Category Archive: Application Control

Windows Security Catalogs and Effective Application Control

Posted on March 19, 2010 in: Application Control, Privilege Guard, Windows Security Catalogs|Post Comment

Solutions that provide whitelisting of applications or control the behavior of applications need to provide the administrator with a set of rules that can be used to precisely identify applications. The most common types of rule will check the file name or certain attributes of the file, as these rules are relatively simple to maintain, and in most circumstances will provide adequate protection, assuming a least privilege approach is in place, where users can’t tamper with application files.

However, sometimes it is necessary to check the integrity of a file, and therefore most good application control solutions should provide additional capabilities for this purpose. In particular, you should expect a solution to provide support for both trusted publishers and file hashing. Click here to read more »

5 Tips for Flexible Desktop Lockdown

Posted on March 7, 2010 in: AppLocker, Application Control, Desktop Lockdown, Group Policy, Least Privilege, Windows 7|Post Comment

Desktop lockdown shouldn’t hinder a user from performing their day to day role, so here are 5 tips to achieve flexible desktop lockdown.

1. Implement Least Privilege

If you are serious about desktop lockdown then you really need to adopt least privilege. If users are logging on with admin rights (or power user rights) then locking down the desktop becomes an almost impossible and thankless task.

If the only thing stopping you from implementing least privilege is that users need to run problem applications, perform basic admin tasks, such as connecting printers, or install approved software, then consider a privilege management solution. Privilege management solutions enable individual applications to be elevated under a standard user account, making it possible to remove admin rights from users. Click here to read more »