[Security] AppLocker Design Guide available

Last month, Microsoft released two whitepapers on AppLocker.

This guide describes the end-to-end process for developing, testing and deploying AppLocker in an organization of any size and regardless of their security requirements, in a way that minimizes the impact on the operation of the business.

The AppLocker Design Guide addresses how to establish trust between a computing platform and the code it is asked to run. While a number of techniques exist such as digital signing (to prove authenticity and integrity) and distribution through app stores (where apps can be vetted), these are not applied uniformly across the computing ecosystem and are not enforced by the end-user’s computer. Application whitelisting is increasingly recognized in the security community as a more effective alternative to the never-ending “arms race” between anti-malware vendors and the criminals who use malware as a tool in performing illegal activities.

AppLocker Design Guide consists of two whitepapers, 1.) AppLocker Design Guide, 2.) AppLocker Guide for Technical Decision Makers, as well as well as a sample AppLocker script plain text file. 

The whitepapers are available here :  AppLocker Design Guide