0 kommentar(er)
