ANNOUNCING: Application whitelisting with "AaronLocker"
[Update 11 Oct 2018: "AaronLocker" v0.91 released]
Announcing the pre-release (v0.9) of "AaronLocker:" robust and practical application whitelisting for Windows.
AaronLocker is designed to make the creation and maintenance of robust, strict, AppLocker-based whitelisting rules as easy and practical as possible. The entire solution involves a small number of PowerShell scripts. You can easily customize rules for your specific requirements with simple text-file edits. AaronLocker includes scripts that document AppLocker policies and capture event data into Excel workbooks that facilitate analysis and policy maintenance.
AaronLocker is designed to restrict program and script execution by non-administrative users. Note that AaronLocker does not try to stop administrative users from running anything they want – and AppLocker cannot meaningfully restrict administrative actions anyway. A determined user with administrative rights can easily bypass AppLocker rules.
AaronLocker’s strategy can be summed up as: if a non-admin could have put a program or script onto the computer – i.e., it is in a user-writable directory – don’t allow it to execute unless it has already been specifically allowed by an administrator. This will stop execution if a user is tricked into downloading malware, if an exploitable vulnerability in a program the user is running tries to put malware on the computer, or if a user intentionally tries to download and run unauthorized programs.
AaronLocker works on all supported versions of Windows that can provide AppLocker.
For now, download AaronLocker
here from the updated page (I will move it to GitHub sometime soon). The zip file contains full documentation, all the scripts, and sample outputs.